projects / freebsd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f840a1) | patch
pflog: pass the action to pflog directly
authorKristof Provost <kp@FreeBSD.org>
Tue, 2 Jan 2024 14:52:39 +0000 (15:52 +0100)
committerKristof Provost <kp@FreeBSD.org>
Thu, 4 Jan 2024 22:08:08 +0000 (23:08 +0100)
commit948e8413aba0ee600ceb563cee048a6ef74a6a2c
tree7758a2dfce54e10b9ccfc64bd814ee48f41247c0tree | snapshot
parent5f840a1758b4bbb4892118f43f40c6487c17aebacommit | diff
pflog: pass the action to pflog directly

If a packet is malformed, it is dropped by pf(4).  The rule referenced
in pflog(4) is the default rule.  As the default rule is a pass
rule, tcpdump printed "pass" although the packet was actually
dropped. Use the actual action, rather than the rule's action, or an
attempt at guessing the correct action.

Inspired by OpenBSD's 'pflog(4) logs packet dropped by default rule with block.' commit.

Sponsored by: Rubicon Communications, LLC ("Netgate")
sys/net/if_pflog.h diff | blob | blame | history
sys/net/pfvar.h diff | blob | blame | history
sys/netpfil/pf/if_pflog.c diff | blob | blame | history
sys/netpfil/pf/pf.c diff | blob | blame | history
sys/netpfil/pf/pf_norm.c diff | blob | blame | history
FreeBSD Project Source