[Bug 122773] [pf] pf doesn't log uid or pid when configured to
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Oct 19 20:56:13 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122773
Kristof Provost <kp at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kp at freebsd.org
--- Comment #5 from Kristof Provost <kp at freebsd.org> ---
It looks like the kernel side of this (at least for uid) is present.
I've updated the patch:
diff --git a/contrib/tcpdump/print-pflog.c b/contrib/tcpdump/print-pflog.c
index 265efd3c866..38201c55ee3 100644
--- a/contrib/tcpdump/print-pflog.c
+++ b/contrib/tcpdump/print-pflog.c
@@ -97,8 +97,12 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr
*hdr)
else
ND_PRINT((ndo, "rule %u.%s.%u/", rulenr, hdr->ruleset,
subrulenr));
- ND_PRINT((ndo, "%s: %s %s on %s: ",
- tok2str(pf_reasons, "unkn(%u)", hdr->reason),
+ ND_PRINT((ndo, "%s", tok2str(pf_reasons, "unkn(%u)", hdr->reason)));
+
+ if (hdr->uid != UID_MAX)
+ ND_PRINT((ndo, " [uid %u]", (unsigned)hdr->uid));
+
+ ND_PRINT((ndo, ": %s %s on %s: ",
tok2str(pf_actions, "unkn(%u)", hdr->action),
tok2str(pf_directions, "unkn(%u)", hdr->dir),
hdr->ifname));
A simple ping now produces this:
tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture
size 262144 bytes
00:00:00.000000 rule 0/0(match) [uid 1001]: pass out on vtnet0: (tos 0x0, ttl
64, id 20885, offset 0, flags [none], proto UDP (17), length 55)
172.16.2.2.64345 > 172.16.2.1.53: [bad udp cksum 0x5c58 -> 0x964f!] 27130+
A? google.be. (27)
00:00:00.071014 rule 0/0(match) [uid 0]: pass out on vtnet0: (tos 0x0, ttl 64,
id 63862, offset 0, flags [none], proto ICMP (1), length 84)
172.16.2.2 > 172.217.18.163: ICMP echo request, id 35102, seq 0, length 64
If anyone is still interested in this, can you test it and let me know if this
works for you?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list