From owner-freebsd-pf@FreeBSD.ORG Fri Apr 20 16:14:03 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4FAC516A400 for ; Fri, 20 Apr 2007 16:14:03 +0000 (UTC) (envelope-from schneecrash@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.190]) by mx1.freebsd.org (Postfix) with ESMTP id 83A2C13C489 for ; Fri, 20 Apr 2007 16:14:02 +0000 (UTC) (envelope-from schneecrash@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so1125198muf for ; Fri, 20 Apr 2007 09:14:01 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Cu3CJuJvkyhIiCUJY2T7YwDI0721+DvYTGPumun8rAAVY095Lj6ydGvzU6Rh4UYN2DC7kkZ1NEUw0chSetzhnlc51IIiJdsr+KewKRbXibLJdLu9t3JsfliwG2rBAzZl2ol97AeYuUUv4TH0XtrD0j8oC3jxZYoNxv0AGmWbpVE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=eQKoKaKr7cHVdmQbw02Z+rOMN6AioiQ9XEPbltAHE+yURhUF6tnxGgDymi2+dtsByM+Cd0BncalI50TkjVx0385GKkX/Ig8fXJpYmblrmYFFx8j81ceLG5MtP0/k3du54o8QzmHDCRYgv+0/AIe973N+XV7yXiFODQcIHBOjHVo= Received: by 10.82.175.2 with SMTP id x2mr4935465bue.1177085637388; Fri, 20 Apr 2007 09:13:57 -0700 (PDT) Received: by 10.82.162.19 with HTTP; Fri, 20 Apr 2007 09:13:57 -0700 (PDT) Message-ID: <70f41ba20704200913j47b918c1k9032f13abe2111da@mail.gmail.com> Date: Fri, 20 Apr 2007 09:13:57 -0700 From: snowcrash Sender: schneecrash@gmail.com To: "Max Laier" In-Reply-To: <200704201738.10315.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <70f41ba20704191637r3b615497ga13ebfa885db180c@mail.gmail.com> <200704201738.10315.max@love2party.net> X-Google-Sender-Auth: a951f261b964396b Cc: freebsd-pf@freebsd.org Subject: Re: displaying rule labels in pf logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-pf@freebsd.org List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 16:14:03 -0000 hi max, > A small awk/perl/python/ruby/...-filter should get you running. Simply > suck in "pfctl -vvsr" output and build an associative array rule# -> > label and then just search and replace. that's an alternative. i'll have to figure out how with which script lang (for lowest overhead on an embedded box ...). thanks. > > is there an existing 'native' option to do so already 'in' pf+tcpdump? > > No there isn't - and I don't think we will implement it either. The > information can easily be obtained if the corresponding ruleset is > available and copying 64 byte additional information is a significant > overhead. As variable size headers are somewhat tricky, I'm afraid this > is a no-go - sorry. shame. i certainly can't speak to the performance/tech issue you raise, but, this (human-readable labels in my logs) is one of the very few things i *do* miss from the 'old' iptables-based solutions i migrated away from ... the script should be an alternative. thanks again.