The following reply was made to PR kern/122773; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <[email protected]> To: [email protected], [email protected] Cc: Gleb Smirnoff <[email protected]> Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to Date: Mon, 1 Jul 2013 14:42:41 +0200 Hi, I've got the same problem on 9-stable too. pflogd didn't add the good UID value on its pcap. Here is a pflogd packet displayed on wireshark (my user had UID 1001 for this test): No. Time Source Destination Protocol Length Info 1 0.000000 10.2.1.3 10.2.0.67 TCP 124 [pass em0/0] 32186 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 TSval=615127099 TSecr=0 Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) PF Log IPv4 pass on em0 by rule 0 Header Length: 61 Address Family: IPv4 (2) Action: pass (0) Reason: match (0) Interface: em0 Ruleset: Rule Number: 2 Sub Rule Number: 16777216 UID: -385679360 PID: -1601830656 Rule UID: 0 Rule PID: -1990852608 Direction: out (2) Padding: 000000 Internet Protocol Version 4, Src: 10.2.1.3 (10.2.1.3), Dst: 10.2.0.67 (10.2.0.67) Transmission Control Protocol, Src Port: 32186 (32186), Dst Port: ssh (22), Seq: 0, Len: 0 Source port: 32186 (32186) Destination port: ssh (22) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) Window size value: 65535 [Calculated window size: 65535] Checksum: 0xe2c8 [validation disabled] Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps Regards, Olivier _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
