From owner-freebsd-pf@FreeBSD.ORG Mon Jul 1 12:50:02 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0D6FFF5F for ; Mon, 1 Jul 2013 12:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id F1F7B19D9 for ; Mon, 1 Jul 2013 12:50:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r61Co1rw009565 for ; Mon, 1 Jul 2013 12:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r61Co18e009547; Mon, 1 Jul 2013 12:50:01 GMT (envelope-from gnats) Date: Mon, 1 Jul 2013 12:50:01 GMT Message-Id: <201307011250.r61Co18e009547@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org Cc: From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= Subject: Re: kern/122773: [pf] pf doesn' t log uid or pid when configured to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2013 12:50:02 -0000 The following reply was made to PR kern/122773; it has been noted by GNATS. From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= To: bug-followup@freebsd.org, josh@endries.org Cc: Gleb Smirnoff Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to Date: Mon, 1 Jul 2013 14:42:41 +0200 Hi, I've got the same problem on 9-stable too. pflogd didn't add the good UID value on its pcap. Here is a pflogd packet displayed on wireshark (my user had UID 1001 for this test): No. Time Source Destination Protocol Length Info 1 0.000000 10.2.1.3 10.2.0.67 TCP 124 [pass em0/0] 32186 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 TSval=615127099 TSecr=0 Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) PF Log IPv4 pass on em0 by rule 0 Header Length: 61 Address Family: IPv4 (2) Action: pass (0) Reason: match (0) Interface: em0 Ruleset: Rule Number: 2 Sub Rule Number: 16777216 UID: -385679360 PID: -1601830656 Rule UID: 0 Rule PID: -1990852608 Direction: out (2) Padding: 000000 Internet Protocol Version 4, Src: 10.2.1.3 (10.2.1.3), Dst: 10.2.0.67 (10.2.0.67) Transmission Control Protocol, Src Port: 32186 (32186), Dst Port: ssh (22), Seq: 0, Len: 0 Source port: 32186 (32186) Destination port: ssh (22) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) Window size value: 65535 [Calculated window size: 65535] Checksum: 0xe2c8 [validation disabled] Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps Regards, Olivier