Date: Tue, 11 Jan 2022 20:50:47 +0300 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com> To: freebsd-pf@freebsd.org Subject: pflog: ruleset and subrulenr is missing for nat, rdr, binat Message-ID: <CAAcX-AGaVuK%2BwAC-oQrzVAp3cGOv4a0NDR2TSn8K%2BUGerKh3Ng@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm using FreeBSD stable/12-n234401-66d9cbc5d269: Mon Dec 27 23:27:28 +03 2021.
The ruleset, subrulenr fields are not filled for nat, rdr, binat logs.
The basic test is below:
# pfctl -sn -a portFwd
rdr log (to pflog3) on em0 inet proto tcp from any to 172.16.33.10
port = ssh -> 192.168.33.1 port 22
# tcpdump -leqni pflog3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog3, link-type PFLOG (OpenBSD pflog file), capture
size 262144 bytes
20:40:24.622962 rule 0/0(match): rdr in on em0: 172.16.33.1.33670 >
172.16.33.10.22: tcp 0
# tshark -Tjson -ni pflog3
[Capturing on 'pflog3'
** (tshark:19497) 20:42:08.788099 [Main MESSAGE] -- Capture started.
** (tshark:19497) 20:42:08.788304 [Main MESSAGE] -- File:
"/tmp/wireshark_pflog3HHKDF1.pcapng"
...
"pflog": {
"pflog.length": "69",
"pflog.af": "2",
"pflog.action": "8",
"pflog.reason": "0",
"pflog.ifname": "em0",
"pflog.ruleset": "",
"pflog.rulenr": "0",
"pflog.subrulenr": "-1",
"pflog.uid": "-1",
"pflog.pid": "-1601830656",
"pflog.rule_uid": "0",
"pflog.rule_pid": "-1190985728",
"pflog.dir": "1",
"pflog.pad": "00:00:00"
},
...
Is there any way to fill ruleset and subrulenr fields for nat, binat
and rdr actions ?
Regards
Ozkan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AGaVuK%2BwAC-oQrzVAp3cGOv4a0NDR2TSn8K%2BUGerKh3Ng>