Project

General

Profile

Bug #2122

Todo #2109: pfSense on FreeBSD 10.x

pf log output slightly different in FreeBSD 10

Added by Jim Pingle over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
Start date:
01/20/2012
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2
Affected Architecture:

Description

We can collect any issues we find with pf log output being different on FreeBSD 9 here, and the fallout.

First:
The rule number in the log file is showing up differently than it used to:

Jan 20 19:16:37 pfSense pf: 00:00:01.019773 rule 1..16777216/0(match): block in on ovpnc1: (tos 0x0, ttl 64, id 31861, offset 0, flags [none], proto ICMP (1), length 84)
Jan 20 19:16:37 pfSense pf:     10.0.97.1 > 192.168.18.1: ICMP echo request, id 60625, seq 9, length 64

I'm not sure what the 1..16777216/0 is supposed to indicate, but the rule that blocked that traffic was:

@64 block drop in quick on em0 reply-to (em0 192.168.197.2) inet proto icmp all label "USER_RULE: block ping" 
  [ Evaluations: 20        Packets: 1         Bytes: 60          States: 0     ]
  [ Inserted: uid 0 pid 63203 State Creations: 0     ]

(also not sure why block got a reply-to, but that's probably unrelated)

Associated revisions

Revision 940ef0e3 (diff)
Added by Jim Pingle over 6 years ago

Fix parsing of the rule number in the pf log on FreeBSD 10.x, part of Bug #2122

History

#1 Updated by Jim Pingle over 8 years ago

For the above, when the solution is found, the code to get the rule number is in /etc/inc/filter_log.inc in find_rule_by_number().

We may also want to revisit #1938 and try to collapse the log output into single lines instead of the way pf breaks them up.

#2 Updated by Jim Pingle over 8 years ago

  • Parent task set to #2109

#3 Updated by Jim Pingle over 8 years ago

  • Target version changed from 2.1 to 2.2

#4 Updated by Chris Buechler over 8 years ago

  • Affected Version changed from 2.1 to 2.2

#5 Updated by Renato Botelho over 6 years ago

  • Subject changed from pf log output slightly different in FreeBSD 9 to pf log output slightly different in FreeBSD 10

#6 Updated by Ermal Lu├ži over 6 years ago

  • Status changed from New to Closed

A different implementation has been performed to not depend on this anymore.

Also available in: Atom PDF