diff options
| author |   dhartmei <dhartmei@openbsd.org> | 2005-05-27 17:22:40 +0000 |
|---|---|---|
| committer | dhartmei <dhartmei@openbsd.org> | 2005-05-27 17:22:40 +0000 |
| commit | a46dc179cbf4766cd5edec69186bfc251f501f31 (patch) | |
| tree | 0849199576169c38cbdd50988f09021fa0e25147 /usr.sbin/tcpdump/print-pflog.c | |
| parent | Add rtm_fmask define to make the (ab)use of rtm_use more obvious. (diff) | |
| download | wireguard-openbsd-a46dc179cbf4766cd5edec69186bfc251f501f31.tar.xz wireguard-openbsd-a46dc179cbf4766cd5edec69186bfc251f501f31.zip | |
log two pairs of uid/pid through pflog: the uid/pid of the process that
inserted the rule which causes the logging. secondly, the uid/pid of the
process in case the logged packet is delivered to/from a local socket.
a lookup of the local socket can be forced for logged packets with a new
option, 'log (user)'. make tcpdump print the additional information when
-e and -v is used. note: this changes the pflog header struct, rebuild all
dependancies. ok bob@, henning@.
Diffstat (limited to 'usr.sbin/tcpdump/print-pflog.c')
| -rw-r--r-- | usr.sbin/tcpdump/print-pflog.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/usr.sbin/tcpdump/print-pflog.c b/usr.sbin/tcpdump/print-pflog.c index 05adf669812..bb6e927fd8a 100644 --- a/usr.sbin/tcpdump/print-pflog.c +++ b/usr.sbin/tcpdump/print-pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-pflog.c,v 1.15 2005/03/11 15:54:11 dhartmei Exp $ */ +/* $OpenBSD: print-pflog.c,v 1.16 2005/05/27 17:22:41 dhartmei Exp $ */ /* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-pflog.c,v 1.15 2005/03/11 15:54:11 dhartmei Exp $ (LBL)"; + "@(#) $Header: /home/cvs/src/usr.sbin/tcpdump/print-pflog.c,v 1.16 2005/05/27 17:22:41 dhartmei Exp $ (LBL)"; #endif #include <sys/param.h> @@ -32,6 +32,11 @@ static const char rcsid[] = #include <sys/file.h> #include <sys/ioctl.h> #include <sys/mbuf.h> +#include <sys/proc.h> + +#ifndef NO_PID +#define NO_PID (32766+1) +#endif struct rtentry; #include <net/if.h> @@ -116,6 +121,9 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, printf("/(%s) ", pf_reasons[hdr->reason]); else printf("/(unkn %u) ", (unsigned)hdr->reason); + if (vflag) + printf("[uid %u, pid %u] ", (unsigned)hdr->rule_uid, + (unsigned)hdr->rule_pid); switch (hdr->action) { case PF_SCRUB: @@ -143,6 +151,9 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, printf(" %s on %s: ", hdr->dir == PF_OUT ? "out" : "in", hdr->ifname); + if (vflag && hdr->pid != NO_PID) + printf("[uid %u, pid %u] ", (unsigned)hdr->uid, + (unsigned)hdr->pid); } af = hdr->af; length -= hdrlen; |