Logging of TCP sequence numbers (NOT)
Paul Rusty Russell
Fri, 01 Oct 1999 12:56:16 +0930
In message <E11WmLc-0002LOfirstname.lastname@example.org> you write:
> I like my logs to be readable by everyone, so I prefer not have TCP
> sequence numbers scattered all over the place. The LOG target's
> logging of packets is a little _too_ good for me :-).
Excellent. I also noticed a typo in my own code reading the patch (it
should be ipt_targinfo not ipt_matchinfo, which doesn't matter at the
moment since they're both 16 bytes).
If you wanted (for future expansion) you could make it one 16-bit
field, and use the lower 3 for log level.
> While I was editing that code, I added options to control logging of
> IP/TCP options. I don't know what the security implications of logging
> options is at the moment, but even if it is safe now, it might not
> continue to be so.
IP options fine; TCP options you can steal seq numbers from (if SACK