Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 03:53:07 -0000
From:      Pyun YongHyeon <yongari@kt-is.co.kr>
To:        pf4freebsd@freelists.org
Subject:   [pf4freebsd] Re: pftcpdump -i pfsync0 problem
Message-ID:  <20031002035552.GA12179@kt-is.co.kr>
In-Reply-To: <3F7B1591.3010803@dequim.ist.utl.pt>
References:  <52344114099.20031001172350@love2party.net> <3F7B1591.3010803@dequim.ist.utl.pt>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Oct 01, 2003 at 06:57:37PM +0100, Bruno Afonso wrote:
 > Max Laier wrote:
 >=20
 > > Hello,
 > >=20
 > > it seems that we have released version 1.65 too early. There is a ma=
jor
 > > problem in this version.
 > >=20
 > > Here is version 1.66:
 > > http://pf4freebsd.love2party.net/pf_freebsd_1.66.tar.gz
 > > MD5 (pf_freebsd_1.66.tar.gz) =3D e14526765cb23f2b8ff5fb0cc6bccc8a
 > >=20
 > > The port will be updated soon I hope:
 > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D57452
 > >=20
 > > I am really sorry for the discomfort caused!
 > >=20
 > No problem. I think I've found a bug though. This has been present for=
 a=20
 > while, but I haven't remembered to post it to the list:
 >=20
 > deq# pftcpdump -s 0 -eni pfsync0 host 10.10.9.1
 > pftcpdump: WARNING: pfsync0: no IPv4 address assigned
 > zsh: abort (core dumped)  pftcpdump -s 0 -eni pfsync0 host 10.10.9.1
 >=20
Yech! Can you try this one?

--- ./freebsd_libpcap/gencode.c.ORG	Wed Jun 11 19:49:46 2003
+++ ./freebsd_libpcap/gencode.c	Thu Oct  2 12:40:36 2003
@@ -760,7 +760,7 @@
=20
 #if defined(DLT_PFSYNC)
 	case DLT_PFSYNC:
-		off_linktype =3D -1;
+		off_linktype =3D 0;
 		off_nl =3D 4;
 		return;
 #endif

 > Isn't it supposed to be possible to use regular tcpdump regular=20
 > expressions? _none_ AFAIK when monitoring pfsync0 :-)
 >=20
Yes. But there is exceptions in that you can't specify any meaningful
expresstions on both pflog and pfsync pseudo devices.(If you do you
don't see any outputs from pftcpdump.)
i.e. You can't specify host or port pairs on these devices.
However you can specify pf-specific expressions such as ifname, rnr,
reulenum, reason, action on pflog.

 > BA
 >=20
 >=20
 >=20

Anyway, thank you very much for your report. I'll cross check
the patch with Max and take care of the problem.

Regards,
Pyun YongHyeon
--=20
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031002035552.GA12179>