Re: Logging NAT translations and correlating nat & rule logs
Date: Tue, 28 Dec 2021 06:57:48 UTC
And also, rule number and subrulenr information is missing. On Tue, Dec 28, 2021 at 7:50 AM Özkan KIRIK <ozkan.kirik@gmail.com> wrote: > > Hi, > > I've cherry picked 8e496ea1df1 commit to stable/12 on my local branch. > Patch works properly. > But the ruleset section in the pflog header is empty. The anchor name > of rdr rule was not filled into the pflog header. > > I'm also looking for a packet identifier for aggregating the nat and > rule logs of the same traversing packet. > Does it make sense to use ip.id field of ip header within 1 second > time window for aggregating logs ? > > Thanks and regards > > On Wed, Dec 1, 2021 at 4:23 PM Özkan KIRIK <ozkan.kirik@gmail.com> wrote: > > > > Thank you Franco, I'll test it > > > > On Wed, Dec 1, 2021 at 4:10 PM Franco Fichtner <franco@lastsummer.de> wrote: > > > > > > Hi Özkan, > > > > > > > On 28. Nov 2021, at 8:06 PM, Özkan KIRIK <ozkan.kirik@gmail.com> wrote: > > > > > > > > I'm trying to log NAT, BINAT, RDR translations. But the "nat log on > > > > ...." statement only logs the packets after translation is done. So > > > > the information before translation is lost. > > > > Is there a way to log the translation details ? > > > > > > https://github.com/freebsd/freebsd-src/commit/8e496ea1df1 was introduced > > > to address this but has not been moved to stable/12 or stable/13. > > > > > > I see there is some controversy around patches that made it to stable > > > for less so I'd probably advocate to add this patch as well since it > > > solves a longterm issue with NAT logging visibility. > > > > > > > > > Cheers, > > > Franco