Diffusion FreeBSD src repository 948e8413aba0

pflog: pass the action to pflog directly
948e8413aba0
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pflog: pass the action to pflog directly

If a packet is malformed, it is dropped by pf(4). The rule referenced
in pflog(4) is the default rule. As the default rule is a pass
rule, tcpdump printed "pass" although the packet was actually
dropped. Use the actual action, rather than the rule's action, or an
attempt at guessing the correct action.

Inspired by OpenBSD's 'pflog(4) logs packet dropped by default rule with block.' commit.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Details

Provenance

kp	Authored on Jan 2 2024, 2:52 PM

Parents

rG5f840a1758b4: pf: don't clobber log flag

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG948e8413aba0: pflog: pass the action to pflog directly (authored by kp).Jan 4 2024, 10:08 PM

franco_opnsense.org mentioned this in D47777: pf: NAT rule logs its own NAT action, not PF_PASS.Nov 27 2024, 10:27 AM

Changes (5)

Path

Size

sys/

net/

netpfil/

pf/

rG948e8413aba0

sys/net/if_pflog.h

Loading...

sys/net/pfvar.h

Loading...

sys/netpfil/pf/if_pflog.c

Loading...

sys/netpfil/pf/pf.c

Loading...

sys/netpfil/pf/pf_norm.c

Loading...