Hello, here's a small diff for PFLog.pm in net/p5-NetPacket
the pflog header changed in src/sys/net/if_pflog.h rev 1.12 so PFLog.pm had to be changed accordingly. The new fields should be documented (which field is which? rule_uid/pid are the info about the process that inserted the rule?) from the cvs log message : "log two pairs of uid/pid through pflog: the uid/pid of the process that inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket." This patch seems to work fine here, at least i'm able to read $data --- PFLog.pm.org Fri Sep 22 00:13:56 2006 +++ PFLog.pm Sun Sep 24 18:58:06 2006 @@ -58,7 +58,7 @@ use constant DLT_PFLOG => 117; # maximum size of the header (in bytes) in the pcap dump -use constant PFLOG_HDRLEN => 48; +use constant PFLOG_HDRLEN => 64; # packet filter constants (src/sys/net/pfvar.h) my %PF_DIR = ( @@ -96,8 +96,8 @@ # [OpenBSD]/src/sys/net/if_pflog.h v1.10 if (defined $pkt) { my ($len, $af, $action, $reason, $ifname, $ruleset, $rulenr, - $subrulenr, $dir, $pad, $data) = - unpack("CCCCa16a16NNCa3a*", $pkt); + $subrulenr, $uid, $pid, $rule_uid, $rule_pid, $dir, $pad, $data) = + unpack("CCCCa16a16NNIiIiCa3a*", $pkt); # strip trailing NULs $ifname =~ s/\W//g; @@ -111,6 +111,10 @@ $self->{ruleset} = $ruleset; $self->{rulenr} = $rulenr; $self->{subrulenr} = $subrulenr; + $self->{uid} = $uid; + $self->{pid} = $pid; + $self->{rule_uid} = $rule_uid; + $self->{rule_pid} = $rule_pid; $self->{dir} = $PF_DIR{$dir}; $self->{pad} = $pad; @@ -150,9 +154,10 @@ # based on pfloghdr struct in: # [OpenBSD]/src/sys/net/if_pflog.h v1.10 - my $packet = pack("CCCCa16a16NNCa3a*", + my $packet = pack("CCCCa16a16NNIiIiCa3a*", $self->{len}. $self->{af}, $action, $reason, $self->{ifname}, $self->{ruleset}, $self->{rulenr}, $self->{subrulenr}, + $self->{uid}, $self->{pid}, $self->{rule_uid}, $self->{rule_pid}, $dir, $self->{pad}, $ip); return $packet; @@ -255,6 +260,15 @@ The rule number in the subruleset that the packet matched. The value will be 2^32-1 if the packet matched in the main ruleset only. + +=item uid + +=item pid + +=item rule_uid + +=item rule_pid + =item dir