From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 14 22:10:03 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0144B1065671 for ; Mon, 14 Apr 2008 22:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D3B708FC1C for ; Mon, 14 Apr 2008 22:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3EMA28K040072 for ; Mon, 14 Apr 2008 22:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3EMA2hA040071; Mon, 14 Apr 2008 22:10:02 GMT (envelope-from gnats) Resent-Date: Mon, 14 Apr 2008 22:10:02 GMT Resent-Message-Id: <200804142210.m3EMA2hA040071@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Josh Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7524C1065673 for ; Mon, 14 Apr 2008 22:04:10 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 656818FC1D for ; Mon, 14 Apr 2008 22:04:10 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3EM43t9029001 for ; Mon, 14 Apr 2008 22:04:03 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m3EM43cJ029000; Mon, 14 Apr 2008 22:04:03 GMT (envelope-from nobody) Message-Id: <200804142204.m3EM43cJ029000@www.freebsd.org> Date: Mon, 14 Apr 2008 22:04:03 GMT From: Josh To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/122773: pf doesn't log uid or pid when configured to X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 22:10:03 -0000 >Number: 122773 >Category: misc >Synopsis: pf doesn't log uid or pid when configured to >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 14 22:10:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Josh >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD www 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Mar 31 15:51:02 EDT 2008 root@:/jails/src/root/usr/obj/jails/src/root/usr/src/sys/ULEMAC amd64 >Description: When pf is configured to log the UID and PID of the process sending traffic, it doesn't. >How-To-Repeat: Configure pf with a rule such as: pass out log (user) quick on $exif inet proto tcp from $exif to any keep state Start pflog (/etc/rc.d/pflog + rcvar), then run "tcpdump -netttvvvi pflog0", which is supposed to display the info. You should get something like (from google): rule 10/(match) [uid 0, pid 1807] block in on fxp0: 85.100.124.74.14464 \ server1.443: [|tcp] (ttl 249, id 65259, len 40, bad cksum 0! differs by f890) But I actually get something like: 044014 rule 17/0(match): pass out on bge0: (tos 0x10, ttl 64, id 11138, \ offset 0, flags [DF], proto TCP (6), length 60) 64.132.211.219.57274 > \ 66.94.234.13.80: [|tcp] Other users on #freebsd@freenode reported the same behavior. >Fix: >Release-Note: >Audit-Trail: >Unformatted: