From owner-freebsd-pf@FreeBSD.ORG  Tue May  8 15:48:51 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9EEF5106564A;
	Tue,  8 May 2012 15:48:51 +0000 (UTC)
	(envelope-from kraduk@gmail.com)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
	[209.85.214.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 5A13B8FC15;
	Tue,  8 May 2012 15:48:51 +0000 (UTC)
Received: by obcni5 with SMTP id ni5so13318437obc.13
	for <multiple recipients>; Tue, 08 May 2012 08:48:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=b5YzeEsvC9PZxbofRpRi5RF33HWbe1LINO/nsLGjJRI=;
	b=gFtJFGT3XIy7gRoTSBbszSuITm6/tXhwEc9tREubdc0EIlYlrMt20qASvmoQ0Pug3C
	7WKM1yFy45bTJ1NOXEtIxe740bRLuvOKR4vJ4uIE5nXaxQvuyEYrT2CACi3BWg4TiPlU
	uHSxgQThjZRSpAi44USWiomCOLpixhS5A53RJ0otqG6nMzrAZfK9BBl+DpLoloi7LoBW
	rQZ6b7V1OlTWxs0xe2fIfkPXbxvbx1PUL3qPf3F/Jmuq/hZdbyALTrAp5kCyhaeiooXq
	wB8wevw2BWoJvIS2ENaNrher06ANzrtJQiE2X07w+4V3iIav03tqpj8Z5Mg4kR/rUytJ
	no3g==
MIME-Version: 1.0
Received: by 10.182.113.73 with SMTP id iw9mr3179089obb.21.1336492130696; Tue,
	08 May 2012 08:48:50 -0700 (PDT)
Received: by 10.182.5.138 with HTTP; Tue, 8 May 2012 08:48:50 -0700 (PDT)
Date: Tue, 8 May 2012 16:48:50 +0100
Message-ID: <CALfReyfO9v5xV5udgLjtVcTS7oLe9HaL0NDH8DK6TBNufNMwHw@mail.gmail.com>
From: krad <kraduk@gmail.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>, freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: 
Subject: synproxy definition in pfctl -si
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 15:48:51 -0000

Hi,

I am looking to track the number of syn packets coming into a system,
as the box in question has pf running and using the synproxy attribute
on tcp services, I hope to be able to use the synproxy field in pfctl
-si. However I cant find a definitive definition of the variable, Ive
looking in the source but haven't have much look in finding where it
is derived. Can anyone shed any light on if my assumption is valid as
without a proper definition of this variable I can't really trust its
output is what i think it is. Alternatively if anyone could suggest an
another  way of tracking inbound syn packets I would be grateful, it
must use base os tools though, ie no ports or other apps required.


Thanks

K