The following reply was made to PR kern/122773; it has been
noted by GNATS.
From: Max Laier <max love2party.net>
To: bug-followupfreebsd.org,
joshendries.org
Cc:
Subject: Re: kern/122773: [pf] pf doesn't log uid or pid
when configured to
Date: Tue, 15 Apr 2008 03:01:18 +0200
--Boundary-00=_e5/AIRcnzajd3D7
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
The problem is twofold:
1) FreeBSD doesn't store the PID for the opening process
in the socket
credentials.
2) tcpdump currently doesn't report uid/pid at all.
The first issue could probably be fixed, but would touch
quite a lot of
things - it's really an industrious task. Feel free to
submit patches ;)
I don't currently have the time to do this.
The second issue can be addressed with the attached patch,
which should
enable you to display the UID. It will report NO_PID
(100000) for
everything as long as 1 isn't fixed, though.
--
Max
--Boundary-00=_e5/AIRcnzajd3D7
Content-Type: text/x-diff;
charset="us-ascii";
name="tcpdump-uid.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="tcpdump-uid.diff"
Index: print-pflog.c
===========================================================
========
RCS file: /home/ncvs/src/contrib/tcpdump/print-pflog.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 print-pflog.c
--- print-pflog.c 16 Oct 2007 02:20:17 -0000 1.1.1.4
+++ print-pflog.c 15 Apr 2008 00:53:58 -0000
-106,6 +106,12
else
printf("rule %u.%s.%u/", rulenr,
hdr->ruleset, subrulenr);
+#ifdef PF_LOG_SOCKET_LOOKUP
+ if (vflag && hdr->uid != UID_MAX)
+ printf("[uid %u, pid %u] ",
(unsigned)hdr->uid,
+ (unsigned)hdr->pid);
+#endif
+
printf("%s: %s %s on %s: ",
tok2str(pf_reasons, "unkn(%u)",
hdr->reason),
tok2str(pf_actions, "unkn(%u)",
hdr->action),
--Boundary-00=_e5/AIRcnzajd3D7--
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
