Bug 87074 - [pf] pf does not log dropped packets when max-* stateful tracking options watermark are reached
Summary: [pf] pf does not log dropped packets when max-* stateful tracking options wat...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 5.4-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-pf (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-07 17:00 UTC by Vladimir Kotal
Modified: 2020-10-28 06:13 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Kotal 2005-10-07 17:00:30 UTC
      pf does not log events when it drops packets because max-* stateful options were reached. In some enviroments it is desirable that administrators are informed about all state overflows per particular rule.

Fix: 

more than one fix is possible:

1. add special logging terminal to pf grammar definition (per stateful option) which would log packets dropped because of this particular option to pflog
  - too much changes
2. log via kernel printf for misc pf debug level. This can be accomplished by following patch:
  http://techie.devnull.cz/public/patches/pf.c-logmax.patch
How-To-Repeat: 1. compile FreeBSD 5.x system with pf module
2. load pf module
3. set ruleset containing stateful rules such as

pass out quick on fxp0 proto tcp from any to any port = 53 \
        flags S/S \
        keep state \
        ( max-src-states 2, max 6, max-src-nodes 4 )

4. generate traffic so that one of the stateful options causes packet drops
5. observe pf-related logs


Expected behavior:
packet drops caused by stateful options should be logged somehow.
Comment 1 Gleb Smirnoff freebsd_committer 2005-10-23 10:20:59 UTC
Responsible Changed
From-To: freebsd-bugs->mlaier

To pf maintainer.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC
State Changed
From-To: open->open

commit bit has been taken in for safekeeping. 


Comment 3 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC
Responsible Changed
From-To: mlaier->freebsd-pf
Comment 4 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:02 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped