Logging of TCP sequence numbers (NOT)

[Paul Rusty Russell]

In message <E11WmLc-0002LO-00@taurus.cus.cam.ac.uk> you write:
> I like my logs to be readable by everyone, so I prefer not have TCP
> sequence numbers scattered all over the place. The LOG target's
> logging of packets is a little _too_ good for me :-).

Excellent.  I also noticed a typo in my own code reading the patch (it
should be ipt_targinfo not ipt_matchinfo, which doesn't matter at the
moment since they're both 16 bytes).

If you wanted (for future expansion) you could make it one 16-bit
field, and use the lower 3 for log level.

> While I was editing that code, I added options to control logging of
> IP/TCP options. I don't know what the security implications of logging
> options is at the moment, but even if it is safe now, it might not
> continue to be so. 

IP options fine; TCP options you can steal seq numbers from (if SACK
is used).

Rusty.
--
Hacking time.