net/p5-Netpacket - PFLog.pm

Sun, 24 Sep 2006 16:31:20 -0700 

Hello,

here's a small diff for PFLog.pm in net/p5-NetPacket

the pflog header changed in src/sys/net/if_pflog.h rev 1.12
so PFLog.pm had to be changed accordingly.

The new fields should be documented
(which field is which? rule_uid/pid are the info about the process
that inserted the rule?)


from the cvs log message :
"log two pairs of uid/pid through pflog: the uid/pid of the process that
inserted the rule which causes the logging. secondly, the uid/pid of the
process in case the logged packet is delivered to/from a local socket."


This patch seems to work fine here,  at least i'm able to read $data



--- PFLog.pm.org    Fri Sep 22 00:13:56 2006
+++ PFLog.pm    Sun Sep 24 18:58:06 2006
@@ -58,7 +58,7 @@
use constant DLT_PFLOG => 117;

#  maximum size of the header (in bytes) in the pcap dump
-use constant PFLOG_HDRLEN => 48;
+use constant PFLOG_HDRLEN => 64;

#  packet filter constants (src/sys/net/pfvar.h)
my %PF_DIR = (
@@ -96,8 +96,8 @@
   # [OpenBSD]/src/sys/net/if_pflog.h v1.10
   if (defined $pkt) {
       my ($len, $af, $action, $reason, $ifname, $ruleset, $rulenr,
-           $subrulenr, $dir, $pad, $data) =
-           unpack("CCCCa16a16NNCa3a*", $pkt);
+           $subrulenr, $uid, $pid, $rule_uid, $rule_pid, $dir, $pad, $data) =
+           unpack("CCCCa16a16NNIiIiCa3a*", $pkt);

       #  strip trailing NULs
       $ifname =~ s/\W//g;
@@ -111,6 +111,10 @@
       $self->{ruleset} = $ruleset;
       $self->{rulenr} = $rulenr;
       $self->{subrulenr} = $subrulenr;
+       $self->{uid} = $uid;
+       $self->{pid} = $pid;
+       $self->{rule_uid} = $rule_uid;
+       $self->{rule_pid} = $rule_pid;
       $self->{dir} = $PF_DIR{$dir};
       $self->{pad} = $pad;

@@ -150,9 +154,10 @@

   # based on pfloghdr struct in:
   # [OpenBSD]/src/sys/net/if_pflog.h v1.10
-   my $packet = pack("CCCCa16a16NNCa3a*",
+   my $packet = pack("CCCCa16a16NNIiIiCa3a*",
       $self->{len}. $self->{af}, $action, $reason, $self->{ifname},
       $self->{ruleset}, $self->{rulenr}, $self->{subrulenr},
+       $self->{uid}, $self->{pid}, $self->{rule_uid}, $self->{rule_pid},
       $dir, $self->{pad}, $ip);

   return $packet;
@@ -255,6 +260,15 @@

The rule number in the subruleset that the packet matched. The value
will be 2^32-1 if the packet matched in the main ruleset only.
+
+=item uid
+
+=item pid
+
+=item rule_uid
+
+=item rule_pid
+

=item dir

Reply via email to