d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tcpdump: Log uid on pflog interfaces

Browse Source 
If pf logs the user id ('pass out log (user)') have tcpdump also print
this.

Example output:
 00:00:00.000000 rule 0/0(match) [uid 1001]: pass out on vtnet0: (tos 0x0, ttl 64, id 57539, offset 0, flags [none], proto UDP (17), length 55)
    172.16.2.2.18337 > 172.16.2.1.53: [bad udp cksum 0x5c58 -> 0x16e4!] 40222+ A? google.be. (27)

PR:		122773
Differential Revision:	https://reviews.freebsd.org/D17625
This commit is contained in:
kp 2018-10-21 21:17:42 +00:00
parent 221039c91a
commit c607de1f4d
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/tcpdump/print-pflog.c
View File

@ -97,8 +97,12 @@ pflog_print(netdissect_options *ndo, const struct pfloghdr *hdr)
else
ND_PRINT((ndo, "rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr));
ND_PRINT((ndo, "%s: %s %s on %s: ",
tok2str(pf_reasons, "unkn(%u)", hdr->reason),
ND_PRINT((ndo, "%s", tok2str(pf_reasons, "unkn(%u)", hdr->reason)));
if (hdr->uid != UID_MAX)
ND_PRINT((ndo, " [uid %u]", (unsigned)hdr->uid));
ND_PRINT((ndo, ": %s %s on %s: ",
tok2str(pf_actions, "unkn(%u)", hdr->action),
tok2str(pf_directions, "unkn(%u)", hdr->dir),
hdr->ifname));