Date: Mon, 14 Apr 2008 22:04:03 GMT From: Josh <josh@endries.org> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/122773: pf doesn't log uid or pid when configured to Message-ID: <200804142204.m3EM43cJ029000@www.freebsd.org> Resent-Message-ID: <200804142210.m3EMA2hA040071@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 122773 >Category: misc >Synopsis: pf doesn't log uid or pid when configured to >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 14 22:10:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Josh >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD www 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Mar 31 15:51:02 EDT 2008 root@:/jails/src/root/usr/obj/jails/src/root/usr/src/sys/ULEMAC amd64 >Description: When pf is configured to log the UID and PID of the process sending traffic, it doesn't. >How-To-Repeat: Configure pf with a rule such as: pass out log (user) quick on $exif inet proto tcp from $exif to any keep state Start pflog (/etc/rc.d/pflog + rcvar), then run "tcpdump -netttvvvi pflog0", which is supposed to display the info. You should get something like (from google): rule 10/(match) [uid 0, pid 1807] block in on fxp0: 85.100.124.74.14464 \ server1.443: [|tcp] (ttl 249, id 65259, len 40, bad cksum 0! differs by f890) But I actually get something like: 044014 rule 17/0(match): pass out on bge0: (tos 0x10, ttl 64, id 11138, \ offset 0, flags [DF], proto TCP (6), length 60) 64.132.211.219.57274 > \ 66.94.234.13.80: [|tcp] Other users on #freebsd@freenode reported the same behavior. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804142204.m3EM43cJ029000>