From owner-freebsd-pf@FreeBSD.ORG Mon Mar 9 17:15:10 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B30410656DA for ; Mon, 9 Mar 2009 17:15:10 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 25BE48FC3D for ; Mon, 9 Mar 2009 17:15:10 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n29HFA9x045341 for ; Mon, 9 Mar 2009 17:15:10 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n29HF9re045337 for freebsd-pf@FreeBSD.org; Mon, 9 Mar 2009 17:15:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Mar 2009 17:15:09 GMT Message-Id: <200903091715.n29HF9re045337@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2009 17:15:12 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/132176 pf [pf] pf stalls connection when using route-to [regress o kern/130977 pf [netgraph][pf] kernel panic trap 12 on user connect to o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/129060 pf [pf] [tun] pf doesn't forget the old tun IP o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o conf/127511 pf [patch] /usr/sbin/authpf: add authpf folders to BSD.ro o kern/127439 pf [pf] deadlock in pf o kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/82271 pf [pf] cbq scheduler cause bad latency 31 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Mar 11 18:35:02 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB978106568A for ; Wed, 11 Mar 2009 18:35:02 +0000 (UTC) (envelope-from MPetersen@gs1us.org) Received: from chi.hcst.net (chi.hcst.com [192.52.183.242]) by mx1.freebsd.org (Postfix) with ESMTP id 764D58FC1C for ; Wed, 11 Mar 2009 18:35:02 +0000 (UTC) (envelope-from MPetersen@gs1us.org) Received: from LVNJEVS205.UCCORG.org (user2.gs1us.org [63.118.42.2]) by chi.hcst.net (8.13.6/8.13.6) with ESMTP id n2BIIKqT017378 for ; Wed, 11 Mar 2009 14:18:21 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 11 Mar 2009 14:18:31 -0400 Message-ID: <54B7F7DBCA12D94CA3FE17B68F1461A705E5B993@LVNJEVS205.UCCORG.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Log Labels? Thread-Index: Acmidcg3c/zaMuO+QvKe7DcAR8NbcA== From: "Petersen, Mark" To: Subject: Log Labels? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2009 18:35:03 -0000 Hello, I'm trying to find out if it's possible to do IPF like log-tags with pf. I found an interesting patch here - http://osdir.com/ml/os.freebsd.devel.pf4freebsd/2006-06/msg00062.html that enables this. It doesn't appear to have made it into pflog though. Is there a way to use this feature? I'd much rather be logging a label and rule #. I can see if these patches still work with 7 of course. Has anyone tried this? Finally - it appears there are only patches for pf, but if I compile tcpdump with the pf patches, will it work? What about using mergecap with this? If I recompile mergecap/tshark would this work? I know I can just try, but no sense reinventing the wheel if someone else spent some time trying to do the same. Thanks, Mark From owner-freebsd-pf@FreeBSD.ORG Wed Mar 11 19:25:05 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A480310656C0 for ; Wed, 11 Mar 2009 19:25:05 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from n29.bullet.mail.ukl.yahoo.com (n29.bullet.mail.ukl.yahoo.com [87.248.110.146]) by mx1.freebsd.org (Postfix) with SMTP id EEB938FC16 for ; Wed, 11 Mar 2009 19:25:04 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from [217.12.4.214] by n29.bullet.mail.