From owner-freebsd-bugs@FreeBSD.ORG Fri Oct 7 16:00:38 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E246916A41F for ; Fri, 7 Oct 2005 16:00:38 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BCBE43D6D for ; Fri, 7 Oct 2005 16:00:31 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j97G0Uri082761 for ; Fri, 7 Oct 2005 16:00:30 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j97G0Ugk082760; Fri, 7 Oct 2005 16:00:30 GMT (envelope-from gnats) Resent-Date: Fri, 7 Oct 2005 16:00:30 GMT Resent-Message-Id: <200510071600.j97G0Ugk082760@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Vladimir Kotal Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C16316A41F for ; Fri, 7 Oct 2005 15:55:33 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2751A43D46 for ; Fri, 7 Oct 2005 15:55:33 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j97FtW49087144 for ; Fri, 7 Oct 2005 15:55:32 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j97FtW2V087143; Fri, 7 Oct 2005 15:55:32 GMT (envelope-from nobody) Message-Id: <200510071555.j97FtW2V087143@www.freebsd.org> Date: Fri, 7 Oct 2005 15:55:32 GMT From: Vladimir Kotal To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: kern/87074: pf does not log dropped packets when max-* stateful tracking options watermark are reached X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2005 16:00:39 -0000 >Number: 87074 >Category: kern >Synopsis: pf does not log dropped packets when max-* stateful tracking options watermark are reached >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 07 16:00:30 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Vladimir Kotal >Release: 5.4-RELEASE-p7 >Organization: >Environment: Oct 4 16:35:12 CEST 2005 lada@ipfw2.XXX:/usr/home/lada/FreeBSD-src/FreeBSD-5-pfmaxst/src/sys/i386/compile/PFMAXST i386 >Description: pf does not log events when it drops packets because max-* stateful options were reached. In some enviroments it is desirable that administrators are informed about all state overflows per particular rule. >How-To-Repeat: 1. compile FreeBSD 5.x system with pf module 2. load pf module 3. set ruleset containing stateful rules such as pass out quick on fxp0 proto tcp from any to any port = 53 \ flags S/S \ keep state \ ( max-src-states 2, max 6, max-src-nodes 4 ) 4. generate traffic so that one of the stateful options causes packet drops 5. observe pf-related logs Expected behavior: packet drops caused by stateful options should be logged somehow. >Fix: more than one fix is possible: 1. add special logging terminal to pf grammar definition (per stateful option) which would log packets dropped because of this particular option to pflog - too much changes 2. log via kernel printf for misc pf debug level. This can be accomplished by following patch: http://techie.devnull.cz/public/patches/pf.c-logmax.patch >Release-Note: >Audit-Trail: >Unformatted: