diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-05-27 17:22:42 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-05-27 17:22:42 +0000 |
| commit | 52f15ebd0a6234e734e9836018c7d762a8611b95 (patch) | |
| tree | a9d35e341a4fd3816c8d9b4e2e74cf0a9ce6dc26 /usr.sbin/tcpdump | |
| parent | defad08c4c507bf81786c828e83404f2604a44db (diff) | |
log two pairs of uid/pid through pflog: the uid/pid of the process that
inserted the rule which causes the logging. secondly, the uid/pid of the
process in case the logged packet is delivered to/from a local socket.
a lookup of the local socket can be forced for logged packets with a new
option, 'log (user)'. make tcpdump print the additional information when
-e and -v is used. note: this changes the pflog header struct, rebuild all
dependancies. ok bob@, henning@.
Diffstat (limited to 'usr.sbin/tcpdump')
| -rw-r--r-- | usr.sbin/tcpdump/print-pflog.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/usr.sbin/tcpdump/print-pflog.c b/usr.sbin/tcpdump/print-pflog.c index 37e261b379b..2f16d51c971 100644 --- a/usr.sbin/tcpdump/print-pflog.c +++ b/usr.sbin/tcpdump/print-pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-pflog.c,v 1.15 2005/03/11 15:54:11 dhartmei Exp $ */ +/* $OpenBSD: print-pflog.c,v 1.16 2005/05/27 17:22:41 dhartmei Exp $ */ /* * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-pflog.c,v 1.15 2005/03/11 15:54:11 dhartmei Exp $ (LBL)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-pflog.c,v 1.16 2005/05/27 17:22:41 dhartmei Exp $ (LBL)"; #endif #include <sys/param.h> @@ -32,6 +32,11 @@ static const char rcsid[] = #include <sys/file.h> #include <sys/ioctl.h> #include <sys/mbuf.h> +#include <sys/proc.h> + +#ifndef NO_PID +#define NO_PID (32766+1) +#endif struct rtentry; #include <net/if.h> @@ -116,6 +121,9 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, printf("/(%s) ", pf_reasons[hdr->reason]); else printf("/(unkn %u) ", (unsigned)hdr->reason); + if (vflag) + printf("[uid %u, pid %u] ", (unsigned)hdr->rule_uid, + (unsigned)hdr->rule_pid); switch (hdr->action) { case PF_SCRUB: @@ -143,6 +151,9 @@ pflog_if_print(u_char *user, const struct pcap_pkthdr *h, printf(" %s on %s: ", hdr->dir == PF_OUT ? "out" : "in", hdr->ifname); + if (vflag && hdr->pid != NO_PID) + printf("[uid %u, pid %u] ", (unsigned)hdr->uid, + (unsigned)hdr->pid); } af = hdr->af; length -= hdrlen; |