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:07 -0000 Received: from [87.248.110.115] by t1.bullet.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:07 -0000 Received: from [127.0.0.1] by omp220.mail.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:11 -0000 X-Yahoo-Newman-Id: 842780.78879.bm@omp220.mail.ukl.yahoo.com Received: (qmail 76941 invoked from network); 11 Mar 2009 19:11:07 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.it; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:X-Mailer; b=BHZlOJlq7O+fpHreq5J3pvz8MFkvjl9APQexXyKzS7IrNf2OfsnVxxCp8oJ0QGDwVW69Wx9RvUNvne4khmxL6reF3POW8ahKQ1mNyK+uscydrowJN3JS8QO0ngQ130O6ayTu2P+NeB1TRsoUA9GvQVY0ME4M8EcOkrjmrIOZEMQ= ; Received: from unknown (HELO stromberg.smersh.casa) (gdoe6545@88.149.154.198 with plain) by smtp108.mail.ukl.yahoo.com with SMTP; 11 Mar 2009 19:11:07 -0000 X-YMail-OSG: wUhXHF4VM1koNwSRTcFqtSHni11hATRvMQ90.O5Hi66t9ItpX0G9NrFdRNXnTTGvyYoSCOEa21rNbjUi0fNmSimXhMZaTWaahhHFadYSRZ5qN8wx1j5EdVrA5Fk.1GAZ1XHywHHJpHqVS6sepvoXzXlldzY64JczUuetcEOEJLZ68kWP7azB_TJx_fenD7k.G8cgHib6dcJySQQq X-Yahoo-Newman-Property: ymail-5 Message-Id: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> From: Gianni To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 11 Mar 2009 20:11:05 +0100 X-Mailer: Apple Mail (2.930.3) Subject: duplicate nat rules listed by pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2009 19:25:06 -0000 With the following nat rules pfctl lists duplicate entries, can anyone explain why this is? ext_if = "tun0" nat on $ext_if from $localnet to any -> ($ext_if) no nat on $ext_if from $localnet to $vpn_nets # pfctl -s nat nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 From owner-freebsd-pf@FreeBSD.ORG Wed Mar 11 20:22:27 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED3EF1065673 for ; Wed, 11 Mar 2009 20:22:27 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay2-bcrtfl2.verio.net (relay2-bcrtfl2.verio.net [131.103.218.177]) by mx1.freebsd.org (Postfix) with ESMTP id B84248FC1C for ; Wed, 11 Mar 2009 20:22:27 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw02.corp.verio.net (iad-wprd-xchw02.corp.verio.net [198.87.7.165]) by relay2-bcrtfl2.verio.net (Postfix) with ESMTP id 0CCCB1FF00D5 for ; Wed, 11 Mar 2009 15:50:10 -0400 (EDT) Thread-Index: AcmigpV6odcDA72uSP+4FJ3vYS3a8g== Received: from dllstx1-8sst9f1.corp.verio.net ([198.87.6.151]) by iad-wprd-xchw02.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 11 Mar 2009 15:50:08 -0400 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Wed, 11 Mar 2009 14:50:08 +0000 Date: Wed, 11 Mar 2009 14:50:08 -0500 Content-Transfer-Encoding: 7bit From: "David DeSimone" To: Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Importance: normal Priority: normal Message-ID: <20090311195007.GE3436@verio.net> Mail-Followup-To: freebsd-pf@freebsd.org References: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 11 Mar 2009 19:50:08.0190 (UTC) FILETIME=[94C115E0:01C9A282] Subject: Re: duplicate nat rules listed by pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2009 20:22:28 -0000 Gianni wrote: > > With the following nat rules pfctl lists duplicate entries, can anyone > explain why this is? > > ext_if = "tun0" > nat on $ext_if from $localnet to any -> ($ext_if) > no nat on $ext_if from $localnet to $vpn_nets What is the definition of $localnet? > # pfctl -s nat > nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin > nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin > no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 > no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 Also, don't you think you should put the "no nat" rule before the "nat" rules? -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. From owner-freebsd-pf@FreeBSD.ORG Thu Mar 12 05:04:11 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E64BE106564A for ; Thu, 12 Mar 2009 05:04:11 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from n24.bullet.mail.ukl.yahoo.com (n24.bullet.mail.ukl.yahoo.com [87.248.110.141]) by mx1.freebsd.org (Postfix) with SMTP id 532B88FC1A for ; Thu, 12 Mar 2009 05:04:11 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from [217.12.4.215] by n24.bullet.mail.ukl.yahoo.com with NNFMP; 12 Mar 2009 05:04:18 -0000 Received: from [87.248.110.111] by t2.bullet.ukl.yahoo.com with NNFMP; 12 Mar 2009 05:04:10 -0000 Received: from [127.0.0.1] by omp216.mail.ukl.yahoo.com with NNFMP; 12 Mar 2009 05:04:10 -0000 X-Yahoo-Newman-Id: 533686.33629.bm@omp216.mail.ukl.yahoo.com Received: (qmail 49605 invoked from network); 12 Mar 2009 05:04:10 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.it; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:In-Reply-To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:X-Mailer; b=PZFjwVSEzwgspLCK1CsZc6dVPsjCG1JebwmD3KTv8QiUxlqWwiyxiiRMsPlPWmDWZfCK6QVpdjpAf3m941/w4+9UGmw6WoLoMgHk7ODuw3BIG45jfhkcvybWbymXgKdTIv5sYvMq5Cb03D1OL/C/GEk7McZ0v3MNePRLrNkfF08= ; Received: from unknown (HELO stromberg.smersh.casa) (gdoe6545@88.149.154.198 with plain) by smtp130.mail.ukl.yahoo.com with SMTP; 12 Mar 2009 05:04:10 -0000 X-YMail-OSG: jtvT0vEVM1myO4qpblnxGFLqImzL0mxTMZMJapqHXiMrDL9RqMd.Cjnee3c.7QqOsO1uR40Rb85Hp.kenhsxl79k5LESR7nNaImOPk0kaIz1YdG7Ozecafb3MBgxcA9pl1nl1uTXV8NBQeyTdpWYNeCgANWOz5oUhPaBT1ho3Zy.lE3I761Gjlnj47jX0u5dAB.ZpGLh64C3IP1Z X-Yahoo-Newman-Property: ymail-5 Message-Id: <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it> From: Gianni To: freebsd-pf@freebsd.org In-Reply-To: <20090311195007.GE3436@verio.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Thu, 12 Mar 2009 06:04:08 +0100 References: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> <20090311195007.GE3436@verio.net> X-Mailer: Apple Mail (2.930.3) Subject: Re: duplicate nat rules listed by pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 05:04:12 -0000 On 11/mar/09, at 20:50, David DeSimone wrote: > Gianni wrote: >> >> With the following nat rules pfctl lists duplicate entries, can >> anyone >> explain why this is? >> >> ext_if = "tun0" >> nat on $ext_if from $localnet to any -> ($ext_if) >> no nat on $ext_if from $localnet to $vpn_nets > > What is the definition of $localnet? int_if = "vr0" localnet = $int_if:network From your question I now see the answer: vr0: flags=8843 metric 0 mtu 1500 options=280b inet 192.168.200.250 netmask 0xffffff00 broadcast 192.168.200.255 inet 192.168.200.249 netmask 0xffffff00 broadcast 192.168.200.255 I've got 2 ip addresses on the interface and the :network shortcut does not take into account that they are part of the same subnet. If I do localnet = "192.168.200.0/24" it's fine, I don't get duplicate entries. >> # pfctl -s nat >> nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin >> nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin >> no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 >> no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 > > Also, don't you think you should put the "no nat" rule before the > "nat" > rules? Yes probably! Because first matching nat rule wins right? Thanks -Gianni From owner-freebsd-pf@FreeBSD.ORG Thu Mar 12 06:46:18 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 990D7106564A for ; Thu, 12 Mar 2009 06:46:18 +0000 (UTC) (envelope-from siseci@gmail.com) Received: from mail-fx0-f158.google.com (mail-fx0-f158.google.com [209.85.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id F348D8FC12 for ; Thu, 12 Mar 2009 06:46:17 +0000 (UTC) (envelope-from siseci@gmail.com) Received: by fxm2 with SMTP id 2so252523fxm.43 for ; Wed, 11 Mar 2009 23:46:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=vZujaKgKQsED8QiSyWJf2uPluB9RiROyfhxlJ6UQpI4=; b=aAujrDuZY5JzC6hjLUyjSmDpX0OKRi79HIXp9I8+EptfaKfGotanI8NdBsxtVX5vAe vvGBKPFJW8iQ3ZMVK7rugZvztFFq6nDhMpLPPuBsIeyOnTvgldGD3O7G4lbkdd/BeENU ZRXKpHgYHNiTQs6ljqDQIDDi0aQ67qBrtdSqg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=Vkvp8fh2QQgofdaJTAIOISlLZ+cYlNy86iE832cO815mJVdzxfhJJrpe6xNErbaG5D WStphdXm9ZHvL+m4VQkneRlVcHm+xjRz2A1OtjTZkPMqnY34zgTu9xT37kk87Hgw8tpS gknt8YUX5S1OAdglSZydbqptn/KwlTkqCdZ4c= Received: by 10.86.95.8 with SMTP id s8mr6490282fgb.79.1236839089061; Wed, 11 Mar 2009 23:24:49 -0700 (PDT) Received: from ?127.0.0.1? ([193.140.74.2]) by mx.google.com with ESMTPS id d4sm1520014fga.35.2009.03.11.23.24.47 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 11 Mar 2009 23:24:48 -0700 (PDT) Message-ID: <49B8AAA3.7060505@gmail.com> Date: Thu, 12 Mar 2009 08:24:35 +0200 From: "N. Ersen SISECI" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: "Petersen, Mark" References: <54B7F7DBCA12D94CA3FE17B68F1461A705E5B993@LVNJEVS205.UCCORG.org> In-Reply-To: <54B7F7DBCA12D94CA3FE17B68F1461A705E5B993@LVNJEVS205.UCCORG.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: Log Labels? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 06:46:19 -0000 Hello, I have been using this patch for a long time. If you apply if_pflog patchs to pf and print-pflog.c to tcpdump you should see label values in log lines. If you are interested in this patch i can send you its 7.0 version. # tcpdump -nttttveli pflog0 -s 1024 2009-03-12 08:23:22.206866 rule 2336/0(match): pass in on em0: label 70: (tos 0x0, ttl 128, id 1054, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.6.2.4252 > 1.2.3.4.443: S, cksum 0x1480 (correct), 3376786061:3376786061(0) win 65535 Thanks, N. Ersen SISECI http://www.enderunix.org Petersen, Mark yazmış: > Hello, > > I'm trying to find out if it's possible to do IPF like log-tags with pf. > I found an interesting patch here - > http://osdir.com/ml/os.freebsd.devel.pf4freebsd/2006-06/msg00062.html > that enables this. It doesn't appear to have made it into pflog though. > > Is there a way to use this feature? I'd much rather be logging a label > and rule #. I can see if these patches still work with 7 of course. > Has anyone tried this? > > Finally - it appears there are only patches for pf, but if I compile > tcpdump with the pf patches, will it work? What about using mergecap > with this? If I recompile mergecap/tshark would this work? I know I > can just try, but no sense reinventing the wheel if someone else spent > some time trying to do the same. > > Thanks, > Mark > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > From owner-freebsd-pf@FreeBSD.ORG Thu Mar 12 06:48:19 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79B47106564A for ; Thu, 12 Mar 2009 06:48:19 +0000 (UTC) (envelope-from artis.caune@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.154]) by mx1.freebsd.org (Postfix) with ESMTP id 0C6058FC20 for ; Thu, 12 Mar 2009 06:48:18 +0000 (UTC) (envelope-from artis.caune@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so64925fgb.35 for ; Wed, 11 Mar 2009 23:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=qd0dBObkTph6AxrwjlSKSpvVmHzHblX7qxoGcT1mUqA=; b=A/XVvh4XnQFT6Ntn5r8VM68X6+G3QMVfO+xB/SlU1SidPvq0N12c8L6M2cpFDOQYLn 9dT38uGqGIsith58X28BQe0+qok8sCZZjmDU92j6LCGe/OctXKsCWiBa77LrjBTC/VLh OWzJE8v72QggJQnMVoFn490JDPjHIDXPilEuM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=FEzNk3X72+r5WPFt4XDPvIBSyE0k5eNTXy0oflupUtNH0GAdfg/PIunPd+ZnIa7YkB aQuKOWfO7c9zZgRSUJTcBIbL3w3tMPrLUih0xwV5DHTrjsXVxAjNZ1fzbPYK7kKunZCg TOLw+Fxu0/rc7u7AtdfJuOQvfMnvwRDSmObt0= MIME-Version: 1.0 Received: by 10.86.76.16 with SMTP id y16mr3195922fga.18.1236840497808; Wed, 11 Mar 2009 23:48:17 -0700 (PDT) In-Reply-To: <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it> References: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> <20090311195007.GE3436@verio.net> <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it> Date: Thu, 12 Mar 2009 08:48:17 +0200 Message-ID: <9e20d71e0903112348m52e9020cybd37b7333a298d52@mail.gmail.com> From: Artis Caune To: Gianni Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: duplicate nat rules listed by pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 06:48:19 -0000 2009/3/12 Gianni : > On 11/mar/09, at 20:50, David DeSimone wrote: > int_if =3D "vr0" > localnet =3D $int_if:network > > From your question I now see the answer: > > vr0: flags=3D8843 metric 0 mtu 15= 00 > =C2=A0 =C2=A0 =C2=A0 =C2=A0options=3D280b > =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 192.168.200.250 netmask 0xffffff00 broadc= ast 192.168.200.255 > =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 192.168.200.249 netmask 0xffffff00 broadc= ast 192.168.200.255 > > I've got 2 ip addresses on the interface and the :network shortcut does n= ot > take into account that they are part of the same subnet. > If I do localnet =3D "192.168.200.0/24" it's fine, I don't get duplicate > entries. you can use tables, so duplicates are skipped: int_if =3D "vr0" table const { $int_if:network } nat on $ext_if from to any -> ($ext_if) --=20 regards, Artis Caune <----. CCNA | BSDA <----|=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D <----' didii FreeBSD From owner-freebsd-pf@FreeBSD.ORG Thu Mar 12 20:13:34 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB56D106564A for ; Thu, 12 Mar 2009 20:13:34 +0000 (UTC) (envelope-from MPetersen@gs1us.org) Received: from chi.hcst.net (chi.hcst.com [192.52.183.242]) by mx1.freebsd.org (Postfix) with ESMTP id 6D9158FC17 for ; Thu, 12 Mar 2009 20:13:34 +0000 (UTC) (envelope-from MPetersen@gs1us.org) Received: from LVNJEVS205.UCCORG.org (user2.gs1us.org [63.118.42.2]) by chi.hcst.net (8.13.6/8.13.6) with ESMTP id n2CKDWxZ030564; Thu, 12 Mar 2009 16:13:33 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 Date: Thu, 12 Mar 2009 16:13:30 -0400 Message-ID: <54B7F7DBCA12D94CA3FE17B68F1461A705EA05A4@LVNJEVS205.UCCORG.org> In-Reply-To: <49B8AAA3.7060505@gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Log Labels? Thread-Index: Acmi213EpxtDxGbeTPioyUiYNv5segAczEWg References: <54B7F7DBCA12D94CA3FE17B68F1461A705E5B993@LVNJEVS205.UCCORG.org> <49B8AAA3.7060505@gmail.com> From: "Petersen, Mark" To: "N. Ersen SISECI" Cc: freebsd-pf@freebsd.org Subject: RE: Log Labels? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 20:13:34 -0000 R3JlYXQsIEkgd291bGQgbG92ZSB0byB0cnkgYSBwYXRjaCBmb3IgNy4wLiAgRG8geW91IGhhdmUg YSBwYXRjaCBmb3Igd2lyZXNoYXJrL3RzaGFyay9tZXJnZWNhcCBhcyB3ZWxsIGJ5IGFueSBjaGFu Y2U/ICBIYXZlIHlvdSBzdWJtaXR0ZWQgdGhlc2UgcGF0Y2hlcyB0byBPcGVuQlNEIHBlb3BsZT8g IEFueSBmZWVkYmFjayBvbiBnZXR0aW5nIHRoaXMgbWVyZ2VkIGluPw0KDQpUaGFua3MsDQpNYXJr DQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogTi4gRXJzZW4gU0lTRUNJ IFttYWlsdG86c2lzZWNpQGdtYWlsLmNvbV0NCj4gU2VudDogVGh1cnNkYXksIE1hcmNoIDEyLCAy MDA5IDE6MjUgQU0NCj4gVG86IFBldGVyc2VuLCBNYXJrDQo+IENjOiBmcmVlYnNkLXBmQGZyZWVi c2Qub3JnDQo+IFN1YmplY3Q6IFJlOiBMb2cgTGFiZWxzPw0KPiANCj4gSGVsbG8sDQo+IA0KPiBJ IGhhdmUgYmVlbiB1c2luZyB0aGlzIHBhdGNoIGZvciBhIGxvbmcgdGltZS4gSWYgeW91IGFwcGx5 IGlmX3BmbG9nDQo+IHBhdGNocyB0byBwZiBhbmQNCj4gcHJpbnQtcGZsb2cuYyB0byB0Y3BkdW1w IHlvdSBzaG91bGQgc2VlIGxhYmVsIHZhbHVlcyBpbiBsb2cgbGluZXMuDQo+IA0KPiBJZiB5b3Ug YXJlIGludGVyZXN0ZWQgaW4gdGhpcyBwYXRjaCBpIGNhbiBzZW5kIHlvdSBpdHMgNy4wIHZlcnNp b24uDQo+IA0KPiAjIHRjcGR1bXAgLW50dHR0dmVsaSBwZmxvZzAgLXMgMTAyNA0KPiAyMDA5LTAz LTEyIDA4OjIzOjIyLjIwNjg2NiBydWxlIDIzMzYvMChtYXRjaCk6IHBhc3MgaW4gb24gZW0wOiBs YWJlbA0KPiA3MDoNCj4gKHRvcyAweDAsIHR0bCAxMjgsIGlkIDEwNTQsIG9mZnNldCAwLCBmbGFn cyBbREZdLCBwcm90bzogVENQICg2KSwNCj4gbGVuZ3RoOiA0OCkgMTkyLjE2OC42LjIuNDI1MiA+ IDEuMi4zLjQuNDQzOiBTLCBja3N1bSAweDE0ODAgKGNvcnJlY3QpLA0KPiAzMzc2Nzg2MDYxOjMz NzY3ODYwNjEoMCkgd2luIDY1NTM1IDxtc3MgMTQ2MCxub3Asbm9wLHNhY2tPSz4NCj4gDQo+IA0K PiBUaGFua3MsDQo+IA0KPiBOLiBFcnNlbiBTSVNFQ0kNCj4gaHR0cDovL3d3dy5lbmRlcnVuaXgu b3JnDQo+IA0KPiANCj4gUGV0ZXJzZW4sIE1hcmsgeWF6bcSxxZ86DQo+ID4gSGVsbG8sDQo+ID4N Cj4gPiBJJ20gdHJ5aW5nIHRvIGZpbmQgb3V0IGlmIGl0J3MgcG9zc2libGUgdG8gZG8gSVBGIGxp a2UgbG9nLXRhZ3Mgd2l0aA0KPiBwZi4NCj4gPiBJIGZvdW5kIGFuIGludGVyZXN0aW5nIHBhdGNo IGhlcmUgLQ0KPiA+IGh0dHA6Ly9vc2Rpci5jb20vbWwvb3MuZnJlZWJzZC5kZXZlbC5wZjRmcmVl YnNkLzIwMDYtMDYvbXNnMDAwNjIuaHRtbA0KPiA+IHRoYXQgZW5hYmxlcyB0aGlzLiAgSXQgZG9l c24ndCBhcHBlYXIgdG8gaGF2ZSBtYWRlIGl0IGludG8gcGZsb2cNCj4gdGhvdWdoLg0KPiA+DQo+ ID4gSXMgdGhlcmUgYSB3YXkgdG8gdXNlIHRoaXMgZmVhdHVyZT8gIEknZCBtdWNoIHJhdGhlciBi ZSBsb2dnaW5nIGENCj4gbGFiZWwNCj4gPiBhbmQgcnVsZSAjLiAgSSBjYW4gc2VlIGlmIHRoZXNl IHBhdGNoZXMgc3RpbGwgd29yayB3aXRoIDcgb2YgY291cnNlLg0KPiA+IEhhcyBhbnlvbmUgdHJp ZWQgdGhpcz8NCj4gPg0KPiA+IEZpbmFsbHkgLSBpdCBhcHBlYXJzIHRoZXJlIGFyZSBvbmx5IHBh dGNoZXMgZm9yIHBmLCBidXQgaWYgSSBjb21waWxlDQo+ID4gdGNwZHVtcCB3aXRoIHRoZSBwZiBw YXRjaGVzLCB3aWxsIGl0IHdvcms/ICBXaGF0IGFib3V0IHVzaW5nIG1lcmdlY2FwDQo+ID4gd2l0 aCB0aGlzPyAgSWYgSSByZWNvbXBpbGUgbWVyZ2VjYXAvdHNoYXJrIHdvdWxkIHRoaXMgd29yaz8g IEkga25vdyBJDQo+ID4gY2FuIGp1c3QgdHJ5LCBidXQgbm8gc2Vuc2UgcmVpbnZlbnRpbmcgdGhl IHdoZWVsIGlmIHNvbWVvbmUgZWxzZQ0KPiBzcGVudA0KPiA+IHNvbWUgdGltZSB0cnlpbmcgdG8g ZG8gdGhlIHNhbWUuDQo+ID4NCj4gPiBUaGFua3MsDQo+ID4gTWFyaw0KPiA+DQo+ID4gX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBmcmVlYnNkLXBm QGZyZWVic2Qub3JnIG1haWxpbmcgbGlzdA0KPiA+IGh0dHA6Ly9saXN0cy5mcmVlYnNkLm9yZy9t YWlsbWFuL2xpc3RpbmZvL2ZyZWVic2QtcGYNCj4gPiBUbyB1bnN1YnNjcmliZSwgc2VuZCBhbnkg bWFpbCB0byAiZnJlZWJzZC1wZi11bnN1YnNjcmliZUBmcmVlYnNkLm9yZyINCj4gPg0KPiA+DQoN Cg== From owner-freebsd-pf@FreeBSD.ORG Fri Mar 13 06:55:41 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BFFD106564A for ; Fri, 13 Mar 2009 06:55:41 +0000 (UTC) (envelope-from siseci@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by mx1.freebsd.org (Postfix) with ESMTP id CD0448FC0C for ; Fri, 13 Mar 2009 06:55:40 +0000 (UTC) (envelope-from siseci@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so757856fgb.35 for ; Thu, 12 Mar 2009 23:55:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=5QkzOnvHa9m/lcmNsi83piOqN2KBNhbC5u/msYSlpJ4=; b=R+GaA/DCg8mnLPIfhuyz4CuqCMkvsooTYUrb2g/PeOmUNX425Cf4ZjXKUXWSi7tBeO wWlF4sjlYj1x5Kwvf9S58FeC6sGyYt0Bpzz2LG0bzYHlimvBoMbSuxiaLx4sp7FwOtge Y48wkbH6QhKT5carO9T/jl7AO/V5Jn//WQeCI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=l+xnVORruIB15DXQbv+HrDb36hnnXKFEyUea3heQ0J6NHZfaHSn0G8wD5u1nVgUP8S 4P2k9pJd72P2RzKrhz6oJH1zLZtvrEPNRHS9qbfLXZ3XoO+ufeUayuZQKYN2Bkj6zL01 4CM5hECTBFLTMyOthAjUgZ9X0am+QqHOUbwDk= Received: by 10.86.92.7 with SMTP id p7mr642226fgb.24.1236927339972; Thu, 12 Mar 2009 23:55:39 -0700 (PDT) Received: from ?127.0.0.1? ([193.140.74.2]) by mx.google.com with ESMTPS id z10sm1960086fka.13.2009.03.12.23.55.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 12 Mar 2009 23:55:38 -0700 (PDT) Message-ID: <49BA0353.8060105@gmail.com> Date: Fri, 13 Mar 2009 08:55:15 +0200 From: "N. Ersen SISECI" User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) To: "Petersen, Mark" References: <54B7F7DBCA12D94CA3FE17B68F1461A705E5B993@LVNJEVS205.UCCORG.org> <49B8AAA3.7060505@gmail.com> <54B7F7DBCA12D94CA3FE17B68F1461A705EA05A4@LVNJEVS205.UCCORG.org> In-Reply-To: <54B7F7DBCA12D94CA3FE17B68F1461A705EA05A4@LVNJEVS205.UCCORG.org> Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Log Labels? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2009 06:55:41 -0000 Hi, I didn't submit this patch to OpenBSD guys. I have just only sent this to the list. I didn't try to patch wireshark. But i think it is as easy as tcpdump. And i didn't test on OpenBSD. May be i should test on OpenBSD first and then send this patch to OpenBSD list. This is the patch for FreeBSD 7.0 pf. --- if_pflog.h.orig 2008-07-10 14:20:58.000000000 +0300 +++ if_pflog.h 2008-07-10 14:21:59.000000000 +0300 @@ -44,6 +44,12 @@ #define PFLOG_RULESET_NAME_SIZE 16 +#ifndef PFLOG_RULE_LABEL_SIZE +#define PFLOG_RULE_LABEL_SIZE 64 +#endif + +#define PFLOG_LOG_LABEL + struct pfloghdr { u_int8_t length; sa_family_t af; @@ -58,6 +64,9 @@ uid_t rule_uid; pid_t rule_pid; u_int8_t dir; +#ifdef PFLOG_LOG_LABEL + char label[PFLOG_RULE_LABEL_SIZE]; +#endif u_int8_t pad[3]; }; --- if_pflog.c.orig 2008-07-10 14:22:11.000000000 +0300 +++ if_pflog.c 2008-07-10 14:22:48.000000000 +0300 @@ -342,6 +342,7 @@ hdr.action = rm->action; hdr.reason = reason; memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname)); + memcpy(hdr.label, rm->label, sizeof(rm->label)); if (am == NULL) { hdr.rulenr = htonl(rm->nr); And this is for Tcpdump. --- print-pflog.c.orig 2008-07-10 14:30:30.000000000 +0300 +++ print-pflog.c 2008-07-10 14:33:42.000000000 +0300 @@ -106,11 +106,21 @@ else printf("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr); - printf("%s: %s %s on %s: ", +#ifndef PFLOG_LOG_LABEL + printf("%s: %s %s on %s:", tok2str(pf_reasons, "unkn(%u)", hdr->reason), tok2str(pf_actions, "unkn(%u)", hdr->action), tok2str(pf_directions, "unkn(%u)", hdr->dir), hdr->ifname); +#else + printf("%s: %s %s on %s: label %s: ", + tok2str(pf_reasons, "unkn(%u)", hdr->reason), + tok2str(pf_actions, "unkn(%u)", hdr->action), + tok2str(pf_directions, "unkn(%u)", hdr->dir), + hdr->ifname, + hdr->label); +#endif + } u_int Petersen, Mark yazmis: Great, I would love to try a patch for 7.0. Do you have a patch for wireshark/ tshark/mergecap as well by any chance? Have you submitted these patches to Ope nBSD people? Any feedback on getting this merged in? Thanks, Mark -----Original Message----- From: N. Ersen SISECI [[1]mailto:siseci@gmail.com] Sent: Thursday, March 12, 2009 1:25 AM To: Petersen, Mark Cc: [2]freebsd-pf@freebsd.org Subject: Re: Log Labels? Hello, I have been using this patch for a long time. If you apply if_pflog patchs to pf and print-pflog.c to tcpdump you should see label values in log lines. If you are interested in this patch i can send you its 7.0 version. # tcpdump -nttttveli pflog0 -s 1024 2009-03-12 08:23:22.206866 rule 2336/0(match): pass in on em0: label 70: (tos 0x0, ttl 128, id 1054, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.6.2.4252 > 1.2.3.4.443: S, cksum 0x1480 (correct), 3376786061:3376786061(0) win 65535 Thanks, N. Ersen SISECI [3]http://www.enderunix.org Petersen, Mark yazmis: Hello, I'm trying to find out if it's possible to do IPF like log-tags with pf. I found an interesting patch here - [4]http://osdir.com/ml/os.freebsd.devel.pf4freebsd/2006-06/msg00062.html that enables this. It doesn't appear to have made it into pflog though. Is there a way to use this feature? I'd much rather be logging a label and rule #. I can see if these patches still work with 7 of course. Has anyone tried this? Finally - it appears there are only patches for pf, but if I compile tcpdump with the pf patches, will it work? What about using mergecap with this? If I recompile mergecap/tshark would this work? I know I can just try, but no sense reinventing the wheel if someone else spent some time trying to do the same. Thanks, Mark _______________________________________________ [5]freebsd-pf@freebsd.org mailing list [6]http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to [7]"freebsd-pf-unsubscribe@freebsd.org" References 1. mailto:siseci@gmail.com 2. mailto:freebsd-pf@freebsd.org 3. http://www.enderunix.org/ 4. http://osdir.com/ml/os.freebsd.devel.pf4freebsd/2006-06/msg00062.html 5. mailto:freebsd-pf@freebsd.org 6. http://lists.freebsd.org/mailman/listinfo/freebsd-pf 7. mailto:freebsd-pf-unsubscribe@freebsd.org