Date: Fri, 02 Mar 2007 09:36:11 +0000 From: Tom Judge <tom@tomjudge.com> To: Greg Hennessy <Greg.Hennessy@nviz.net> Cc: freebsd-pf@freebsd.org Subject: Re: Tracing packets passing through PF Message-ID: <45E7F00B.6010306@tomjudge.com> In-Reply-To: <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net> References: <45E75454.2060302@tomjudge.com> <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Hennessy wrote: >> I was wondering if there is any way to trace packets as they pass >> through PF and possibly even the network stack. If someone could give >> me some pointers on this it would be greatly appreciated. > > A full tcpdump on the ingress and egress interfaces,a bpf filter will find > the interesting bits for you. > > > > Greg > > I actually need to see how a packet that the IPSEC code generates is passes through PF (What rules it is (not) matching etc). At the moment it seems that it is either a) not passing through pf at all, b) For some reason not matching the source routing rule. Is there anyway to see this, possibly by setting debuging to loud (pfctl -x loud) ? Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45E7F00B.6010306>