On 2025/12/23 23:49, [email protected] wrote:
> pflogd is similar to spamlogd in that the interface
> can be given in daemon_flags but the script assumes
> it will always be pflog0. man pages for pflog(4) and
> pflogd(8) have examples using other interface names.
>
> In -current spamlogd was updated to use getopts to
> peak into daemon_flags to get the interface name.
> This patch updates /etc/rc.d/pflogd to do the same.
I'm unsure about this diff.
The main reason for doing this in rc.d/pflogd would be to allow
symlinking rc.d/pflogd to allow running multiple daemons, but we can't
do that unless pexp is changed to distinguish between them. It would
need to target the [running]/[suspended] subprocess for signals,
which I think is probably ok in itself, but with the way pflogd builds
up the string for setproctitle, it's tricky to build a string in
rc.d/pflogd to reliably match:
setproctitle("[%s] -s %d -i %s -f %s",
suspended ? "suspended" : "running",
cur_snaplen, interface, filename);
- cur_snaplen's value depends on the contents of the pcap log file.
I suppose the interface and filename are enough for a reliable pexp
match (the interface alone is not enough: running multiple pflogd
on the same interface is valid - you might log general packets to
one file and others targetted by a filter to another) if it's
possible to run getopts outside of rc_pre without breaking
other things.
> diff -u pflogd pflogd
> --- pflogd Sun Oct 12 14:32:22 2025 1.3
> +++ pflogd Tue Dec 23 23:29:41 2025
> @@ -9,10 +9,16 @@
> pexp="pflogd: \[priv\]"
> rc_pre() {
> + local _opt pflog=pflog0
btw the diff is mangled for spaces/tabs and can't be applied properly
with patch; depending on mail client this can sometimes be fixed by
writing the diff to a file and loading it into your editor, or piping
through xclip and pasting.
