Date: Thu, 20 Oct 2011 14:40:32 -0400 From: Arnaud Lacombe <lacombar@gmail.com> To: Kevin Wilcox <kevin.wilcox@gmail.com> Cc: net@freebsd.org Subject: Re: Patch to enable our tcpdump to handle CARP Message-ID: <CACqU3MVkO_7DcQwDHUM_tsOEyjbyn8MX%2BwiyyJkuBUetMZEz2g@mail.gmail.com> In-Reply-To: <CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg@mail.gmail.com> References: <00C1A678-1654-40D2-9ADD-1857C2ECCA04@neville-neil.com> <CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, Oct 20, 2011 at 12:12 PM, Kevin Wilcox <kevin.wilcox@gmail.com> wro= te: > On 19 October 2011 16:20, George Neville-Neil <gnn@neville-neil.com> wrot= e: > >> I've been trying to debug CARP problems of late. I noticed that our tcpd= ump didn't have CARP >> support. =A0I took and fixed some code from OpenBSD so that our tcpdump = can work with >> CARP. =A0Unlike OpenBSD you have to specify -T carp to read carp packets= . =A0In their version >> you specify -T VRRP, because they don't like VRRP. =A0I decided that we = should go with >> what most of the industry cares about rather than what OpenBSD cares abo= ut. > > Additionally, Daniel Hartmeier posted a significant patch to > freebsd-questions@ for pf+tcpdump earlier this year that added support > for the pfsync device. I've been using it in production on firewalls > with 125k pps average to track NAT translations for a /17 and it's > been of endless utility since pf doesn't offer the translation logging > you see on some commercial devices. > any URL about the patch in question ? I cannot find anything in the recent archives of freebsd-questions@ Thanks, - Arnaud
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACqU3MVkO_7DcQwDHUM_tsOEyjbyn8MX%2BwiyyJkuBUetMZEz2g>