On Wed, May 24, 2017 at 01:02:03PM +0200, Matthias Pitzl wrote: > Just noticed that the messages a tcpdump -nvi pflog0 prints contain [uid > 4294967295, pid 100000]. Cause is a change to NO_PID in sys/proc.h by > guenther@ > which was not synced to tcpdump's print-pflog.c. > The follwoing patch fixes the problem.
Your fix works for me. before: 00:37:11.271988 rule 3.regress.0/(match) [uid 0, pid 3575] pass in on enc0: [uid 4294967295, pid 100000] 10.188.105.17 > 10.188.105.70: icmp: echo request (id:5f25 seq:0) [icmp cksum ok] (ttl 255, id 38526, len 52) after: 02:34:08.067499 rule 3.regress.0/(match) [uid 0, pid 69923] pass in on enc0: 10.188.105.17 > 10.188.105.70: icmp: echo request (id:1871 seq:0) [icmp cksum ok] (ttl 255, id 60226, len 52) OK bluhm@ > > -- Matthias > > Index: print-pflog.c > =================================================================== > RCS file: /usr/src/usr.sbin/tcpdump/print-pflog.c,v > retrieving revision 1.30 > diff -u -p -r1.30 print-pflog.c > --- src/usr.sbin/tcpdump/print-pflog.c 24 Jan 2017 22:40:09 -0000 > 1.30 > +++ src/usr.sbin/tcpdump/print-pflog.c 24 May 2017 08:24:12 -0000 > @@ -30,7 +30,7 @@ > #include <sys/mbuf.h> > > #ifndef NO_PID > -#define NO_PID (32766+1) > +#define NO_PID (99999+1) > #endif > > struct rtentry;
