From b565321aa194f3671d8a3d0cc9bf7d9715a6c8c0 Mon Sep 17 00:00:00 2001
From: Brian Somers <brian@FreeBSD.org>
Date: Wed, 29 Mar 2000 09:31:52 +0000
Subject: [PATCH] Log information about packets being dropped (probably due to
 ``nat deny_incoming yes'') by libalias.

---
 usr.sbin/ppp/ip.c      | 14 +++++++++-----
 usr.sbin/ppp/nat_cmd.c | 10 ++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c
index 1fdd6c29023..fd651b58ce4 100644
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@@ -443,7 +443,8 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   int mask, len, n, pri, logit, loglen, result;
   char logbuf[200];
 
-  logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) && filter->logok;
+  logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) &&
+          (!filter || filter->logok);
   loglen = 0;
   pri = 0;
 
@@ -451,7 +452,10 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   uh = NULL;
 
   if (logit && loglen < sizeof logbuf) {
-    snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name);
+    if (filter)
+      snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name);
+    else
+      snprintf(logbuf + loglen, sizeof logbuf - loglen, "  ");
     loglen += strlen(logbuf + loglen);
   }
   ptop = (cp + (pip->ip_hl << 2));
@@ -584,7 +588,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
     break;
   }
 
-  if (FilterCheck(pip, filter)) {
+  if (filter && FilterCheck(pip, filter)) {
     if (logit)
       log_Printf(LogTCPIP, "%s - BLOCKED\n", logbuf);
 #ifdef notdef
@@ -595,7 +599,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   } else {
     /* Check Keep Alive filter */
     if (logit && log_IsKept(LogTCPIP)) {
-      if (FilterCheck(pip, &bundle->filter.alive))
+      if (filter && FilterCheck(pip, &bundle->filter.alive))
         log_Printf(LogTCPIP, "%s - NO KEEPALIVE\n", logbuf);
       else
         log_Printf(LogTCPIP, "%s\n", logbuf);
@@ -603,7 +607,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
     result = pri;
   }
 
-  if (uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS))
+  if (filter && uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS))
     ip_LogDNS(uh, filter->name);
 
   return result;
diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c
index eb5fa64dd59..999a31a81b9 100644
--- a/usr.sbin/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/nat_cmd.c
@@ -50,6 +50,7 @@
 #ifndef NORADIUS
 #include "radius.h"
 #endif
+#include "ip.h"
 #include "bundle.h"
 
 
@@ -423,6 +424,15 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
                  nfrags, gfrags);
       break;
 
+    case PKT_ALIAS_IGNORED:
+      if (log_IsKept(LogTCPIP)) {
+        log_Printf(LogTCPIP, "NAT engine ignored data:\n");
+        PacketCheck(bundle, (char *)pip, ntohs(pip->ip_len), NULL);
+      }
+      m_freem(bp);
+      bp = NULL;
+      break;
+
     default:
       log_Printf(LogWARN, "nat_LayerPull: Dropped a packet (%d)....\n", ret);
       m_freem(bp);