Date: Thu, 16 Sep 2004 03:53:12 -0000 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: pftcpdump -i pfsync0 problem Message-ID: <20031002082030.GA13156@kt-is.co.kr> In-Reply-To: <20031002035552.GA12179@kt-is.co.kr> References: <52344114099.20031001172350@love2party.net> <3F7B1591.3010803@dequim.ist.utl.pt> <20031002035552.GA12179@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 02, 2003 at 12:55:52PM +0900, To pf4freebsd@freelists.org wro= te: > On Wed, Oct 01, 2003 at 06:57:37PM +0100, Bruno Afonso wrote: > > Max Laier wrote: > >=20 > > > Hello, > > >=20 > > > it seems that we have released version 1.65 too early. There is a= major > > > problem in this version. > > >=20 > > > Here is version 1.66: > > > http://pf4freebsd.love2party.net/pf_freebsd_1.66.tar.gz > > > MD5 (pf_freebsd_1.66.tar.gz) =3D e14526765cb23f2b8ff5fb0cc6bccc8a > > >=20 > > > The port will be updated soon I hope: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D57452 > > >=20 > > > I am really sorry for the discomfort caused! > > >=20 > > No problem. I think I've found a bug though. This has been present = for a=20 > > while, but I haven't remembered to post it to the list: > >=20 > > deq# pftcpdump -s 0 -eni pfsync0 host 10.10.9.1 > > pftcpdump: WARNING: pfsync0: no IPv4 address assigned > > zsh: abort (core dumped) pftcpdump -s 0 -eni pfsync0 host 10.10.9.= 1 > >=20 > Yech! Can you try this one? >=20 > --- ./freebsd_libpcap/gencode.c.ORG Wed Jun 11 19:49:46 2003 > +++ ./freebsd_libpcap/gencode.c Thu Oct 2 12:40:36 2003 > @@ -760,7 +760,7 @@ > =20 > #if defined(DLT_PFSYNC) > case DLT_PFSYNC: > - off_linktype =3D -1; > + off_linktype =3D 0; > off_nl =3D 4; > return; > #endif >=20 > > Isn't it supposed to be possible to use regular tcpdump regular=20 > > expressions? _none_ AFAIK when monitoring pfsync0 :-) > >=20 > Yes. But there is exceptions in that you can't specify any meaningful > expresstions on both pflog and pfsync pseudo devices.(If you do you > don't see any outputs from pftcpdump.) > i.e. You can't specify host or port pairs on these devices. > However you can specify pf-specific expressions such as ifname, rnr, > reulenum, reason, action on pflog. >=20 I'm sorry.(While debugging pfsync's bogus anchor number I was somewhat confused with other things...) pflog can have any expressions you said. pfsync can't. In addition, pflog can accept new expressions ifname, rnr, and reulenum etc. Here is new patch. Please forget my previous patch. --- ./freebsd_libpcap/gencode.c.ORG Wed Jun 11 19:49:46 2003 +++ ./freebsd_libpcap/gencode.c Thu Oct 2 16:56:51 2003 @@ -1440,6 +1440,19 @@ break; #endif =20 +#if defined(DLT_PFSYNC) + case DLT_PFSYNC: + if (proto =3D=3D ETHERTYPE_IP) + return gen_true(); +#ifdef INET6 + else if (proto =3D=3D ETHERTYPE_IPV6) + return gen_true(); +#endif + else + return gen_false(); + break; +#endif + case DLT_ARCNET: /* * XXX should we check for first fragment if the protocol Regards, Pyun YongHyeon --=20 Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031002082030.GA13156>