Hello, I have been using this patch for a long time. If you apply if_pflog patchs to pf and print-pflog.c to tcpdump you should see label values in log lines.
If you are interested in this patch i can send you its 7.0 version. # tcpdump -nttttveli pflog0 -s 1024 2009-03-12 08:23:22.206866 rule 2336/0(match): pass in on em0: label 70: (tos 0x0, ttl 128, id 1054, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.6.2.4252 > 1.2.3.4.443: S, cksum 0x1480 (correct), 3376786061:3376786061(0) win 65535 <mss 1460,nop,nop,sackOK> Thanks, N. Ersen SISECI http://www.enderunix.org Petersen, Mark yazmış: > Hello, > > I'm trying to find out if it's possible to do IPF like log-tags with pf. > I found an interesting patch here - > http://osdir.com/ml/os.freebsd.devel.pf4freebsd/2006-06/msg00062.html > that enables this. It doesn't appear to have made it into pflog though. > > Is there a way to use this feature? I'd much rather be logging a label > and rule #. I can see if these patches still work with 7 of course. > Has anyone tried this? > > Finally - it appears there are only patches for pf, but if I compile > tcpdump with the pf patches, will it work? What about using mergecap > with this? If I recompile mergecap/tshark would this work? I know I > can just try, but no sense reinventing the wheel if someone else spent > some time trying to do the same. > > Thanks, > Mark > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
