Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Mar 2007 09:36:11 +0000
From:      Tom Judge <tom@tomjudge.com>
To:        Greg Hennessy <Greg.Hennessy@nviz.net>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Tracing packets passing through PF
Message-ID:  <45E7F00B.6010306@tomjudge.com>
In-Reply-To: <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net>
References:  <45E75454.2060302@tomjudge.com> <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Greg Hennessy wrote:
>> I was wondering if there is any way to trace packets as they pass
>> through PF and possibly even the network stack.  If someone could give
>> me some pointers on this it would be greatly appreciated.
> 
> A full tcpdump on the ingress and egress interfaces,a bpf filter will find
> the interesting bits for you. 
> 
> 
> 
> Greg
> 
> 

I actually need to see how a packet that the IPSEC code generates is 
passes through PF (What rules it is (not) matching etc).  At the moment 
it seems that it is either a) not passing through pf at all, b) For some 
reason not matching the source routing rule.

Is there anyway to see this, possibly by setting debuging to loud (pfctl 
-x loud) ?

Tom



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45E7F00B.6010306>