tcp_audit patch

Russell Berry (russ@berrex.com)
Mon, 26 Apr 1999 13:51:01 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ian Eure: "Re: WAY OT--Crisis...virus! Need help"
Previous message: Stephen C. Tweedie: "Re: Linux Tuning: Objective"

This message is in MIME format
--_=XFMail.1.3.p0.Linux:990426135101:430=_
Content-Type: text/plain; charset=us-ascii

Hey people,

Some time ago, in the 2.0.x kernel era, somebody submitted a patch for strobe
protection, this patch also had a tcp audit facility like tcpd does, sending
accepts and rejects to syslog. I liked this part of it, and have modified it
for 2.2.6 kernel. I haven't formally posted it anywhere yet, as I cannot
contact the orignal author for the 2.0.x kernel, and he deserves proper credit,
all I did was make it work in 2.2.x. I'll attach it here for anyone who wants
to use it, and if anyone can locate the original author, please let me know.

Thanks....

Russell

Words to live by....
Work like you don't need money,
Love like you've never been hurt,
And dance like no one's watching.

--_=XFMail.1.3.p0.Linux:990426135101:430=_
Content-Disposition: attachment; filename="tcp_audit.diff"
Content-Transfer-Encoding: 7bit
Content-Description: tcp_audit.diff
Content-Type: text/plain; charset=us-ascii; name=tcp_audit.diff; SizeOnDisk=988

diff -ruN linuxdev/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c
--- linuxdev/net/ipv4/af_inet.c Thu Mar 25 12:23:34 1999
+++ linux/net/ipv4/af_inet.c Mon Apr 26 13:07:47 1999
@@ -691,6 +691,10 @@
} else {
if((sk2 = sk1->prot->accept(sk1,flags)) == NULL)
goto do_sk1_err;
+
+ else
+ /* This code enables tcp auditing like tcpd to syslog */
+ printk ( KERN_INFO "TCP connection accepted: ip=%d.%d.%d.%d port=%d uid=%d p
rocess=%s[%d]\n",NIPQUAD(sk2->daddr), sk2->num, current->uid, current->comm, cur
rent->pid );
}

/*
diff -ruN linuxdev/net/ipv4/tcp_ipv4.c linux/net/ipv4/tcp_ipv4.c
--- linuxdev/net/ipv4/tcp_ipv4.c Mon Apr 26 12:24:10 1999
+++ linux/net/ipv4/tcp_ipv4.c Mon Apr 26 13:07:09 1999
@@ -1698,6 +1698,8 @@
return 0;

no_tcp_socket:
+ /* This code enables tcp auditing like tcpd to syslog */
+ printk( KERN_INFO "TCP connection rejected from %d.%d.%d.%d, port %d\n", NIPQU
AD(skb->nh.iph->saddr), ntohs(th->dest) );
tcp_v4_send_reset(skb);

discard_it:

--_=XFMail.1.3.p0.Linux:990426135101:430=_--
End of MIME message

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ian Eure: "Re: WAY OT--Crisis...virus! Need help"
Previous message: Stephen C. Tweedie: "Re: Linux Tuning: Objective"