Project

General

Profile

Actions

Bug #2122

closed

Todo #2109: pfSense on FreeBSD 10.x

pf log output slightly different in FreeBSD 10

Added by Jim Pingle about 12 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
Start date:
01/20/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

We can collect any issues we find with pf log output being different on FreeBSD 9 here, and the fallout.

First:
The rule number in the log file is showing up differently than it used to:

Jan 20 19:16:37 pfSense pf: 00:00:01.019773 rule 1..16777216/0(match): block in on ovpnc1: (tos 0x0, ttl 64, id 31861, offset 0, flags [none], proto ICMP (1), length 84)
Jan 20 19:16:37 pfSense pf:     10.0.97.1 > 192.168.18.1: ICMP echo request, id 60625, seq 9, length 64

I'm not sure what the 1..16777216/0 is supposed to indicate, but the rule that blocked that traffic was:

@64 block drop in quick on em0 reply-to (em0 192.168.197.2) inet proto icmp all label "USER_RULE: block ping" 
  [ Evaluations: 20        Packets: 1         Bytes: 60          States: 0     ]
  [ Inserted: uid 0 pid 63203 State Creations: 0     ]

(also not sure why block got a reply-to, but that's probably unrelated)

Actions #1

Updated by Jim Pingle about 12 years ago

For the above, when the solution is found, the code to get the rule number is in /etc/inc/filter_log.inc in find_rule_by_number().

We may also want to revisit #1938 and try to collapse the log output into single lines instead of the way pf breaks them up.

Actions #2

Updated by Jim Pingle about 12 years ago

  • Parent task set to #2109
Actions #3

Updated by Jim Pingle about 12 years ago

  • Target version changed from 2.1 to 2.2
Actions #4

Updated by Chris Buechler almost 12 years ago

  • Affected Version changed from 2.1 to 2.2
Actions #5

Updated by Renato Botelho over 10 years ago

  • Subject changed from pf log output slightly different in FreeBSD 9 to pf log output slightly different in FreeBSD 10
Actions #6

Updated by Ermal Luçi about 10 years ago

  • Status changed from New to Closed

A different implementation has been performed to not depend on this anymore.

Actions

Also available in: Atom PDF