From nobody Thu Nov 18 19:24:47 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2DB0D1891BA6 for ; Thu, 18 Nov 2021 19:25:01 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hw8rX3mLbz3tT3 for ; Thu, 18 Nov 2021 19:25:00 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: by mail-qk1-x72a.google.com with SMTP id bk22so7584459qkb.6 for ; Thu, 18 Nov 2021 11:25:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=XM5/Ig/aezwX1CAyAYLhN7Rw8+FhddcY7g1q18x1x4o=; b=HdpAJ1oNNiKQVEgCyc/nz9AshG+E5qsPU94n4aG2mvt1IacRQn3RDF9rX6JIYoqKsg n+mq2n1hfAR+rsCn2OxtHlxAs35lEGSvYBwVzbMT3Jyuq9pb6ocRTenKhj8bQEydO8bX 4Q86o2m5dyl29FQ+YylKcEGWdRZ5G1UcMzhVegjPhgFUNwpdcC2C8KcmVFbeNZf2Tf7Z Zr1J8mE9V6BX2fJyIIAv5D6V2FZiS3TNomkozXUHdmacvyDcgh2WEqJn8/qYRD1vwxHZ Yro42d/MLrA0FVqwIMQXUK6r/NBtapuLddDb3++QK/C4eq0Dko01YJlXS+HFWSEUbSje 36lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=XM5/Ig/aezwX1CAyAYLhN7Rw8+FhddcY7g1q18x1x4o=; b=X/Ezkmm3vu0cEpFHAwnraiK0LESWfO2kcbmS74rOZcuDrgloYLH1t7LYFzBNoutt3L CheE+TUcaM+6TU9v6AgsF/pcZxN9ZHC9xuR3s8nAisHE276g3SS1Tqj+SZjw5A3R+jPY rn3+M1R0cV1rQOBrwsKrrFmsN9siPU4UGrQkyLkK0NQVlUpi0ctAbSePnmWVo5lEQWHC VG01DoOJJ3xh+uC02mZdxpXBsefA1eoDoVlVcuOSnjwgWm5ru6a8eJ7KnCf7KOzLMXox O/ZmNotVBeR60ULI8Gmw4H6jXMIBClXXCQ4QgSZDQfXvj6iGxF9f15g9YCCZK0KHv3fA 92IQ== X-Gm-Message-State: AOAM531dKGBa8J21MSas/iTrHwMucQP4F7Zr72ouv1JRAV1Um7JxrniK IOlPI4IDXsK3lNlSal6ezhqamTPgAzVoS/m7baLeLf/X X-Google-Smtp-Source: ABdhPJxgfrCW7e9LVWfGVaVxK9WosAZT/nVzaF7lrT62g+ZSNwDnzC3ofPljyoRdApalIE8Nbx5sOQZS7b5Bmmw9jmI= X-Received: by 2002:a37:647:: with SMTP id 68mr23477478qkg.343.1637263499216; Thu, 18 Nov 2021 11:24:59 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: John Jasen Date: Thu, 18 Nov 2021 14:24:47 -0500 Message-ID: Subject: Re: Bug 259798 - relayd: fatal: sync_table: cannot set address list: Cannot allocate memory To: FreeBSD Net Content-Type: multipart/alternative; boundary="000000000000464aaf05d1151d9e" X-Rspamd-Queue-Id: 4Hw8rX3mLbz3tT3 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=HdpAJ1oN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jjasen@gmail.com designates 2607:f8b0:4864:20::72a as permitted sender) smtp.mailfrom=jjasen@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72a:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: Y --000000000000464aaf05d1151d9e Content-Type: text/plain; charset="UTF-8" As an update, the problem happened again, this time taking out relayd on the backup and primary firewalls almost simultaneously. Additionally, pfctl -f /etc/pf.conf also now fails on tables, due to memory complaints. I've updated the bug report with vmstat and other information, but am kind of stuck at the moment. On Fri, Nov 12, 2021 at 9:59 AM John Jasen wrote: > I wanted to make the pf community aware of this issue: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259798 > --000000000000464aaf05d1151d9e-- From nobody Sun Nov 21 21:00:56 2021 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C74DF18A94A6 for ; Sun, 21 Nov 2021 21:00:57 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hy2qs1x6Nz3QdT for ; Sun, 21 Nov 2021 21:00:57 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CE2681647B for ; Sun, 21 Nov 2021 21:00:56 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1ALL0uoJ070069 for ; Sun, 21 Nov 2021 21:00:56 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1ALL0ukO070068 for pf@FreeBSD.org; Sun, 21 Nov 2021 21:00:56 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202111212100.1ALL0ukO070068@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 21 Nov 2021 21:00:56 +0000 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="16375284566.E52C01.67989" Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: Y --16375284566.E52C01.67989 Date: Sun, 21 Nov 2021 21:00:56 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 237973 | pf: implement egress keyword to simplify rules ac 1 problems total for which you should take action. --16375284566.E52C01.67989-- From nobody Sun Nov 28 19:06:21 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 32ACF18B950F for ; Sun, 28 Nov 2021 19:06:39 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J2Hyk2VJBz3NmK for ; Sun, 28 Nov 2021 19:06:38 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x92e.google.com with SMTP id p37so29432546uae.8 for ; Sun, 28 Nov 2021 11:06:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=pDDTt1E0ROK2hkiegQJet4i76/WGc0VwU9qiJCdW2qE=; b=c3ZU0eZk8xZam/Jo/B9kMX9hUlNRsQ1r38Yw88nXOA9RElHMcgPaE+sqixzxvJmoky IAcHRRDt/Ubx/ThrMEbKBEWi0hKntoYZ8g/lXBOkcTPV0pouP2OtAw+CtUq3cQMkMPu9 Dpenbu6HyN2cCSrSYNoWbT/8jnLCEN43dUGFxzhh7TuuIUzkgEu5gTVVzz/Vs8TOqAAl XXV7G7pIpMR/NjyW41Cc0UnkOuUIm8anEEwMQA8oNixHYCNEdCdT1FPRZgr5QDv6xeyP 5YI0yUN1YLCIKK2vyQDJznlOWnw6s+rpODkpXimiTkxsdeom+g4z6cyG7qlQQPukzDuY bPuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pDDTt1E0ROK2hkiegQJet4i76/WGc0VwU9qiJCdW2qE=; b=MtNtg+MY8Ix3eC9pwh95gnssTImARTRelAIIKQ9nTBTxoVJBFTT+b0FcReEZAmt+Xn f316XJ4c1NTGUDT7+jb3rQB296bKmAyCR6OQ7WuddmRJ7vmPhJeCid7S9z4rle3GORq5 2PijRtpy9MgkD+x4lpio/scSe714JVSluQjuT3KLky9uRAvBlNqs85nlX6GPQMHDJkyX Dc34Z1xNiomZ3ANZYrqhCYeQmAfwZeMrNd8DqFqY/7bytO8KxUThUR+OoOVWBHlgQPyY 8HuazH2yFt6AhGTzT6cYzyzDd9/oiDJBMW9S3gA1EYfWrQqHFrC6Fz3X80GGsk+/sCZM 822g== X-Gm-Message-State: AOAM532+fPiR/2beffYkQ5de2CU6PFgfJTlY1FDgfiqZ/nGAFHal+0T0 LIDRjugQvRxQFXs3IfNvr9h93ABQnVz+o4jYxUaL4KqK X-Google-Smtp-Source: ABdhPJyorrdxLg3UqdImA/DAKn4V8ybUnK7jkiVjhzDC1aPGKjNGcdkqalJdv1LrCmL3qAH21WGxZzY6swdAwZpgc0E= X-Received: by 2002:a05:6102:548f:: with SMTP id bk15mr28606430vsb.31.1638126391774; Sun, 28 Nov 2021 11:06:31 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Sun, 28 Nov 2021 22:06:21 +0300 Message-ID: Subject: Logging NAT translations and correlating nat & rule logs To: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4J2Hyk2VJBz3NmK X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=c3ZU0eZk; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::92e as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::92e:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Hi, I'm trying to log NAT, BINAT, RDR translations. But the "nat log on ...." statement only logs the packets after translation is done. So the information before translation is lost. Is there a way to log the translation details ? The other question: how can I correlate nat logs and rule logs for the same packet? Especially, when the pf configured as if-bound, 4 different log could be generated for the same packet: 1st - Nat log on receive interface (in) 2nd - Rule log on receive interface (in) 3rd - Nat log on transmit interface (out) 4th - Rule log on transmit interface (out) I'm looking for a common key for joining these 4 logs. Thank you, Have a nice day From nobody Sun Nov 28 21:00:34 2021 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D387B18A9402 for ; Sun, 28 Nov 2021 21:00:37 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J2LVD2ZQzz4nrL for ; Sun, 28 Nov 2021 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 94CEF160BB for ; Sun, 28 Nov 2021 21:00:34 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1ASL0YZ8055158 for ; Sun, 28 Nov 2021 21:00:34 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1ASL0YaD055157 for pf@FreeBSD.org; Sun, 28 Nov 2021 21:00:34 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202111282100.1ASL0YaD055157@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 28 Nov 2021 21:00:34 +0000 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="16381332343.06466ae6b.53622" Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1638133237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vSS/4Qh1UbWkngGh+GwV3bRvNzvqsCK6wme3akUKVDQ=; b=YSuuUwL6+wdMqPe1ONpNEd/B0E3OsMW13FpvI7HEixVy3Le1cTGkBvQUMrTDNNizyjHPyY XiTQGGugdwqSrr7/v2T53qUpBhHn8gaXoKN2VUn3lExgJVT5Jm4fulwIu66jdMDgOLeqt/ EdRSYdigBf/Lla4blwuS2lz4MXWMxYGkAPdulkVwb2hlnwzkIXJsNs7AWOzM+wdJM6ZYKN YEnyQEA9tMpugjB3BF2Ylsqz/T+8dAMrPUKxqzB/eodyziMQusJJVSCabj1Pm3ujsKumkD DlEX+yk7/q3Wx0QnvlKMhK3c9ftIAWMLvSC3k92Y5RvM8Kz8Ge4SLspaCSid6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638133237; a=rsa-sha256; cv=none; b=lZj97IW8x4g6re75iOvEtiKWYFt1lJhrNt7ftjb55EMj+HhWASmHciH/WO6bxu0HkIo0SA aUSLArh+f1O6MkcAVjH+cGyGHqoBfLWKNckskb70lq3CcnypZsUrfm6howb6+yEU7fx66/ KezTcGhiB2PNdfJjA7zmLwQUa9ZTPKrDlz1hXlE5RPOq5xDdIWQJN17R8+ZakubkaiQLSg fGZTwXaf8WdTSi7XUFq2AqSexqp4ES5qNBwqCpCtEdk1A1GLGusxY1LLe4aQELmmzSU3Kr KPH/ut01gcUvj6bz2dF9HvEa+aHJuU/F09Yob2lZL5qvf8AKJWbug1Cf86ctyg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: Y --16381332343.06466ae6b.53622 Date: Sun, 28 Nov 2021 21:00:34 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 237973 | pf: implement egress keyword to simplify rules ac 1 problems total for which you should take action. --16381332343.06466ae6b.53622-- From nobody Wed Dec 1 04:59:42 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3C16918ADA03 for ; Wed, 1 Dec 2021 05:00:01 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J3n2S41yyz4R13; Wed, 1 Dec 2021 05:00:00 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x935.google.com with SMTP id i6so46299401uae.6; Tue, 30 Nov 2021 21:00:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+SgLBOKiki6f05NwfwICuGEur5/lpWAZnrobo5fH1yI=; b=SUVBU7HKH7IlrSW4sTGags177Ng6rO1aBa7SHcHY3nsMgVhP/MIJ6p5Lu8+fuH++et jwQoBnaNivw9zw97MZkol0Az8pQsz7MtVegF/FMlaE/ixiE8Z8WfP/uJUh/vssNo+sDY Q+gAgv2coeDZRmNJuXf3XvJcM3kLlaLeXF2fq5lQYv+IVOdpl3eue7ve56zhK1nnG36a 0SMzp7Is6I5rgF39FA8dmJgjLld2yHu8lXgkjWBh3/2TXYvD2+9SQt2rgysd97BMrhwF LK0Zl0INq/AUly0ywbp66k6K+i53DwfF844QjPM4yfs6WGV/Kc2NAgZZhbJp7rFHZOGz jXaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+SgLBOKiki6f05NwfwICuGEur5/lpWAZnrobo5fH1yI=; b=R0DEwuwIhbNiZAeVA8H9o8jQrl5O2NUjGEuUbpLXg0kPZG4SUr1+wTvxDYZ0M9//+v xVtoiVY6iCMiIQ85/W4RhwZQPsa+ig3zj01HLpB6kzkLRec4/4lZRSNcAxcbrc4/7pkp FFykpdy4xmAmg1YGsQcKhK+h382g9yduUH79jl+mhDSwp/LY9ER/+Cw5fb6vaBMfQhhV JfdO8yOroja/XQOq3/06C/8rJBbVkVj0ICjaIflYKYu6GE38ZdggsDTlml5NXmKPsIGW DdhGhSQqSXw1Wuj3M7nUKIgUcuFYEHHryc7FkV17dQ5afsnfkGOANvkwTFApa8o+hcgq bx1Q== X-Gm-Message-State: AOAM531KyaADaagud1xlhIB9b1JntxRtCbFC9bezf2zrJPAzz9bV01sa 6iSXrR4w6gGSjI0cbaODR2UP4Ajt0r21Gblf3OWGngevNc4= X-Google-Smtp-Source: ABdhPJyUM0nuM5ztNnJMA0p2lObYBJvoxS8UWQajUektaPs0mU5Y2V/FJC1CquJbZ4vEQvrl8yf0J9c3l0zq7rzUATs= X-Received: by 2002:a67:d508:: with SMTP id l8mr4559573vsj.42.1638334794081; Tue, 30 Nov 2021 20:59:54 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> In-Reply-To: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Wed, 1 Dec 2021 07:59:42 +0300 Message-ID: Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier To: Kristof Provost Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4J3n2S41yyz4R13 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=SUVBU7HK; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::935 as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-3.71 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.71)[-0.711]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::935:from]; NEURAL_HAM_SHORT(-1.00)[-0.998]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Is it possible to make this feature optional (like sysctl). Because tshark/wireshark don't know this header change yet. And even though tcpdump has been patched by this commit, it still cannot parse the packet properly also. I think that because of the pflog header growed, all the tcpdump & libpcap like applications use old pflog header structures so, the other headers are shifted. I'm using stable/12 pulled at 28th November (900ca3c03a4e). The outputs are below: I'm started ping request from client to the pf host. # pfctl -ss -vvvv all icmp 192.168.33.10:12703 <- 192.168.33.1:12703 0:0 age 00:00:04, expires in 00:00:09, 4:4 pkts, 336:336 bytes, anchor 61, r= ule 0 id: ecf8a66100000001 creatorid: 47132d55 gateway: 0.0.0.0 origif: em1 # tcpdump -tttt -lveqni pflog10 tcpdump: listening on pflog10, link-type PFLOG (OpenBSD pflog file), capture size 262144 bytes 2021-12-01 07:49:09.295319 rule 61.final.0/0(match): pass in on em1: IP0 ^C 1 packet captured 1 packet received by filter 0 packets dropped by kernel # tshark -Tjson -ni pflog10 [Capturing on 'pflog10' { "_index": "packets-2021-12-01", "_type": "doc", "_score": null, "_source": { "layers": { "frame": { "frame.interface_id": "0", "frame.interface_id_tree": { "frame.interface_name": "pflog10" }, "frame.encap_type": "39", "frame.time": "Dec 1, 2021 07:49:36.782656168 +03", "frame.offset_shift": "0.000000000", "frame.time_epoch": "1638334176.782656168", "frame.time_delta": "0.000000000", "frame.time_delta_displayed": "0.000000000", "frame.time_relative": "0.000000000", "frame.number": "1", "frame.len": "152", "frame.cap_len": "152", "frame.marked": "0", "frame.ignored": "0", "frame.protocols": "pflog:ip" }, "pflog": { "pflog.length": "68", "pflog.af": "2", "pflog.action": "0", "pflog.reason": "0", "pflog.ifname": "em1", "pflog.ruleset": "final, "pflog.rulenr": "61", "pflog.subrulenr": "0", "pflog.uid": "-1", "pflog.pid": "-1601830656", "pflog.rule_uid": "0", "pflog.rule_pid": "-468385792", "pflog.dir": "1", "pflog.pad": "00:00:00" }, "ip": { "ip.version": "5", "ip.version_tree": { "_ws.expert": { "ip.bogus_ip_version": "", "_ws.expert.message": "Bogus IP version", "_ws.expert.severity": "8388608", "_ws.expert.group": "150994944" } } } } } ^C1 packet captured } ] Best regards, =C3=96zkan On Fri, Nov 26, 2021 at 10:40 PM Kristof Provost wrote: > > The branch stable/12 has been updated by kp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=3D7f944794868f49c59449086a37= 55d72e7f747e41 > > commit 7f944794868f49c59449086a3755d72e7f747e41 > Author: Kristof Provost > AuthorDate: 2021-10-29 15:40:53 +0000 > Commit: Kristof Provost > CommitDate: 2021-11-26 03:49:02 +0000 > > pf: Introduce ridentifier > > Allow users to set a number on rules which will be exposed as part of > the pflog header. > The intent behind this is to allow users to correlate rules across > updates (remember that pf rules continue to exist and match existing > states, even if they're removed from the active ruleset) and pflog. > > Obtained from: pfSense > MFC after: 3 weeks > Sponsored by: Rubicon Communications, LLC ("Netgate") > Differential Revision: https://reviews.freebsd.org/D32750 > > (cherry picked from commit 76c5eecc3490d89a9a3492ed2354802b69d69602) > --- > contrib/tcpdump/print-pflog.c | 7 ++++++- > lib/libpfctl/libpfctl.c | 2 ++ > lib/libpfctl/libpfctl.h | 1 + > sbin/pfctl/parse.y | 14 ++++++++++++++ > sbin/pfctl/pfctl_parser.c | 2 ++ > share/man/man4/pflog.4 | 3 ++- > share/man/man5/pf.conf.5 | 7 ++++++- > sys/net/if_pflog.h | 1 + > sys/net/pfvar.h | 1 + > sys/netpfil/ipfw/nat64/nat64clat.c | 2 +- > sys/netpfil/ipfw/nat64/nat64lsn.c | 2 +- > sys/netpfil/ipfw/nat64/nat64stl.c | 2 +- > sys/netpfil/pf/if_pflog.c | 3 ++- > sys/netpfil/pf/pf_nv.c | 2 ++ > 14 files changed, 42 insertions(+), 7 deletions(-) > > diff --git a/contrib/tcpdump/print-pflog.c b/contrib/tcpdump/print-pflog.= c > index 38201c55ee3f..49994507e728 100644 > --- a/contrib/tcpdump/print-pflog.c > +++ b/contrib/tcpdump/print-pflog.c > @@ -88,10 +88,12 @@ static const struct tok pf_directions[] =3D { > static void > pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr) > { > - uint32_t rulenr, subrulenr; > + uint32_t rulenr, subrulenr, ridentifier; > > rulenr =3D EXTRACT_32BITS(&hdr->rulenr); > subrulenr =3D EXTRACT_32BITS(&hdr->subrulenr); > + ridentifier =3D EXTRACT_32BITS(&hdr->ridentifier); > + > if (subrulenr =3D=3D (uint32_t)-1) > ND_PRINT((ndo, "rule %u/", rulenr)); > else > @@ -102,6 +104,9 @@ pflog_print(netdissect_options *ndo, const struct pfl= oghdr *hdr) > if (hdr->uid !=3D UID_MAX) > ND_PRINT((ndo, " [uid %u]", (unsigned)hdr->uid)); > > + if (ridentifier !=3D 0) > + ND_PRINT((ndo, " [ridentifier %u]", ridentifier)); > + > ND_PRINT((ndo, ": %s %s on %s: ", > tok2str(pf_actions, "unkn(%u)", hdr->action), > tok2str(pf_directions, "unkn(%u)", hdr->dir), > diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c > index c2d57d8136ca..e41f970e7696 100644 > --- a/lib/libpfctl/libpfctl.c > +++ b/lib/libpfctl/libpfctl.c > @@ -455,6 +455,7 @@ pf_nvrule_to_rule(const nvlist_t *nvl, struct pfctl_r= ule *rule) > assert(labelcount <=3D PF_RULE_MAX_LABEL_COUNT); > for (size_t i =3D 0; i < labelcount; i++) > strlcpy(rule->label[i], labels[i], PF_RULE_LABEL_SIZE); > + rule->ridentifier =3D nvlist_get_number(nvl, "ridentifier"); > strlcpy(rule->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ)= ; > strlcpy(rule->qname, nvlist_get_string(nvl, "qname"), PF_QNAME_SI= ZE); > strlcpy(rule->pqname, nvlist_get_string(nvl, "pqname"), PF_QNAME_= SIZE); > @@ -566,6 +567,7 @@ pfctl_add_rule(int dev, const struct pfctl_rule *r, c= onst char *anchor, > r->label[labelcount]); > labelcount++; > } > + nvlist_add_number(nvlr, "ridentifier", r->ridentifier); > > nvlist_add_string(nvlr, "ifname", r->ifname); > nvlist_add_string(nvlr, "qname", r->qname); > diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h > index 70c144772c02..ac239d7cdcb1 100644 > --- a/lib/libpfctl/libpfctl.h > +++ b/lib/libpfctl/libpfctl.h > @@ -81,6 +81,7 @@ struct pfctl_rule { > struct pf_rule_addr dst; > union pf_rule_ptr skip[PF_SKIP_COUNT]; > char label[PF_RULE_MAX_LABEL_COUNT][PF_RULE_L= ABEL_SIZE]; > + u_int32_t ridentifier; > char ifname[IFNAMSIZ]; > char qname[PF_QNAME_SIZE]; > char pqname[PF_QNAME_SIZE]; > diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y > index 2dd0e6b6ff43..f06462bda864 100644 > --- a/sbin/pfctl/parse.y > +++ b/sbin/pfctl/parse.y > @@ -236,6 +236,7 @@ static struct filter_opts { > struct node_icmp *icmpspec; > u_int32_t tos; > u_int32_t prob; > + u_int32_t ridentifier; > struct { > int action; > struct node_state_opt *options; > @@ -260,6 +261,7 @@ static struct filter_opts { > static struct antispoof_opts { > char *label[PF_RULE_MAX_LABEL_COUNT]; > int labelcount; > + u_int32_t ridentifier; > u_int rtableid; > } antispoof_opts; > > @@ -468,6 +470,7 @@ int parseport(char *, struct range *r, int); > %token BITMASK RANDOM SOURCEHASH ROUNDROBIN STATICPORT PROBABILITY MAPEP= ORTSET > %token ALTQ CBQ CODEL PRIQ HFSC FAIRQ BANDWIDTH TBRSIZE LINKSHARE REALTI= ME > %token UPPERLIMIT QUEUE PRIORITY QLIMIT HOGS BUCKETS RTABLE TARGET INTER= VAL > +%token RIDENTIFIER > %token LOAD RULESET_OPTIMIZATION PRIO > %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE > %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY > @@ -915,6 +918,7 @@ anchorrule : ANCHOR anchorname dir quick interface a= f proto fromto > r.af =3D $6; > r.prob =3D $9.prob; > r.rtableid =3D $9.rtableid; > + r.ridentifier =3D $9.ridentifier; > > if ($9.tag) > if (strlcpy(r.tagname, $9.tag, > @@ -1314,6 +1318,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af a= ntispoof_opts { > r.logif =3D $2.logif; > r.quick =3D $2.quick; > r.af =3D $4; > + r.ridentifier =3D $5.ridentifier; > if (rule_label(&r, $5.label)) > YYERROR; > r.rtableid =3D $5.rtableid; > @@ -1366,6 +1371,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af a= ntispoof_opts { > r.logif =3D $2.logif; > r.quick =3D $2.quick; > r.af =3D $4; > + r.ridentifier =3D $5.ridentifier; > if (rule_label(&r, $5.label)) > YYERROR; > r.rtableid =3D $5.rtableid; > @@ -1428,6 +1434,9 @@ antispoof_opt : label { > } > antispoof_opts.label[antispoof_opts.labelcount++]= =3D $1; > } > + | RIDENTIFIER number { > + antispoof_opts.ridentifier =3D $2; > + } > | RTABLE NUMBER { > if ($2 < 0 || $2 > rt_tableid_max()) { > yyerror("invalid rtable id"); > @@ -2143,6 +2152,7 @@ pfrule : action dir logquick interface r= oute af proto fromto > YYERROR; > for (int i =3D 0; i < PF_RULE_MAX_LABEL_COUNT; i+= +) > free($9.label[i]); > + r.ridentifier =3D $9.ridentifier; > r.flags =3D $9.flags.b1; > r.flagset =3D $9.flags.b2; > if (($9.flags.b1 & $9.flags.b2) !=3D $9.flags.b1)= { > @@ -2573,6 +2583,9 @@ filter_opt : USER uids { > filter_opts.keep.action =3D $1.action; > filter_opts.keep.options =3D $1.options; > } > + | RIDENTIFIER number { > + filter_opts.ridentifier =3D $2; > + } > | FRAGMENT { > filter_opts.fragment =3D 1; > } > @@ -5687,6 +5700,7 @@ lookup(char *s) > { "return-icmp", RETURNICMP}, > { "return-icmp6", RETURNICMP6}, > { "return-rst", RETURNRST}, > + { "ridentifier", RIDENTIFIER}, > { "round-robin", ROUNDROBIN}, > { "route", ROUTE}, > { "route-to", ROUTETO}, > diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c > index dc4a2254d733..adf9255f0c84 100644 > --- a/sbin/pfctl/pfctl_parser.c > +++ b/sbin/pfctl/pfctl_parser.c > @@ -1019,6 +1019,8 @@ print_rule(struct pfctl_rule *r, const char *anchor= _call, int verbose, int numer > i =3D 0; > while (r->label[i][0]) > printf(" label \"%s\"", r->label[i++]); > + if (r->ridentifier) > + printf(" ridentifier %u", r->ridentifier); > if (r->qname[0] && r->pqname[0]) > printf(" queue(%s, %s)", r->qname, r->pqname); > else if (r->qname[0]) > diff --git a/share/man/man4/pflog.4 b/share/man/man4/pflog.4 > index 428bb5bd7f26..6269644bc312 100644 > --- a/share/man/man4/pflog.4 > +++ b/share/man/man4/pflog.4 > @@ -25,7 +25,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd May 31, 2007 > +.Dd October 29, 2021 > .Dt PFLOG 4 > .Os > .Sh NAME > @@ -79,6 +79,7 @@ struct pfloghdr { > pid_t rule_pid; > u_int8_t dir; > u_int8_t pad[3]; > + u_int32_t ridentifier; > }; > .Ed > .Sh EXAMPLES > diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 > index f75edb6fcc17..e9ec3467da54 100644 > --- a/share/man/man5/pf.conf.5 > +++ b/share/man/man5/pf.conf.5 > @@ -1868,6 +1868,9 @@ pass in inet proto tcp from any to 1.2.3.5 \e > The macro expansion for the > .Ar label > directive occurs only at configuration file parse time, not during runti= me. > +.It Ar ridentifier Aq Ar number > +Add an identifier (number) to the rule, which can be used to correlate t= he rule > +to pflog entries, even after ruleset updates. > .It Xo Ar queue Aq Ar queue > .No \*(Ba ( Aq Ar queue , > .Aq Ar queue ) > @@ -2970,7 +2973,8 @@ filteropt =3D user | group | flags | icmp-type= | icmp6-type | "tos" tos | > "label" string | "tag" string | [ ! ] "tagged" string | > "set prio" ( number | "(" number [ [ "," ] number ] ")"= ) | > "queue" ( string | "(" string [ [ "," ] string ] ")" ) = | > - "rtable" number | "probability" number"%" | "prio" numb= er > + "rtable" number | "probability" number"%" | "prio" numb= er | > + "ridentifier" number > > nat-rule =3D [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ]= ] > [ "on" ifspec ] [ af ] > @@ -2994,6 +2998,7 @@ rdr-rule =3D [ "no" ] "rdr" [ "pass" [ "log" = [ "(" logopts ")" ] ] ] > > antispoof-rule =3D "antispoof" [ "log" ] [ "quick" ] > "for" ifspec [ af ] [ "label" string ] > + [ "ridentifier" number ] > > table-rule =3D "table" "\*(Lt" string "\*(Gt" [ tableopts-list ] > tableopts-list =3D tableopts-list tableopts | tableopts > diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h > index 5ed341a85d86..c77d8da1440a 100644 > --- a/sys/net/if_pflog.h > +++ b/sys/net/if_pflog.h > @@ -50,6 +50,7 @@ struct pfloghdr { > pid_t rule_pid; > u_int8_t dir; > u_int8_t pad[3]; > + u_int32_t ridentifier; > }; > > #define PFLOG_HDRLEN sizeof(struct pfloghdr) > diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h > index 6f8d79b27133..4c4fc7c65015 100644 > --- a/sys/net/pfvar.h > +++ b/sys/net/pfvar.h > @@ -572,6 +572,7 @@ struct pf_krule { > struct pf_rule_addr dst; > union pf_krule_ptr skip[PF_SKIP_COUNT]; > char label[PF_RULE_MAX_LABEL_COUNT][PF_RULE_L= ABEL_SIZE]; > + uint32_t ridentifier; > char ifname[IFNAMSIZ]; > char qname[PF_QNAME_SIZE]; > char pqname[PF_QNAME_SIZE]; > diff --git a/sys/netpfil/ipfw/nat64/nat64clat.c b/sys/netpfil/ipfw/nat64/= nat64clat.c > index fcc922726d02..c48c68183e08 100644 > --- a/sys/netpfil/ipfw/nat64/nat64clat.c > +++ b/sys/netpfil/ipfw/nat64/nat64clat.c > @@ -71,7 +71,7 @@ nat64clat_log(struct pfloghdr *plog, struct mbuf *m, sa= _family_t family, > static uint32_t pktid =3D 0; > > memset(plog, 0, sizeof(*plog)); > - plog->length =3D PFLOG_REAL_HDRLEN; > + plog->length =3D PFLOG_HDRLEN; > plog->af =3D family; > plog->action =3D PF_NAT; > plog->dir =3D PF_IN; > diff --git a/sys/netpfil/ipfw/nat64/nat64lsn.c b/sys/netpfil/ipfw/nat64/n= at64lsn.c > index ad1b62b07a92..ab77a071bcdb 100644 > --- a/sys/netpfil/ipfw/nat64/nat64lsn.c > +++ b/sys/netpfil/ipfw/nat64/nat64lsn.c > @@ -181,7 +181,7 @@ nat64lsn_log(struct pfloghdr *plog, struct mbuf *m, s= a_family_t family, > { > > memset(plog, 0, sizeof(*plog)); > - plog->length =3D PFLOG_REAL_HDRLEN; > + plog->length =3D PFLOG_HDRLEN; > plog->af =3D family; > plog->action =3D PF_NAT; > plog->dir =3D PF_IN; > diff --git a/sys/netpfil/ipfw/nat64/nat64stl.c b/sys/netpfil/ipfw/nat64/n= at64stl.c > index a150322d1a44..fa7afee44be7 100644 > --- a/sys/netpfil/ipfw/nat64/nat64stl.c > +++ b/sys/netpfil/ipfw/nat64/nat64stl.c > @@ -70,7 +70,7 @@ nat64stl_log(struct pfloghdr *plog, struct mbuf *m, sa_= family_t family, > static uint32_t pktid =3D 0; > > memset(plog, 0, sizeof(*plog)); > - plog->length =3D PFLOG_REAL_HDRLEN; > + plog->length =3D PFLOG_HDRLEN; > plog->af =3D family; > plog->action =3D PF_NAT; > plog->dir =3D PF_IN; > diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c > index 9eb168b9a74f..4853c1301d6f 100644 > --- a/sys/netpfil/pf/if_pflog.c > +++ b/sys/netpfil/pf/if_pflog.c > @@ -215,7 +215,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa= _family_t af, u_int8_t dir, > return (0); > > bzero(&hdr, sizeof(hdr)); > - hdr.length =3D PFLOG_REAL_HDRLEN; > + hdr.length =3D PFLOG_HDRLEN; > hdr.af =3D af; > hdr.action =3D rm->action; > hdr.reason =3D reason; > @@ -231,6 +231,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa= _family_t af, u_int8_t dir, > strlcpy(hdr.ruleset, ruleset->anchor->name, > sizeof(hdr.ruleset)); > } > + hdr.ridentifier =3D htonl(rm->ridentifier); > /* > * XXXGL: we avoid pf_socket_lookup() when we are holding > * state lock, since this leads to unsafe LOR. > diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c > index d53c6fe4b84e..b6676be645d7 100644 > --- a/sys/netpfil/pf/pf_nv.c > +++ b/sys/netpfil/pf/pf_nv.c > @@ -531,6 +531,7 @@ pf_nvrule_to_krule(const nvlist_t *nvl, struct pf_kru= le *rule) > } > } > > + PFNV_CHK(pf_nvuint32_opt(nvl, "ridentifier", &rule->ridentifier, = 0)); > PFNV_CHK(pf_nvstring(nvl, "ifname", rule->ifname, > sizeof(rule->ifname))); > PFNV_CHK(pf_nvstring(nvl, "qname", rule->qname, sizeof(rule->qnam= e))); > @@ -693,6 +694,7 @@ pf_krule_to_nvrule(struct pf_krule *rule) > nvlist_append_string_array(nvl, "labels", rule->label[i])= ; > } > nvlist_add_string(nvl, "label", rule->label[0]); > + nvlist_add_number(nvl, "ridentifier", rule->ridentifier); > nvlist_add_string(nvl, "ifname", rule->ifname); > nvlist_add_string(nvl, "qname", rule->qname); > nvlist_add_string(nvl, "pqname", rule->pqname); > From nobody Wed Dec 1 13:10:35 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8D0F618C45CE for ; Wed, 1 Dec 2021 13:10:44 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4J3zwg3DJ4z3s1c for ; Wed, 1 Dec 2021 13:10:43 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from smtpclient.apple (p200300cd8713f4fc803801c1685adbc8.dip0.t-ipconnect.de [IPv6:2003:cd:8713:f4fc:8038:1c1:685a:dbc8]) by host64.shmhost.net (Postfix) with ESMTPSA id 4J3zwX1DyMzNqZW; Wed, 1 Dec 2021 14:10:36 +0100 (CET) Content-Type: text/plain; charset=utf-8 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Subject: Re: Logging NAT translations and correlating nat & rule logs From: Franco Fichtner In-Reply-To: Date: Wed, 1 Dec 2021 14:10:35 +0100 Cc: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: =?utf-8?Q?=C3=96zkan_KIRIK?= X-Mailer: Apple Mail (2.3654.120.0.1.13) X-Virus-Scanned: clamav-milter 0.103.3 at host64.shmhost.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 4J3zwg3DJ4z3s1c X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of franco@lastsummer.de has no SPF policy when checking 213.239.241.64) smtp.mailfrom=franco@lastsummer.de X-Spamd-Result: default: False [-0.94 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-0.34)[-0.338]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[lastsummer.de]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi =C3=96zkan, > On 28. Nov 2021, at 8:06 PM, =C3=96zkan KIRIK = wrote: >=20 > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on > ...." statement only logs the packets after translation is done. So > the information before translation is lost. > Is there a way to log the translation details ? https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduced to address this but has not been moved to stable/12 or stable/13. I see there is some controversy around patches that made it to stable for less so I'd probably advocate to add this patch as well since it solves a longterm issue with NAT logging visibility. Cheers, Franco From nobody Wed Dec 1 13:15:59 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 86F0A18C7902 for ; Wed, 1 Dec 2021 13:16:01 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4J402n0l20z3vCg; Wed, 1 Dec 2021 13:16:01 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from smtpclient.apple (p200300cd8713f4fc803801c1685adbc8.dip0.t-ipconnect.de [IPv6:2003:cd:8713:f4fc:8038:1c1:685a:dbc8]) by host64.shmhost.net (Postfix) with ESMTPSA id 4J402m1mHqzNqZW; Wed, 1 Dec 2021 14:16:00 +0100 (CET) Content-Type: text/plain; charset=us-ascii List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier From: Franco Fichtner In-Reply-To: Date: Wed, 1 Dec 2021 14:15:59 +0100 Cc: Kristof Provost , freebsd-pf@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> To: =?utf-8?Q?=C3=96zkan_KIRIK?= X-Mailer: Apple Mail (2.3654.120.0.1.13) X-Virus-Scanned: clamav-milter 0.103.3 at host64.shmhost.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 4J402n0l20z3vCg X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi, I wasn't sure if responding is a good idea but basically ridentifier and the 3-labels extension added to pf from the pfSense area are more or less unnecessary cruft and easily worked around the kernel: use the label as a unique identifier and do the rest in userspace... I'm sure not a lot of people care for the state that Netgate puts FreeBSD in (again and again) but for the sake of ABI stability alone it would be nicer to avoid such work in stable areas. Thanks, Franco From nobody Wed Dec 1 13:23:18 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3381518AB283 for ; Wed, 1 Dec 2021 13:23:30 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J40CQ0pm0z4RKh for ; Wed, 1 Dec 2021 13:23:30 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x935.google.com with SMTP id y5so48893652ual.7 for ; Wed, 01 Dec 2021 05:23:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=OVTlO5Axvn4m/AVBB25JnR6Sc3nhaIuNk4X588hfxck=; b=XOoBTgfmZxrEiUIjYcOmag8QKL7FyOp6Z9J1TaXAoWve36VIXtC6iGtyF8GNaO3a/8 sPj8Gny0wutv1jNk3WXEDNLWhJCUH7NI+DK9KSv42v3nqx8cPanpZgbxAbSD/pALs8F/ 4aRfcSleVHIywfl5fzkTXApM73/ztfPtUPVR18P7ZgdQphBXOYG67w0EOs8yJ/RnvgK1 gBBY0DhyXUcH6r1GEL6tILT6DPVFyUnvnSa1zMZGDxjryA1ADIduIDJbca+jACL7Ij8b b2el5HA5ph/9fI95xk1pT982AVQjJp3SInbqU/ylgpDLjlOv/sl/DslaS1fIhgHR4+P0 LRuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=OVTlO5Axvn4m/AVBB25JnR6Sc3nhaIuNk4X588hfxck=; b=bzrrpN4NVq/n7/oW9+MCcTcp1BAbiBfvrmt6FBt+cSkAZeDvWQ+/Ja8Fh2HU0ciMs8 1gS8tmGAuoXcoitqnvgW1DkehxUbTYGB3wpSwmHjtSokXuPM12UgVuDXCVOxAk/rqKpz JCdCVmrIn6WcqPwaleVSEfRqsNlxDQF/pdp/b4Ee74VWqO2JWNvNyziAqnPUJA2ktPph b3IgWMqP+f2QlBM6UAJIc2Aq5AXu6K6aahAnu8xQsUz4aqmtKqIx0ky6ct+aAyW8sTtt nBdqqTvJPfI3e59as4XcVBY3Vn4SjTQ2hgPyRTQ8I5pOofFcOXa9ZaQm+twq7PYvqMaH ALSw== X-Gm-Message-State: AOAM532PbfRlHpyMrZfNJjPRFUo/7vyy9bg3ME+7MXae4XfoOwUcrT+m uEGdlP5muuvW49rdb7/1ib03ffzdgnKju/8qpTKr9V5ZnTo= X-Google-Smtp-Source: ABdhPJwF0vb+Mxf28jPBpevMkcicTW5iNt/1rLTDbw+p6z6BLSKAtinmK5StCupUBhdeQEB/7f+srUONifcAnQtCLTk= X-Received: by 2002:ab0:6eca:: with SMTP id c10mr7766093uav.118.1638365009637; Wed, 01 Dec 2021 05:23:29 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Wed, 1 Dec 2021 16:23:18 +0300 Message-ID: Subject: Re: Logging NAT translations and correlating nat & rule logs To: Franco Fichtner Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4J40CQ0pm0z4RKh X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Thank you Franco, I'll test it On Wed, Dec 1, 2021 at 4:10 PM Franco Fichtner wrote= : > > Hi =C3=96zkan, > > > On 28. Nov 2021, at 8:06 PM, =C3=96zkan KIRIK w= rote: > > > > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on > > ...." statement only logs the packets after translation is done. So > > the information before translation is lost. > > Is there a way to log the translation details ? > > https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduced > to address this but has not been moved to stable/12 or stable/13. > > I see there is some controversy around patches that made it to stable > for less so I'd probably advocate to add this patch as well since it > solves a longterm issue with NAT logging visibility. > > > Cheers, > Franco From nobody Wed Dec 1 20:58:09 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BDF9518C3D8B for ; Wed, 1 Dec 2021 20:58:12 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J4BJ44HjLz4rTw; Wed, 1 Dec 2021 20:58:12 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4696B24E1D; Wed, 1 Dec 2021 20:58:12 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 2CCD3FE0A; Wed, 1 Dec 2021 21:58:10 +0100 (CET) From: "Kristof Provost" To: "=?utf-8?q?=C3=96zkan?= KIRIK" Cc: freebsd-pf@freebsd.org Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier Date: Wed, 01 Dec 2021 21:58:09 +0100 X-Mailer: MailMate (1.13.2r5673) Message-ID: <52E4AB7A-6D27-4B11-ABCD-94BB12D389F4@FreeBSD.org> In-Reply-To: References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_EB7371D3-1194-4826-AE1E-7EC07629AD1A_=" Content-Transfer-Encoding: 8bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1638392292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CUxJtr/aJ+Jl45x9dyQZCIYsUytvZ3oVSMDWI9sgq5A=; b=J6Jl6sOa19i0/rEOiwZ2m/TH0LUgcfjf+UbYIX+tGPHbEF4jjyvA/ZvV5ien6YY/esOaFY 7b+mKiv1wOiyXdrxkvHTuzf1bwlJ8d3EclHCNu9llydV4ZCFtwiPmGIBLSqM1y8XnC8eQZ RusiJdH6l4QHIxR52GVzspmyPvMrTbJkvvZo3o1MRfeyi3d/cwiUmMvTohIGRhmCuYSPTf vWbH1wGGFq8hXxHcWwa502znmROYTbOKEhJVfh4FZyBmNgXn4b44749T1H8+jSWlbQFOTe MZCRRh7Vh/MXFG2cBcqBzVkr4E6CUtTznTOtGPiuAuLUNQqJWL6Xr37eh/r7qA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638392292; a=rsa-sha256; cv=none; b=e2bCHOCkJLhvhBmfpCLNw4E3nOPUWbW3m7Ym60i7flhg2gLOc5J6pMQ5p67wl+yNzZeWHC oX+eaiVUcxSH5kByQ5kdN6v4DUy/f3aE0sZxDR7GUs+bo/5UraLklSbjpHnTfesVPkP54L 1N6nzdV86e0EngLWw96cSwUxlQtN3Q39Jz9yf1njpwxVDTrXXt+Q/nWuM9/7XVTW8oZsPH y8nS/qdpdPRfIEL18TF72Y3JK1dpKpIEZURBuOeG+TqfcI9OGnOSDILUz8gde/NcW+xbjs XW2huAj3Pwy8KNEPjm13m6zwdSa+9qAHc9bt/R6UKH00+bJaZyN4l0BE8NzTaQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: Y --=_MailMate_EB7371D3-1194-4826-AE1E-7EC07629AD1A_= Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit On 1 Dec 2021, at 5:59, Özkan KIRIK wrote: > Because tshark/wireshark don't know this header change yet. > I’ve looked at the Wireshark parser code, and .. well, it’s wrong. It arbitrarily adds 3 bytes to the header length, and that’s not the correct solution. I’m not going to implement kernel workarounds for application bugs. > And even though tcpdump has been patched by this commit, it still > cannot parse the packet properly also. > Try this patch: diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index c77d8da1440a..93a69a2bb3a5 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -31,6 +31,8 @@ #ifndef _NET_IF_PFLOG_H_ #define _NET_IF_PFLOG_H_ +#include + #define PFLOGIFS_MAX 16 #define PFLOG_RULESET_NAME_SIZE 16 @@ -51,11 +53,13 @@ struct pfloghdr { u_int8_t dir; u_int8_t pad[3]; u_int32_t ridentifier; + u_int8_t reserve; /* Appease broken software like Wireshark. */ + u_int8_t pad2[3]; }; -#define PFLOG_HDRLEN sizeof(struct pfloghdr) +#define PFLOG_HDRLEN BPF_WORDALIGN(offsetof(struct pfloghdr, pad2)) /* minus pad, also used as a signature */ -#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad) +#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad2) #ifdef _KERNEL struct pf_rule; diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c index 4853c1301d6f..5ccdf3a7dd45 100644 --- a/sys/netpfil/pf/if_pflog.c +++ b/sys/netpfil/pf/if_pflog.c @@ -215,7 +215,8 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, return (0); bzero(&hdr, sizeof(hdr)); - hdr.length = PFLOG_HDRLEN; + hdr.length = PFLOG_REAL_HDRLEN; hdr.af = af; hdr.action = rm->action; hdr.reason = reason; It looks like I had assumed that the header was expected to be aligned to 4 bytes, but it’s actually expected to be aligned to sizeof(long). This should fix that. I’ve gone one further and added a dummy field to arrange the updated struct so that Wireshark will work, essentially retaining its incorrect assumption. It really should be fixed as well though. Kristof --=_MailMate_EB7371D3-1194-4826-AE1E-7EC07629AD1A_=-- From nobody Thu Dec 2 03:53:21 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E53DD18B19AB for ; Thu, 2 Dec 2021 03:53:33 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-vk1-xa36.google.com (mail-vk1-xa36.google.com [IPv6:2607:f8b0:4864:20::a36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J4MWK3Jv0z3jNf; Thu, 2 Dec 2021 03:53:33 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-vk1-xa36.google.com with SMTP id 84so17575264vkc.6; Wed, 01 Dec 2021 19:53:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hAQ8MxZucSAet7UfsTFH3pRTXq5KU9efMxYPLbIgjZY=; b=mLVwBVbGHYyfoHMk3O/p6n9fwjVBAWvIScerMATdSa8O1izAkDzcWfytHV87gnGGoD sEy4QEH3twdAYWB2RcRO/vQP0p0eJVOWi6F3rApyEFwBw1g5MCRGaCKrG9hbfAu2IH+Q NokCMVkyNRadMqFkWaKfIteJLXYQbEZnn8ZfoUu+KdoQOVNmF3oXbjn3njnM7MgXbwlp 8gFr6ahwEXniorOmiZfCEmPJt5CCt2J6ZZr0hJanyp5HJ2ktN23FA1Wqag03JujN2QNb lzS9qWO3GxCHxkmJ89D4lHou8O/R+SwxsbrLl+yS6F7knvvOsAy3ESx3exiEFAoByNFR 4AfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hAQ8MxZucSAet7UfsTFH3pRTXq5KU9efMxYPLbIgjZY=; b=l0I/pDcfzJbu5Mggn3/RGKPa2E08mBGH/0oXPsWXc2WifSollwqPdK0TUW3Swy7o9g E7R2CMQ5x2XImWlxZXWbNwDXFT7hYHqfeuy2H7Sh/2YziLJcgMFLwixln8gFkCXRsTv7 WbmhOuJ194v8+JR9oS1RPe9mUUy1sSnIOCbYJbqf9X0Ia9XbKlyJearqRLM6zFX67/1l pQWiyg/X72f0b57TbFBa04CsPK5AOdE+vTPB80aKsRqkFPFQINVZhYINHHN7wO1JXP4R yYKNyr+QEIgfprq2havHGmO1PaxXd1JYWE1xJhtHdjecaSCysRseyMuj79zRCLOTpfQs v9Bw== X-Gm-Message-State: AOAM531+F2cj5RWuU8n85EHotiC4tAa0GfDG1t1HV00CSgFgT/b5UxWy ORYKylVq83kiQeLHtmt9FLTijAb2xfqXArfZx3vHyb9w/48= X-Google-Smtp-Source: ABdhPJzGAOi3uumrBSrtWcQ6HiouoZ+rYZhu68hoQXkrUfmFq37jPWUlzrmq9chaGv2AQv8F4nolGH9AA2ie92Govzw= X-Received: by 2002:a05:6122:b64:: with SMTP id h4mr14252678vkf.21.1638417212327; Wed, 01 Dec 2021 19:53:32 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> <52E4AB7A-6D27-4B11-ABCD-94BB12D389F4@FreeBSD.org> In-Reply-To: <52E4AB7A-6D27-4B11-ABCD-94BB12D389F4@FreeBSD.org> From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Thu, 2 Dec 2021 06:53:21 +0300 Message-ID: Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier To: Kristof Provost Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4J4MWK3Jv0z3jNf X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Thanks, I'll try. On Wed, Dec 1, 2021 at 11:58 PM Kristof Provost wrote: > > On 1 Dec 2021, at 5:59, =C3=96zkan KIRIK wrote: > > Because tshark/wireshark don't know this header change yet. > > I=E2=80=99ve looked at the Wireshark parser code, and .. well, it=E2=80= =99s wrong. It arbitrarily adds 3 bytes to the header length, and that=E2= =80=99s not the correct solution. I=E2=80=99m not going to implement kernel= workarounds for application bugs. > > And even though tcpdump has been patched by this commit, it still > cannot parse the packet properly also. > > Try this patch: > > diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h > index c77d8da1440a..93a69a2bb3a5 100644 > --- a/sys/net/if_pflog.h > +++ b/sys/net/if_pflog.h > @@ -31,6 +31,8 @@ > #ifndef _NET_IF_PFLOG_H_ > #define _NET_IF_PFLOG_H_ > > +#include > + > #define PFLOGIFS_MAX 16 > > #define PFLOG_RULESET_NAME_SIZE 16 > @@ -51,11 +53,13 @@ struct pfloghdr { > u_int8_t dir; > u_int8_t pad[3]; > u_int32_t ridentifier; > + u_int8_t reserve; /* Appease broken software like W= ireshark. */ > + u_int8_t pad2[3]; > }; > > -#define PFLOG_HDRLEN sizeof(struct pfloghdr) > +#define PFLOG_HDRLEN BPF_WORDALIGN(offsetof(struct pfl= oghdr, pad2)) > /* minus pad, also used as a signature */ > -#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad) > +#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad2) > > #ifdef _KERNEL > struct pf_rule; > diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c > index 4853c1301d6f..5ccdf3a7dd45 100644 > --- a/sys/netpfil/pf/if_pflog.c > +++ b/sys/netpfil/pf/if_pflog.c > @@ -215,7 +215,8 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa= _family_t af, u_int8_t dir, > return (0); > > bzero(&hdr, sizeof(hdr)); > - hdr.length =3D PFLOG_HDRLEN; > + hdr.length =3D PFLOG_REAL_HDRLEN; > hdr.af =3D af; > hdr.action =3D rm->action; > hdr.reason =3D reason; > > It looks like I had assumed that the header was expected to be aligned to= 4 bytes, but it=E2=80=99s actually expected to be aligned to sizeof(long).= This should fix that. > > I=E2=80=99ve gone one further and added a dummy field to arrange the upda= ted struct so that Wireshark will work, essentially retaining its incorrect= assumption. It really should be fixed as well though. > > Kristof From nobody Thu Dec 2 04:14:36 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5F49418BD049 for ; Thu, 2 Dec 2021 04:14:48 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J4Mzr0nPvz3qKH; Thu, 2 Dec 2021 04:14:48 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id E910A28AA9; Thu, 2 Dec 2021 04:14:47 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qk1-f180.google.com with SMTP id m186so33454820qkb.4; Wed, 01 Dec 2021 20:14:47 -0800 (PST) X-Gm-Message-State: AOAM533HziXvOSA8b6gx3VbfGaWlbPZ/40KDrB+yPMiJD997tEX90kfi 9Awvx9iOk36J+p5xC4dPnvt//3THzCMhddmK6qQ= X-Google-Smtp-Source: ABdhPJw5Lei+vM+12r+SEgi2n7Ecq0qZK2+PRKL3LGpSsyGgXyHvaDpFV9g2hSqQNkcShJacfKJQTWG+e45WdOXkbmA= X-Received: by 2002:a05:620a:1a92:: with SMTP id bl18mr10504387qkb.488.1638418487455; Wed, 01 Dec 2021 20:14:47 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> In-Reply-To: From: Kyle Evans Date: Wed, 1 Dec 2021 22:14:36 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier To: Franco Fichtner Cc: =?UTF-8?B?w5Z6a2FuIEtJUklL?