From owner-freebsd-pf@FreeBSD.ORG  Fri Mar  2 10:03:28 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3D32816A400
	for <freebsd-pf@freebsd.org>; Fri,  2 Mar 2007 10:03:28 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: from s200aog10.obsmtp.com (s200aog10.obsmtp.com [207.126.144.124])
	by mx1.freebsd.org (Postfix) with SMTP id 7C0D313C48E
	for <freebsd-pf@freebsd.org>; Fri,  2 Mar 2007 10:03:27 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: from source ([217.206.187.80]) by eu1sys200aob010.postini.com
	([207.126.147.11]) with SMTP; Fri, 02 Mar 2007 10:03:26 UTC
Received: from [10.0.0.79] (bwb.mintel.co.uk [10.0.0.79])
	by rodney.mintel.co.uk (Postfix) with ESMTP id 37A9918141B;
	Fri,  2 Mar 2007 09:39:34 +0000 (GMT)
Message-ID: <45E7F00B.6010306@tomjudge.com>
Date: Fri, 02 Mar 2007 09:36:11 +0000
From: Tom Judge <tom@tomjudge.com>
User-Agent: Thunderbird 1.5.0.9 (X11/20070104)
MIME-Version: 1.0
To: Greg Hennessy <Greg.Hennessy@nviz.net>
References: <45E75454.2060302@tomjudge.com>
	<000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net>
In-Reply-To: <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: Tracing packets passing through PF
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Mar 2007 10:03:28 -0000

Greg Hennessy wrote:
>> I was wondering if there is any way to trace packets as they pass
>> through PF and possibly even the network stack.  If someone could give
>> me some pointers on this it would be greatly appreciated.
> 
> A full tcpdump on the ingress and egress interfaces,a bpf filter will find
> the interesting bits for you. 
> 
> 
> 
> Greg
> 
> 

I actually need to see how a packet that the IPSEC code generates is 
passes through PF (What rules it is (not) matching etc).  At the moment 
it seems that it is either a) not passing through pf at all, b) For some 
reason not matching the source routing rule.

Is there anyway to see this, possibly by setting debuging to loud (pfctl 
-x loud) ?

Tom