Date: Tue, 28 Dec 2021 09:57:48 +0300 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com> To: Franco Fichtner <franco@lastsummer.de> Cc: freebsd-pf@freebsd.org Subject: Re: Logging NAT translations and correlating nat & rule logs Message-ID: <CAAcX-AG-3myNw2FTWe=yXE%2Bcan%2BYe3mctbWfx86aMrGXFEvauw@mail.gmail.com> In-Reply-To: <CAAcX-AEnDwo7ZMfKoEm1BG6OM-7_uNDyJWSmOqeKMa=WwMx9=A@mail.gmail.com> References: <CAAcX-AEJ-gc-FWdx_zKS7n8_=n7V98w2Sahvsvu9XLozZP949g@mail.gmail.com> <C3DF6003-A39A-4C23-9AC5-076D44FC2404@lastsummer.de> <CAAcX-AHdUU47s3E4fitCxCWZ%2BhfDfi3fPjGq%2B5sQ7Ff859dKCA@mail.gmail.com> <CAAcX-AEnDwo7ZMfKoEm1BG6OM-7_uNDyJWSmOqeKMa=WwMx9=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And also, rule number and subrulenr information is missing. On Tue, Dec 28, 2021 at 7:50 AM =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wr= ote: > > Hi, > > I've cherry picked 8e496ea1df1 commit to stable/12 on my local branch. > Patch works properly. > But the ruleset section in the pflog header is empty. The anchor name > of rdr rule was not filled into the pflog header. > > I'm also looking for a packet identifier for aggregating the nat and > rule logs of the same traversing packet. > Does it make sense to use ip.id field of ip header within 1 second > time window for aggregating logs ? > > Thanks and regards > > On Wed, Dec 1, 2021 at 4:23 PM =C3=96zkan KIRIK <ozkan.kirik@gmail.com> w= rote: > > > > Thank you Franco, I'll test it > > > > On Wed, Dec 1, 2021 at 4:10 PM Franco Fichtner <franco@lastsummer.de> w= rote: > > > > > > Hi =C3=96zkan, > > > > > > > On 28. Nov 2021, at 8:06 PM, =C3=96zkan KIRIK <ozkan.kirik@gmail.co= m> wrote: > > > > > > > > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on > > > > ...." statement only logs the packets after translation is done. So > > > > the information before translation is lost. > > > > Is there a way to log the translation details ? > > > > > > https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introdu= ced > > > to address this but has not been moved to stable/12 or stable/13. > > > > > > I see there is some controversy around patches that made it to stable > > > for less so I'd probably advocate to add this patch as well since it > > > solves a longterm issue with NAT logging visibility. > > > > > > > > > Cheers, > > > Franco
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AG-3myNw2FTWe=yXE%2Bcan%2BYe3mctbWfx86aMrGXFEvauw>