[src/trunk]: src Add new sysctl (net.inet.tcp.log_refused) that when set, cau...

[ad <ad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/662a7eb830f9
branches:  trunk
changeset: 473178:662a7eb830f9
user:      ad <ad%NetBSD.org@localhost>
date:      Sun May 23 20:33:50 1999 +0000

description:
Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
connections to be logged.

diffstat:

 lib/libc/gen/sysctl.3    |   5 ++++-
 sys/netinet/tcp_input.c  |  11 ++++++++++-
 sys/netinet/tcp_var.h    |   8 ++++++--
 usr.sbin/sysctl/sysctl.8 |   3 ++-
 4 files changed, 22 insertions(+), 5 deletions(-)

diffs (118 lines):

diff -r 59bed044b170 -r 662a7eb830f9 lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3     Sun May 23 20:21:51 1999 +0000
+++ b/lib/libc/gen/sysctl.3     Sun May 23 20:33:50 1999 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.3,v 1.34 1999/03/09 19:45:09 erh Exp $
+.\"    $NetBSD: sysctl.3,v 1.35 1999/05/23 20:33:51 ad Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -564,6 +564,7 @@
 .It tcp keepcnt        integer yes
 .It tcp        slowhz  integer no
 .It tcp        newreno integer yes
+.It tcp        log_refused     integer yes
 .It udp        checksum        integer yes
 .It udp        sendspace       integer yes
 .It udp        recvspace       integer yes
@@ -685,6 +686,8 @@
 .It Li tcp.newreno
 Returns 1 if the use of J. Hoe's NewReno congestion control algorithm is
 enabled.  This algorithm improves the start-up behavior of TCP connections.
+.It Li tcp.log_refused
+When set to 1, all refused TCP connections to the host are logged.
 .It Li udp.checksum
 Returns 1 when UDP checksums are being computed and checked.
 Disabling UDP checksums is strongly discouraged.
diff -r 59bed044b170 -r 662a7eb830f9 sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c   Sun May 23 20:21:51 1999 +0000
+++ b/sys/netinet/tcp_input.c   Sun May 23 20:33:50 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_input.c,v 1.81 1999/05/03 23:30:27 thorpej Exp $   */
+/*     $NetBSD: tcp_input.c,v 1.82 1999/05/23 20:33:50 ad Exp $        */
 
 /*-
  * Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc.
@@ -112,6 +112,7 @@
 #include <machine/stdarg.h>
 
 int    tcprexmtthresh = 3;
+int    tcp_log_refused;
 struct tcpiphdr tcp_saveti;
 
 #define TCP_PAWS_IDLE  (24 * 24 * 60 * 60 * PR_SLOWHZ)
@@ -549,6 +550,14 @@
                inp = in_pcblookup_bind(&tcbtable, ti->ti_dst, ti->ti_dport);
                if (inp == 0) {
                        ++tcpstat.tcps_noport;
+                       if (tcp_log_refused && (tiflags & TH_SYN)) {
+                               char buf[4*sizeof "123"];
+                               strcpy(buf, inet_ntoa(ti->ti_dst));
+                               log(LOG_INFO,
+                                   "Connection attempt to TCP %s:%d from %s:%d\n",
+                                   buf, ntohs(ti->ti_dport), inet_ntoa(ti->ti_src),
+                                   ntohs(ti->ti_sport));
+                       }
                        goto dropwithreset;
                }
        }
diff -r 59bed044b170 -r 662a7eb830f9 sys/netinet/tcp_var.h
--- a/sys/netinet/tcp_var.h     Sun May 23 20:21:51 1999 +0000
+++ b/sys/netinet/tcp_var.h     Sun May 23 20:33:50 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_var.h,v 1.59 1999/04/29 03:54:23 thorpej Exp $     */
+/*     $NetBSD: tcp_var.h,v 1.60 1999/05/23 20:33:51 ad Exp $  */
 
 /*-
  * Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc.
@@ -455,7 +455,8 @@
 #define        TCPCTL_KEEPCNT          19      /* keepalive count */
 #define        TCPCTL_SLOWHZ           20      /* PR_SLOWHZ (read-only) */
 #define        TCPCTL_NEWRENO          21      /* NewReno Congestion Control */
-#define        TCPCTL_MAXID            22
+#define TCPCTL_LOG_REFUSED     22      /* Log refused connections */
+#define        TCPCTL_MAXID            23
 
 #define        TCPCTL_NAMES { \
        { 0, 0 }, \
@@ -480,6 +481,7 @@
        { "keepcnt",    CTLTYPE_INT }, \
        { "slowhz",     CTLTYPE_INT }, \
        { "newreno",    CTLTYPE_INT }, \
+       { "log_refused",CTLTYPE_INT }, \
 }
 
 #ifdef _KERNEL
@@ -501,6 +503,7 @@
 extern int tcp_syn_cache_limit; /* max entries for compressed state engine */
 extern int tcp_syn_bucket_limit;/* max entries per hash bucket */
 extern int tcp_syn_cache_interval; /* compressed state timer */
+extern int tcp_log_refused;    /* log refused connections */
 
 extern int tcp_syn_cache_size;
 extern struct syn_cache_head tcp_syn_cache[];
@@ -529,6 +532,7 @@
        { 1, 0, &tcp_keepcnt },                 \
        { 1, 1, 0, PR_SLOWHZ },                 \
        { 1, 0, &tcp_do_newreno },              \
+       { 1, 0, &tcp_log_refused },             \
 }
 
 int     tcp_attach __P((struct socket *));
diff -r 59bed044b170 -r 662a7eb830f9 usr.sbin/sysctl/sysctl.8
--- a/usr.sbin/sysctl/sysctl.8  Sun May 23 20:21:51 1999 +0000
+++ b/usr.sbin/sysctl/sysctl.8  Sun May 23 20:33:50 1999 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.8,v 1.28 1999/04/26 22:13:52 thorpej Exp $
+.\"    $NetBSD: sysctl.8,v 1.29 1999/05/23 20:33:51 ad Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -180,6 +180,7 @@
 .It net.inet.tcp.keepintvl     integer yes
 .It net.inet.tcp.keepcnt       integer yes
 .It net.inet.tcp.slowhz        integer no
+.It net.inet.tcp.log_refused   integer yes
 .It net.inet.udp.checksum      integer yes
 .It net.inet.udp.sendspace     integer yes
 .It net.inet.udp.recvspace     integer yes