understanding iptables logging

[daniel]

i have a series of lines in /var/log/messages looking like this:

Jul  5 18:53:26 fightclub kernel: [DROPPED (IN-eth0)]: IN=eth0 OUT= 
MAC=00:30:bd:1c:e0:a7:00:05:00:e3:ec:d6:08:00 SRC=220.168.36.17 DST=<myIP> 
LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=5656 DF PROTO=TCP SPT=3770 DPT=9898 
WINDOW=16384 RES=0x00 SYN URGP=0

and it's kinda hard to google for "iptables df" so i was hoping someone here 
could explain just what all of the above abbreviations are.  here's what i've 
got so far:

IN - incoming interface
OUT - outgoing interface
MAC - mac address of my nic
SRC - the guy sending the packet
DST - my ip
LEN - ? length ?
TOS - ?
PREC - ?
TTL - ? time to live?
ID - ?
DF - ?
PROTO - protocol
SPT - source port
DPT - destination port
WINDOW - ?
RES - ?
SYN - making a connection
URGP - ?

the reason i ask is that i wrote this handy script to parse the log and keep a 
running ticker for me but it keeps gibbling whenever "DF" appears in the 
string.  so (a) i'd like to know what it is, and (b) i'd like to know how to 
write the script to account for this.

here's the script:


#!/bin/bash

tail -f /var/log/messages \
| awk '{
        sub("\\[",    "",   $6);
        sub("IN=",    "i",  $8);
        sub("OUT=",   "o",  $9);
        sub("SRC=",   "ip", $11);
        sub("PROTO=", "p",  $18);
        sub("SPT=",   "sp", $19);
        sub("DPT=",   "dp", $20);
        printf "%s - %s %s %s %s %s %s\n", $6, $8, $9, $11, $18, $19, $20
  }'

thanks for your help ;-)


-- 
I saw you without your clothes on once. I never thought I'd see you naked.
	- Mal to Saffron/Bridget/Yolanda, Firefly, "Trash"

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml