From owner-freebsd-pf@FreeBSD.ORG Tue Mar 31 22:58:46 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E075B456 for ; Tue, 31 Mar 2015 22:58:45 +0000 (UTC) Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A40026B0 for ; Tue, 31 Mar 2015 22:58:45 +0000 (UTC) Received: by igbud6 with SMTP id ud6so32928125igb.1 for ; Tue, 31 Mar 2015 15:58:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cgiXJWopmhiOaaQEJakWW/Zm7Er77KipXNSk+ITj1EQ=; b=F+qC051OdUXNraLBYLSWX0P74Y0Cn3E0zfU3mFN6EWrQ2x3yD/vJR119VoBl0ZPG89 ZWYTmlMBJXGqvm9Wq+cJN2kCR1B89Ytp8NqpnjbU2NB7253FGrwGIEUoAr1zSiD4wuit A0W5f9yEkc7K2ThAB3O2+RdXmRx2tt8CH+mf8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=cgiXJWopmhiOaaQEJakWW/Zm7Er77KipXNSk+ITj1EQ=; b=lJM+G5bgAV88e8VFyHg1RjXY9noECk9uMzGg+IUEjMVRzyNUzyAn9mggk/XeO/PmM2 s5qgRVFlRmtO6Kn0HfKyXRQFtO41GxY7WYp497Ti8Ri7oigIWKPak7VBJLkm4A+4FxfN G69FDn3+Br9hhWzLbbqltcew8o6523WjU9IHU0WqRacZxQXLFSjOsjJITED8XszJYMK4 XKVCcn3GAHPgcf+XSNRZA4H8ElbvpvJXstc5zy8niiPofIHQRMjoiXTdv+vJJpznhvcM Tt0B20JCnHLCyG/rvudD0nkVC/I3a19YRGWkKSb8lxO8ZFDn2bDINRAOqvKRYeLPFUuO tXlA== X-Gm-Message-State: ALoCoQkyGK9yB3LT93lwO5/RMNVPCEII7KLp/TFqJhDA22ADo7VapdLC97lYD5yvwwePM9L8hsst X-Received: by 10.107.47.26 with SMTP id j26mr59017956ioo.36.1427842724372; Tue, 31 Mar 2015 15:58:44 -0700 (PDT) Received: from sentient.dataix.local (107-133-113-194.lightspeed.milwwi.sbcglobal.net. [107.133.113.194]) by mx.google.com with ESMTPSA id q191sm26010ioe.39.2015.03.31.15.58.43 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 31 Mar 2015 15:58:43 -0700 (PDT) Subject: Re: tcpdump of pflog to show pid Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Content-Type: text/plain; charset="utf8"; X-Pgp-Agent: GPGMail 2.5b6 From: Jason Hellenthal In-Reply-To: <86a8ysvous.fsf@gly.ftfl.ca> Date: Tue, 31 Mar 2015 17:58:41 -0500 Content-Transfer-Encoding: 8bit Message-Id: References: <86a8ysvous.fsf@gly.ftfl.ca> To: Joseph Mingrone X-Mailer: Apple Mail (2.2070.6) Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2015 22:58:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Run tcpdump -vvve -i pflog0 ??? on a FreeBSD machine ? Should yield your answer. This isn’t necessarily something to do with tcpdump(8) than it is for the inclusion of pf(4) into the FreeBSD kernel. Specific versions of tcpdump(8) and configured options might yield different results.. try base and ports. On Mar 31, 2015, at 16:28, Joseph Mingrone wrote: Hi, On OpenBSD, a tcpdump of the pflog can show the pid for locally generated traffic. PFLOG(4) sugggests FreeBSD's pflog also records this information. Is that the case? Can FreeBSD's tcpdump show this information? I see a similar question from 2008, but no response. https://lists.freebsd.org/pipermail/freebsd-pf/2008-April/004307.html Joseph - -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellenthal@DataIX.net JJH48-ARIN -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJVGyahAAoJEDLu+wRc4KcIctIIAJbKj3HSFOk4MZdfYMDBpFad cShOti2xIRK728w7SHzevoGx7PvBHcl+8MjqV47NwX30FF7GoWjBQw/Hm0M6TqCP 2FaNuBHWMGRptgGuaNjQ0MMX39Vp2lclNu9anLvU3WlIxQz3gijEQonIeQQie+es TM0u/7YCtY9/YouW4KzBXAEj8TCnfRb+J9uM1Eh7udB6IMM8UFR6fSBLh3u/6Wrn A7Ni2qWNAbmH/jPWx/MPO/PdkwOUwJLIbYKn6mCscBQxTWx3ile0Jiqtom01htag WKl2AkGCZAPhP8cbFFstmKkzKRzkYiPAJiJ4GTNiu6WA4GfLEoSOkxDU8d5BaKM= =rs+o -----END PGP SIGNATURE-----