Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Dec 2021 07:50:41 +0300
From:      =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
To:        Franco Fichtner <franco@lastsummer.de>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Logging NAT translations and correlating nat & rule logs
Message-ID:  <CAAcX-AEnDwo7ZMfKoEm1BG6OM-7_uNDyJWSmOqeKMa=WwMx9=A@mail.gmail.com>
In-Reply-To: <CAAcX-AHdUU47s3E4fitCxCWZ%2BhfDfi3fPjGq%2B5sQ7Ff859dKCA@mail.gmail.com>
References:  <CAAcX-AEJ-gc-FWdx_zKS7n8_=n7V98w2Sahvsvu9XLozZP949g@mail.gmail.com> <C3DF6003-A39A-4C23-9AC5-076D44FC2404@lastsummer.de> <CAAcX-AHdUU47s3E4fitCxCWZ%2BhfDfi3fPjGq%2B5sQ7Ff859dKCA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

I've cherry picked 8e496ea1df1 commit to stable/12 on my local branch.
Patch works properly.
But the ruleset section in the pflog header is empty. The anchor name
of rdr rule was not filled into the pflog header.

I'm also looking for a packet identifier for aggregating the nat and
rule logs of the same traversing packet.
Does it make sense to use ip.id field of ip header within 1 second
time window for aggregating logs ?

Thanks and regards

On Wed, Dec 1, 2021 at 4:23 PM =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wro=
te:
>
> Thank you Franco, I'll test it
>
> On Wed, Dec 1, 2021 at 4:10 PM Franco Fichtner <franco@lastsummer.de> wro=
te:
> >
> > Hi =C3=96zkan,
> >
> > > On 28. Nov 2021, at 8:06 PM, =C3=96zkan KIRIK <ozkan.kirik@gmail.com>=
 wrote:
> > >
> > > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on
> > > ...." statement only logs the packets after translation is done. So
> > > the information before translation is lost.
> > > Is there a way to log the translation details ?
> >
> > https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduce=
d
> > to address this but has not been moved to stable/12 or stable/13.
> >
> > I see there is some controversy around patches that made it to stable
> > for less so I'd probably advocate to add this patch as well since it
> > solves a longterm issue with NAT logging visibility.
> >
> >
> > Cheers,
> > Franco

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AEnDwo7ZMfKoEm1BG6OM-7_uNDyJWSmOqeKMa=WwMx9=A>