Hi,
> > MAC=00:50:bf:06:b4:f5 00:d0:d3:a5:6e:d9
> > MAC=00:50:bf:06:b4:f5:00:d0:d3:a5:6e:d9:08:00
> > what mean the ":08:00" on v4?
> this is the layer3 protocol number (08:00 means ipv4).
> kisza: we should use the same format for MAC address everywhere. Even on
> tunnels it should read MAC=00:50:bf:06:b4:f5:00:d0:d3:a5:6e:d9:08:00
> > 2) TUNNEL addresses
> > Exists there any problem about printing two vars separated by space?
> kisza: please change it to some shorter names, could be SITSRC and SITDST
> or something like this.
The new format:
Apr 10 17:53:17 hoi kernel: INPUT IN=sit1 OUT=
MAC=00:30:4f:04:4d:5d:aa:00:04:00:01:04:08:00 SITSRC=xxx.xxx.xx.xxx
SITDST=yyy.yy.yyy.yyy SRC=2001:0200:0000:4819:0210:f3ff:fe03:04d0
DST=3ffe:0b80:0002:zzzz:0000:0000:0000:zzzz LEN=104 TC=0 HOPLIMIT=54
FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=49685 SEQ=512
Regards,
kisza
--
Andras Kis-Szabo Security Development, Design and Audit
-------------------------/ Zorp, NetFilter and IPv6
[EMAIL PROTECTED] /---------------------------------------------->
diff -urN netfilter/userspace/patch-o-matic/extra.old/log-tunnel-fix.patch.ipv6 netfilter/userspace/patch-o-matic/extra/log-tunnel-fix.patch.ipv6
--- netfilter/userspace/patch-o-matic/extra.old/log-tunnel-fix.patch.ipv6 Thu Jan 1 01:00:00 1970
+++ netfilter/userspace/patch-o-matic/extra/log-tunnel-fix.patch.ipv6 Wed Apr 10 17:55:17 2002
@@ -0,0 +1,44 @@
+--- linux-2.4.18.hoi.1.1/net/ipv6/netfilter/ip6t_LOG.c Sat Mar 23 17:31:38 2002
++++ linux/net/ipv6/netfilter/ip6t_LOG.c Wed Apr 10 17:52:22 2002
+@@ -289,12 +289,36 @@
+ /* MAC logging for input chain only. */
+ printk("MAC=");
+ if ((*pskb)->dev && (*pskb)->dev->hard_header_len && (*pskb)->mac.raw != (void*)ipv6h) {
+- int i;
+- unsigned char *p = (*pskb)->mac.raw;
+- for (i = 0; i < (*pskb)->dev->hard_header_len; i++,p++)
++ if ((*pskb)->dev->type != ARPHRD_SIT){
++ int i;
++ unsigned char *p = (*pskb)->mac.raw;
++ for (i = 0; i < (*pskb)->dev->hard_header_len; i++,p++)
+ printk("%02x%c", *p,
+- i==(*pskb)->dev->hard_header_len - 1
+- ? ' ':':');
++ i==(*pskb)->dev->hard_header_len - 1
++ ? ' ':':');
++ } else {
++ int i;
++ unsigned char *p = (*pskb)->mac.raw;
++ if ( p - (ETH_ALEN*2+2) > (*pskb)->head ){
++ p -= (ETH_ALEN*2+2);
++ for (i = 0; i < (ETH_ALEN*2+2); i++,p++)
++ printk("%02x%c", *p,
++ i == ETH_ALEN*2+1 ? ' ' : ':');
++ }
++
++ if (((*pskb)->dev->addr_len == 4) &&
++ (*pskb)->dev->hard_header_len > 20){
++ printk("SITSRC=");
++ p = (*pskb)->mac.raw + 12;
++ for (i = 0; i < 4; i++,p++)
++ printk("%d%s", *p,
++ i == 3 ? " " : ".");
++ printk("SITDST=");
++ for (i = 0; i < 4; i++,p++)
++ printk("%d%c", *p,
++ i == 3 ? ' ' : '.');
++ }
++ }
+ } else
+ printk(" ");
+ }
diff -urN netfilter/userspace/patch-o-matic/extra.old/log-tunnel-fix.patch.ipv6.help netfilter/userspace/patch-o-matic/extra/log-tunnel-fix.patch.ipv6.help
--- netfilter/userspace/patch-o-matic/extra.old/log-tunnel-fix.patch.ipv6.help Thu Jan 1 01:00:00 1970
+++ netfilter/userspace/patch-o-matic/extra/log-tunnel-fix.patch.ipv6.help Wed Apr 10 17:54:53 2002
@@ -0,0 +1,9 @@
+Author: Andras Kis-Szabo <[EMAIL PROTECTED]>
+Status: It works 4 me!
+
+ When the LOG target used with a tunnel device, it prints out the encapsulator
+ header instead of the MAC addresses.
+ This patch is a quick workaround for the SIT-class devices. It prints out the
+ MAC addresses and the tunnel information. The offsets are hardcoded in this
+ patch!
+
