misc/122773: pf doesn't log uid or pid when configured to
Josh
josh at endries.org
Mon Apr 14 22:10:03 UTC 2008
>Number: 122773
>Category: misc
>Synopsis: pf doesn't log uid or pid when configured to
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 14 22:10:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Josh
>Release: 7.0-RELEASE
>Organization:
>Environment:
FreeBSD www 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Mar 31 15:51:02 EDT 2008 root@:/jails/src/root/usr/obj/jails/src/root/usr/src/sys/ULEMAC amd64
>Description:
When pf is configured to log the UID and PID of the process sending traffic, it doesn't.
>How-To-Repeat:
Configure pf with a rule such as:
pass out log (user) quick on $exif inet proto tcp from $exif to any keep state
Start pflog (/etc/rc.d/pflog + rcvar), then run "tcpdump -netttvvvi pflog0", which is supposed to display the info. You should get something like (from google):
rule 10/(match) [uid 0, pid 1807] block in on fxp0: 85.100.124.74.14464 \
server1.443: [|tcp] (ttl 249, id 65259, len 40, bad cksum 0! differs by f890)
But I actually get something like:
044014 rule 17/0(match): pass out on bge0: (tos 0x10, ttl 64, id 11138, \
offset 0, flags [DF], proto TCP (6), length 60) 64.132.211.219.57274 > \
66.94.234.13.80: [|tcp]
Other users on #freebsd at freenode reported the same behavior.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list