DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th May 2012
apsaras apsaras is offline
New User
 
Join Date: May 2012
Posts: 3
Thanked 0 Times in 0 Posts
Default Logging default altq queue

Hi

I have an OpenBSD 5.1 running as firewall, bgp and traffic shaper. I am using priq and hfsc for shaping the traffic I would like to know if there is any way to debug my configuration in real time and see which packets are passing from each queue.

More specifically I would like to see all packet going through the default queue in order to identify them and put them on the write queue. Ideally I would like to see 0 traffic on the default queue.

I know the log on pf rules but I am looking for a way to identify for example the packet using tcpdump.

Any suggestion?
Reply With Quote
  #2   (View Single Post)  
Old 27th May 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default

Have you tried
Code:
systat queues
?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 27th May 2012
apsaras apsaras is offline
New User
 
Join Date: May 2012
Posts: 3
Thanked 0 Times in 0 Posts
Default

Yes. this just return the statistics of the queues. I want see the actual packets in tcpdump way.
Reply With Quote
  #4   (View Single Post)  
Old 27th May 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,711
Thanked 214 Times in 189 Posts
Default

Queue names are not logged. From pflog(4):
Code:
     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN.  This header documents the address family,
     interface name, rule number, reason, action, and direction of the packet
     that was logged.  This structure, defined in <net/if_pflog.h> looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   uid_t           uid;
                   pid_t           pid;
                   uid_t           rule_uid;
                   pid_t           rule_pid;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PF ALTQ on 3 NIC's magnesik FreeBSD Security 1 13th August 2011 06:18 AM
PF-queue ultranothing OpenBSD Security 3 1st September 2009 05:24 PM
pflog not logging. bsdnewbie999 OpenBSD General 9 13th March 2009 11:19 PM
Webserver email queue Yuka FreeBSD General 5 12th November 2008 12:52 AM
PF w/ ALTQ - Queue errors exceeding bandwidth plexter OpenBSD Security 11 26th October 2008 12:01 AM


All times are GMT. The time now is 09:50 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick