Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 1 Jul 2013 12:50:01 GMT
From:      =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me>
To:        freebsd-pf@FreeBSD.org
Subject:   Re: kern/122773: [pf] pf doesn&#39; t log uid or pid when configured to
Message-ID:  <201307011250.r61Co18e009547@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/122773; it has been noted by GNATS.

From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me>
To: bug-followup@freebsd.org, josh@endries.org
Cc: Gleb Smirnoff <glebius@freebsd.org>
Subject: Re: kern/122773: [pf] pf doesn&#39;t log uid or pid when configured to
Date: Mon, 1 Jul 2013 14:42:41 +0200

 Hi,
 I've got the same problem on 9-stable too.
 
 pflogd didn't add the good UID value on its pcap.
 
 Here is a pflogd packet displayed on wireshark (my user had UID 1001
 for this test):
 
 No.     Time        Source                Destination
 Protocol Length Info
       1 0.000000    10.2.1.3              10.2.0.67             TCP
   124    [pass em0/0] 32186 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460
 WS=64 SACK_PERM=1 TSval=615127099 TSecr=0
 
 Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
 PF Log IPv4 pass on em0 by rule 0
     Header Length: 61
     Address Family: IPv4 (2)
     Action: pass (0)
     Reason: match (0)
     Interface: em0
     Ruleset:
     Rule Number: 2
     Sub Rule Number: 16777216
     UID: -385679360
     PID: -1601830656
     Rule UID: 0
     Rule PID: -1990852608
     Direction: out (2)
     Padding: 000000
 Internet Protocol Version 4, Src: 10.2.1.3 (10.2.1.3), Dst: 10.2.0.67
 (10.2.0.67)
 Transmission Control Protocol, Src Port: 32186 (32186), Dst Port: ssh
 (22), Seq: 0, Len: 0
     Source port: 32186 (32186)
     Destination port: ssh (22)
     [Stream index: 0]
     Sequence number: 0    (relative sequence number)
     Header length: 40 bytes
     Flags: 0x002 (SYN)
     Window size value: 65535
     [Calculated window size: 65535]
     Checksum: 0xe2c8 [validation disabled]
     Options: (20 bytes), Maximum segment size, No-Operation (NOP),
 Window scale, SACK permitted, Timestamps
 
 Regards,
 
 Olivier

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307011250.r61Co18e009547>