Log TCP syn packets for ports we don't listen on.

Controlled by: sysctl net.inet.tcp.log_in_vain: 1

Log UDP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.udp.log_in_vain: 1

Suggested by:	Warren Toomey <wkt@cs.adfa.oz.au>

sys/netinet/tcp_input.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)tcp_input.c	8.12 (Berkeley) 5/24/95
- *	$Id: tcp_input.c,v 1.39 1996/03/22 18:09:20 wollman Exp $
+ *	$Id: tcp_input.c,v 1.40 1996/03/25 20:13:21 wollman Exp $
  */
 
 #ifndef TUBA_INCLUDE
@@ -46,6 +46,7 @@
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
+#include <sys/syslog.h>
 
 #include <machine/cpu.h>	/* before tcp_seq.h, for tcp_random18() */
 
@@ -76,6 +77,10 @@ struct	tcpstat tcpstat;
 SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats,
 	CTLFLAG_RD, &tcpstat , tcpstat, "");
 
+static int log_in_vain = 1;
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
+	&log_in_vain, 0, "");
+
 u_long	tcp_now;
 struct inpcbhead tcb;
 struct inpcbinfo tcbinfo;
@@ -371,8 +376,14 @@ findpcb:
 	 * If the TCB exists but is in CLOSED state, it is embryonic,
 	 * but should either do a listen or a connect soon.
 	 */
-	if (inp == NULL)
+	if (inp == NULL) {
+		if (log_in_vain && tiflags & TH_SYN) 
+			log(LOG_INFO, "Connection attempt to TCP %s:%d"
+			    " from %s:%d\n",
+			    inet_ntoa(ti->ti_dst), ntohs(ti->ti_dport),
+			    inet_ntoa(ti->ti_src), ntohs(ti->ti_sport));
 		goto dropwithreset;
+	}
 	tp = intotcpcb(inp);
 	if (tp == 0)
 		goto dropwithreset;

sys/netinet/tcp_reass.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)tcp_input.c	8.12 (Berkeley) 5/24/95
- *	$Id: tcp_input.c,v 1.39 1996/03/22 18:09:20 wollman Exp $
+ *	$Id: tcp_input.c,v 1.40 1996/03/25 20:13:21 wollman Exp $
  */
 
 #ifndef TUBA_INCLUDE
@@ -46,6 +46,7 @@
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
+#include <sys/syslog.h>
 
 #include <machine/cpu.h>	/* before tcp_seq.h, for tcp_random18() */
 
@@ -76,6 +77,10 @@ struct	tcpstat tcpstat;
 SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats,
 	CTLFLAG_RD, &tcpstat , tcpstat, "");
 
+static int log_in_vain = 1;
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
+	&log_in_vain, 0, "");
+
 u_long	tcp_now;
 struct inpcbhead tcb;
 struct inpcbinfo tcbinfo;
@@ -371,8 +376,14 @@ findpcb:
 	 * If the TCB exists but is in CLOSED state, it is embryonic,
 	 * but should either do a listen or a connect soon.
 	 */
-	if (inp == NULL)
+	if (inp == NULL) {
+		if (log_in_vain && tiflags & TH_SYN) 
+			log(LOG_INFO, "Connection attempt to TCP %s:%d"
+			    " from %s:%d\n",
+			    inet_ntoa(ti->ti_dst), ntohs(ti->ti_dport),
+			    inet_ntoa(ti->ti_src), ntohs(ti->ti_sport));
 		goto dropwithreset;
+	}
 	tp = intotcpcb(inp);
 	if (tp == 0)
 		goto dropwithreset;

sys/netinet/udp_usrreq.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)udp_usrreq.c	8.6 (Berkeley) 5/23/95
- *	$Id: udp_usrreq.c,v 1.19 1995/12/16 02:14:22 bde Exp $
+ *	$Id: udp_usrreq.c,v 1.20 1996/03/11 15:13:38 davidg Exp $
  */
 
 #include <sys/param.h>
@@ -46,6 +46,7 @@
 #include <sys/stat.h>
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
+#include <sys/syslog.h>
 
 #include <net/if.h>
 #include <net/route.h>
@@ -72,6 +73,10 @@ static int	udpcksum = 0;		/* XXX */
 SYSCTL_INT(_net_inet_udp, UDPCTL_CHECKSUM, checksum, CTLFLAG_RW,
 		&udpcksum, 0, "");
 
+static int log_in_vain = 1;
+SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
+	&log_in_vain, 0, "");
+
 static struct	inpcbhead udb;		/* from udp_var.h */
 static struct	inpcbinfo udbinfo;
 
@@ -274,6 +279,11 @@ udp_input(m, iphlen)
 		    uh->uh_dport, INPLOOKUP_WILDCARD);
 	}
 	if (inp == NULL) {
+		if (log_in_vain)
+			log(LOG_INFO, "Connection attempt to UDP %s:%d"
+			    " from %s:%d\n",
+				inet_ntoa(ip->ip_dst), ntohs(uh->uh_dport),
+				inet_ntoa(ip->ip_src), ntohs(uh->uh_sport));
 		udpstat.udps_noport++;
 		if (m->m_flags & (M_BCAST | M_MCAST)) {
 			udpstat.udps_noportbcast++;