= , Kristof Provost , freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1638418488; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zOskh+hCNpkXzhmYUGiFFxEQy4wMJ3XeNcL9I3F6nMc=; b=q0ux6c2/qXZIVJ+hUnlOuqUjtcRPr5/5mEBB7iPa6AOW3ouJwNKKaI6DgqmysHaZBcZQmx xkMZ56cSsM5/2GLprOeYa+6ut/CPnStEstcM8SxfV2LXpJEvz8BB3hrNCZhXOTZQRueMeY R0OO5+60reCo1mjiZR+TW6FyURQPk3cM2m/0b7Tk2R75lpi3A29vOXK+oSRFkXZ180Hhp6 fNVtSa4u9NsihNeMptEe7Kj1FQdVWGpzdZ+e7aijEVXbwmttTChctLIAlb8T4ene8ZNB3D LSYf+9WbVt5YTeu6CCZhXYsPcOCzEGaKnt7ibOmmRe28Brtdv5rDwiPsmtuSBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638418488; a=rsa-sha256; cv=none; b=DmlfBSBj1fFA5oePYYEPw68C72Re84yvDZizAO9MNbxijy10VdFkmHsL7DTdhNyR+3Pegx g05Ny17lhTLQT51WU7R+9A9zyXbIN+QH+3GD430dUExIEHALNF6yhwwM43uQJWZuE3YCKk aHMKOOukEh1aKubzEl2Zg0eEP78MZE7V/gFhSJ+FJ2ih0RRnyjEyBvFXXWquHIU1RofO1Q W/Wk2xnPeW4Rc7E2bb3zHzozadlvyweJ4z4VfVbiy/ltVdGHkM7dOkPBNX4hbCl/A2JIhE hfVZ6AkWWPo+VGGdvzcBnmDw9Bomptvb+TsjNXitfUoLpPe5ll4im9x+ynfjGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On Wed, Dec 1, 2021 at 7:16 AM Franco Fichtner wrote: > > Hi, > > I wasn't sure if responding is a good idea but basically ridentifier > and the 3-labels extension added to pf from the pfSense area are more > or less unnecessary cruft and easily worked around the kernel: use the > label as a unique identifier and do the rest in userspace... > > I'm sure not a lot of people care for the state that Netgate puts FreeBSD > in (again and again) but for the sake of ABI stability alone it would be > nicer to avoid such work in stable areas. > Hi Franco, You might have had a valid point here, but I'm afraid it got buried beneath being needlessly antagonistic. I know that you've not had the best relationship with Netgate, but please avoid doing that if you'd like to have a constructive conversation about stuff like this. You can still raise the question of whether a feature has value or not without a lot of what you added there. Thanks, Kyle Evans From nobody Fri Dec 3 06:05:46 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 86A7E18B2F3F for ; Fri, 3 Dec 2021 06:05:58 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J52Pd50mNz4TwN; Fri, 3 Dec 2021 06:05:57 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x935.google.com with SMTP id p2so3435341uad.11; Thu, 02 Dec 2021 22:05:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=dd70BXIQB2x8p4AEVGmZcZZyewl/RwBp60Rc3DYdVD4=; b=XGKkDJO1DIT9OynCDGWK+LDDWHcUyqDda8vCdVRm1VJ3TGO8RczTlY8Jp/yruSHYSe PNNjqvRLBFGQAyOMZml/4Zsmn6WeyTHDKoCsqXpapZSnPP4bQcoHZ12YXkW6m08robUo +ZWoztK33PfdWg1R9pk2SuvputVBQpSa82RULLcs0bzjSgON4v93GnuBPX14thLeVlby Bt4lSB1tWwkiVNcUNGW116mRmJecxBNC+0yZQbjFKFAN2vlP6RFk/ir8iRBMEPA3temr 0qvxRQJCJEPM5AYgqYGOCB1wgXWWohmAmnXMkY1Qmwoab378O92KKoI6SvOaa88EPQVh vuAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=dd70BXIQB2x8p4AEVGmZcZZyewl/RwBp60Rc3DYdVD4=; b=vsQcI9v7LK9duZyP/jLhRW3PCVc3VvVbvYhWoAiTWq9oVlfhg8uY7ka1aIti6gCxhm gyfXV6bvOUiPP0xbrcvEXQTtSwNym6AAr6WN3NV7voZR9aCLpb6FzJF/4uWov1oO3HRM v4wRHfe/PlszHq/vNI/mkfecr1y1Jz2klEjY1Aocr7UW55aAvECh51QckCxfxDHn/Zme g4lUIRHl0THqr+NBGlb0Ht7snp8Ho9w+sG2TlqrLfdiChWkU3LUFenbUwZ218PF2ztCk dkpQnETe1RzmT09qWsEFqAZ2UtD69zXsJS1a+7PSYdngzMKAro0RliclD7IA7blzVU/v wdLQ== X-Gm-Message-State: AOAM530injoA42mwXu3NXgqX9V5narkRJsC8H8xeENYV5kF/DfdJ5hLO CzS0EiEkQzTHAwLIa+ekIWrlcHy4VcGWFlVoAbybSuOH X-Google-Smtp-Source: ABdhPJwzDhLMGw8JpTqClbjhuo10pnG1bnPLP1XIUR8uTpFmPqpRP1CTjQO2c1/JL6U+5fKF0AERzKFo3lyPMkt9ias= X-Received: by 2002:ab0:6eca:: with SMTP id c10mr20905314uav.118.1638511557072; Thu, 02 Dec 2021 22:05:57 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <202111261940.1AQJeGLZ022802@gitrepo.freebsd.org> <52E4AB7A-6D27-4B11-ABCD-94BB12D389F4@FreeBSD.org> In-Reply-To: <52E4AB7A-6D27-4B11-ABCD-94BB12D389F4@FreeBSD.org> From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Fri, 3 Dec 2021 09:05:46 +0300 Message-ID: Subject: Re: git: 7f944794868f - stable/12 - pf: Introduce ridentifier To: Kristof Provost Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4J52Pd50mNz4TwN X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=XGKkDJO1; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::935 as permitted sender) smtp.mailfrom=ozkankirik@gmail.com X-Spamd-Result: default: False [-0.19 / 15.00]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_MEDIUM(0.81)[0.810]; NEURAL_SPAM_SHORT(1.00)[0.997]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::935:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Thank you Kristof. The patch works properly! On Wed, Dec 1, 2021 at 11:58 PM Kristof Provost wrote: > > On 1 Dec 2021, at 5:59, =C3=96zkan KIRIK wrote: > > Because tshark/wireshark don't know this header change yet. > > I=E2=80=99ve looked at the Wireshark parser code, and .. well, it=E2=80= =99s wrong. It arbitrarily adds 3 bytes to the header length, and that=E2= =80=99s not the correct solution. I=E2=80=99m not going to implement kernel= workarounds for application bugs. > > And even though tcpdump has been patched by this commit, it still > cannot parse the packet properly also. > > Try this patch: > > diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h > index c77d8da1440a..93a69a2bb3a5 100644 > --- a/sys/net/if_pflog.h > +++ b/sys/net/if_pflog.h > @@ -31,6 +31,8 @@ > #ifndef _NET_IF_PFLOG_H_ > #define _NET_IF_PFLOG_H_ > > +#include > + > #define PFLOGIFS_MAX 16 > > #define PFLOG_RULESET_NAME_SIZE 16 > @@ -51,11 +53,13 @@ struct pfloghdr { > u_int8_t dir; > u_int8_t pad[3]; > u_int32_t ridentifier; > + u_int8_t reserve; /* Appease broken software like W= ireshark. */ > + u_int8_t pad2[3]; > }; > > -#define PFLOG_HDRLEN sizeof(struct pfloghdr) > +#define PFLOG_HDRLEN BPF_WORDALIGN(offsetof(struct pfl= oghdr, pad2)) > /* minus pad, also used as a signature */ > -#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad) > +#define PFLOG_REAL_HDRLEN offsetof(struct pfloghdr, pad2) > > #ifdef _KERNEL > struct pf_rule; > diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c > index 4853c1301d6f..5ccdf3a7dd45 100644 > --- a/sys/netpfil/pf/if_pflog.c > +++ b/sys/netpfil/pf/if_pflog.c > @@ -215,7 +215,8 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa= _family_t af, u_int8_t dir, > return (0); > > bzero(&hdr, sizeof(hdr)); > - hdr.length =3D PFLOG_HDRLEN; > + hdr.length =3D PFLOG_REAL_HDRLEN; > hdr.af =3D af; > hdr.action =3D rm->action; > hdr.reason =3D reason; > > It looks like I had assumed that the header was expected to be aligned to= 4 bytes, but it=E2=80=99s actually expected to be aligned to sizeof(long).= This should fix that. > > I=E2=80=99ve gone one further and added a dummy field to arrange the upda= ted struct so that Wireshark will work, essentially retaining its incorrect= assumption. It really should be fixed as well though. > > Kristof