Date: Mon, 1 Jul 2013 12:50:01 GMT From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: freebsd-pf@FreeBSD.org Subject: Re: kern/122773: [pf] pf doesn' t log uid or pid when configured to Message-ID: <201307011250.r61Co18e009547@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/122773; it has been noted by GNATS. From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: bug-followup@freebsd.org, josh@endries.org Cc: Gleb Smirnoff <glebius@freebsd.org> Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to Date: Mon, 1 Jul 2013 14:42:41 +0200 Hi, I've got the same problem on 9-stable too. pflogd didn't add the good UID value on its pcap. Here is a pflogd packet displayed on wireshark (my user had UID 1001 for this test): No. Time Source Destination Protocol Length Info 1 0.000000 10.2.1.3 10.2.0.67 TCP 124 [pass em0/0] 32186 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 TSval=615127099 TSecr=0 Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) PF Log IPv4 pass on em0 by rule 0 Header Length: 61 Address Family: IPv4 (2) Action: pass (0) Reason: match (0) Interface: em0 Ruleset: Rule Number: 2 Sub Rule Number: 16777216 UID: -385679360 PID: -1601830656 Rule UID: 0 Rule PID: -1990852608 Direction: out (2) Padding: 000000 Internet Protocol Version 4, Src: 10.2.1.3 (10.2.1.3), Dst: 10.2.0.67 (10.2.0.67) Transmission Control Protocol, Src Port: 32186 (32186), Dst Port: ssh (22), Seq: 0, Len: 0 Source port: 32186 (32186) Destination port: ssh (22) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) Window size value: 65535 [Calculated window size: 65535] Checksum: 0xe2c8 [validation disabled] Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps Regards, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307011250.r61Co18e009547>