From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 00:18:47 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27CE01065674 for ; Sat, 21 Aug 2010 00:18:47 +0000 (UTC) (envelope-from freebsd@vfemail.net) Received: from vfemail.net (dotsevenfive.vfemail.net [69.11.239.75]) by mx1.freebsd.org (Postfix) with ESMTP id D29F68FC16 for ; Sat, 21 Aug 2010 00:18:46 +0000 (UTC) Received: (qmail 18305 invoked by uid 89); 20 Aug 2010 23:47:54 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with SMTP; 20 Aug 2010 23:47:50 -0000 Received: (qmail 89003 invoked by uid 89); 20 Aug 2010 21:40:02 -0000 Received: from unknown (HELO www-52-2.vfemail.net) (vfemail@172.16.100.52) by FreeQueue with SMTP; 20 Aug 2010 21:40:02 -0000 Received: (qmail 56857 invoked by uid 89); 20 Aug 2010 21:42:09 -0000 Received: by simscan 1.4.0 ppid: 56489, pid: 56836, t: 0.6030s scanners:none Received: from unknown (HELO bofh-x.m0osk.net) (ZnJlZWJzZEB2ZmVtYWlsLm5ldA==@82.3.149.69) by mail.vfemail.net with ESMTPA; 20 Aug 2010 21:42:08 -0000 Message-ID: <4C6EF6A3.1060204@vfemail.net> Date: Fri, 20 Aug 2010 22:41:55 +0100 From: Free BSD User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.9.1.9) Gecko/20100412 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: how to use pflog with lagg device X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 00:18:47 -0000 Dear List members I have a server using two different NICs as a LACP lagg device. as per the /etc/rc.conf file, the configuration is ifconfig_em0="up" ifconfig_re0="up" cloned_interfaces="lagg0" ifconfig_lagg0="laggproto lacp laggport em0 laggport re0" ipv4_addrs_lagg0="192.168.1.3/22" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_program="/sbin/pflogd" pflog_flags="" and the ifconfig says em0: flags=8843 metric 0 mtu 1500 options=219b ether 00:22:19:1d:7b:a8 media: Ethernet autoselect (1000baseT ) status: active re0: flags=8843 metric 0 mtu 1500 options=389b ether 00:22:19:1d:7b:a8 media: Ethernet autoselect (1000baseT ) status: active plip0: flags=8810 metric 0 mtu 1500 pflog0: flags=141 metric 0 mtu 33200 lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 enc0: flags=0<> metric 0 mtu 1536 vboxnet0: flags=8802 metric 0 mtu 1500 ether 0a:00:27:00:00:00 lagg0: flags=8843 metric 0 mtu 1500 options=209b ether 00:22:19:1d:7b:a8 inet 192.168.1.3 netmask 0xfffffc00 broadcast 192.168.3.255 media: Ethernet autoselect status: active laggproto lacp laggport: re0 flags=1c laggport: em0 flags=1c However, if I try to view the log, it says tcpdump -n -e ttt -i pflog0 tcpdump: WARNING: em0: no IPv4 address assigned tcpdump: syntax error I have also tried with -i lagg0, and the same error was generated. I'm not sure if I'm doing something wrong. I went through the FB handbook as much as I could, also googled around -- no luck. Any pointer / suggestion is welcom. Thanks. ------------------------------------------------- This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts - 1GB disk, No bandwidth quotas!