Date: Thu, 20 Oct 2011 12:12:44 -0400 From: Kevin Wilcox <kevin.wilcox@gmail.com> To: George Neville-Neil <gnn@neville-neil.com> Cc: net@freebsd.org Subject: Re: Patch to enable our tcpdump to handle CARP Message-ID: <CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg@mail.gmail.com> In-Reply-To: <00C1A678-1654-40D2-9ADD-1857C2ECCA04@neville-neil.com> References: <00C1A678-1654-40D2-9ADD-1857C2ECCA04@neville-neil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 October 2011 16:20, George Neville-Neil <gnn@neville-neil.com> wrote: > I've been trying to debug CARP problems of late. I noticed that our tcpdu= mp didn't have CARP > support. =C2=A0I took and fixed some code from OpenBSD so that our tcpdum= p can work with > CARP. =C2=A0Unlike OpenBSD you have to specify -T carp to read carp packe= ts. =C2=A0In their version > you specify -T VRRP, because they don't like VRRP. =C2=A0I decided that w= e should go with > what most of the industry cares about rather than what OpenBSD cares abou= t. Additionally, Daniel Hartmeier posted a significant patch to freebsd-questions@ for pf+tcpdump earlier this year that added support for the pfsync device. I've been using it in production on firewalls with 125k pps average to track NAT translations for a /17 and it's been of endless utility since pf doesn't offer the translation logging you see on some commercial devices. kmw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg>