Project

General

Profile

Actions

Bug #2027

closed

"kip" firewall log parsing bug

Added by Chris Buechler over 12 years ago. Updated about 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Some filter log lines include "kip" in front of the IP and the current parsing code incorrectly shows that as part of the IP.

Thread referencing:
http://forum.pfsense.org/index.php/topic,43273.0/topicseen.html

Log samples:

Nov 25 17:02:18 pf pf: 00:00:00.003617 rule 1/0(match): block in on nfe1: (tos 0x0, ttl 114, id 23147, offset 0, flags [none], proto UDP (17), length 56)
Nov 25 17:02:18 pf pf:     kip 86.162.101.151 > 134.172.125.134: at-#77 15
Nov 25 17:02:19 pf pf: 00:00:00.000235 rule 1/0(match): block in on nfe1: (tos 0x0, ttl 114, id 23237, offset 0, flags [none], proto UDP (17), length 56)
Nov 25 17:02:19 pf pf:     kip 51.162.101.180 > 99.60.125.134: at-#234 15
Nov 25 17:02:20 pf pf: 00:00:00.000011 rule 1/0(match): block in on nfe1: (tos 0x0, ttl 114, id 23319, offset 0, flags [none], proto UDP (17), length 56)
Nov 25 17:02:20 pf pf:     kip 109.162.101.190 > 41.192.125.134: at-#98 15

Actions #1

Updated by Jim Pingle over 12 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle over 12 years ago

Actions #3

Updated by Chris Buechler about 12 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF