Bug 14688

Summary: kernel firewall code doesn't log port #'s for `Fragment's
Product: Base System Reporter: Ronald F. Guilmette <rfg>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.3-RELEASE   
Hardware: Any   
OS: Any   

Description Ronald F. Guilmette 1999-11-03 18:00:01 UTC 
	A kernel that has been built with the IPFIREWALL option can be
	instructed to log instances of incoming packet fragments.

	When it is so configured, the kernel will dutifully log such
	packets, however the entries it writes to the syslog for such
	packets, while including the sources and destination IP addresses
	fail to also include the source and destination port numbers.

	The port numbner information may be helpful in various circum-
	stances, and should be included in the relevant log records.

Fix: 

Modify the code for the IPPROTO_TCP & IPPROTO_UDP cases of the switch()
	statement beginning at line 363 of /usr/src/sys/netinet/ip_fw.c so
	that the port number is always printed, even if the value of the
	subexpression (ip->ip_off & IP_OFFMASK) is non-zero.
How-To-Repeat: 
	Configure a kernel with `option IPFIREWALL'.  Built it.  Install it.
	Then reboot.  Insure that kernel logging messages are logged to
	either a file or to /dev/console by adding an appropriate entry
	to the local /etc/syslog.conf file.  Restart or reinitialize syslogd.
	Then execute the following command (as root):

	ipfw add 30000 deny log tcp from any to any frag

	Then arrange to send some packet fragments to the system in question
	and look at the resulting log entries.
Comment 1 ru freebsd_committer freebsd_triage 1999-11-04 08:57:27 UTC 
State Changed
From-To: open->closed

This is because source and destination port numbers are part of the 
corresponding protocol header (TCP or UDP), not an IP header, and 
are only available in the first IP fragment (with a zero offset). 

Please refer to RFC791, RFC793 and RFC1858 for further details.