kern/122773: [pf] pf doesn' t log uid or pid when configured to
Olivier Cochard-Labbé
olivier at cochard.me
Mon Jul 1 12:50:02 UTC 2013
The following reply was made to PR kern/122773; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier at cochard.me>
To: bug-followup at freebsd.org, josh at endries.org
Cc: Gleb Smirnoff <glebius at freebsd.org>
Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to
Date: Mon, 1 Jul 2013 14:42:41 +0200
Hi,
I've got the same problem on 9-stable too.
pflogd didn't add the good UID value on its pcap.
Here is a pflogd packet displayed on wireshark (my user had UID 1001
for this test):
No. Time Source Destination
Protocol Length Info
1 0.000000 10.2.1.3 10.2.0.67 TCP
124 [pass em0/0] 32186 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460
WS=64 SACK_PERM=1 TSval=615127099 TSecr=0
Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
PF Log IPv4 pass on em0 by rule 0
Header Length: 61
Address Family: IPv4 (2)
Action: pass (0)
Reason: match (0)
Interface: em0
Ruleset:
Rule Number: 2
Sub Rule Number: 16777216
UID: -385679360
PID: -1601830656
Rule UID: 0
Rule PID: -1990852608
Direction: out (2)
Padding: 000000
Internet Protocol Version 4, Src: 10.2.1.3 (10.2.1.3), Dst: 10.2.0.67
(10.2.0.67)
Transmission Control Protocol, Src Port: 32186 (32186), Dst Port: ssh
(22), Seq: 0, Len: 0
Source port: 32186 (32186)
Destination port: ssh (22)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x002 (SYN)
Window size value: 65535
[Calculated window size: 65535]
Checksum: 0xe2c8 [validation disabled]
Options: (20 bytes), Maximum segment size, No-Operation (NOP),
Window scale, SACK permitted, Timestamps
Regards,
Olivier
More information about the freebsd-pf
mailing list