[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 entries in pflog



On Tue, 2004-01-27 at 11:18, Daniel Hartmeier wrote:
> On Tue, Jan 27, 2004 at 11:03:03AM -0500, Jason Dixon wrote:
> 
> > I'm wondering, though, if PF/pflogd has chosen to represent these
> > addresses in a standard, predictable format, or if it's simply "dumping"
> > the address information as it finds it?  I'm only a Perl hacker, so I'm
> > having a heck of a time matching regex for all the possible IPv6
> > permutations.
> 
> If you mean the text representation (like the string
> "2001:470:1f01:ffff::2b"), that's always in the same format when printed
> by pfctl, as it comes from inet_ntop(3), plus the "/mask" part, which
> can be 0-128 for IPv6.
> 
> The inet_ntop man page also contains a description of the formatting
> rules (like how many digits, all-zero values, etc.), see the section
Yes, that's what I meant.  Unfortunately, it doesn't make it any simpler
than I'd hoped.  :)
A text representation of an IPv6 address can still be logged as anything
from "::" to "x:x:x:x:x:x:x:x", as far as I understand.  Is it possible
for a mixed representation ("x:x:x:x:x:x:a.b.c.d") to be logged by PF? 
I guess that would depend on the environment.
Thanks,
-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net