From owner-freebsd-net@FreeBSD.ORG  Thu Oct 20 18:40:34 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 553A11065679
	for <net@freebsd.org>; Thu, 20 Oct 2011 18:40:34 +0000 (UTC)
	(envelope-from lacombar@gmail.com)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id DA7268FC1B
	for <net@freebsd.org>; Thu, 20 Oct 2011 18:40:33 +0000 (UTC)
Received: by wyi40 with SMTP id 40so4129532wyi.13
	for <net@freebsd.org>; Thu, 20 Oct 2011 11:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=D80cLT0aJJg0mvRqdw/chiJPOMB858Qkh3jsTVbr4SA=;
	b=UYKE0gdstKEmCvjFnPblZC83N1SZz6u8JR+bFagwFC2bvjYg6Y2clLztnS4nHLRyQw
	td36SzbXJSul38X4E8SdZqzNAvsBYC3DcifFxVrmF2K36IzOr5f5/fpZ9aqmd00mZtcc
	QdtHiEChLUNtY6Cs9E1iFZfKEhcwG4wFOVEYg=
MIME-Version: 1.0
Received: by 10.227.4.74 with SMTP id 10mr314540wbq.49.1319136032629; Thu, 20
	Oct 2011 11:40:32 -0700 (PDT)
Received: by 10.180.103.198 with HTTP; Thu, 20 Oct 2011 11:40:32 -0700 (PDT)
In-Reply-To: <CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg@mail.gmail.com>
References: <00C1A678-1654-40D2-9ADD-1857C2ECCA04@neville-neil.com>
	<CAFpgnrNAMELsJ8g9JxfO-MyZA9iaAyGsgsT5VFi204AyozYXhg@mail.gmail.com>
Date: Thu, 20 Oct 2011 14:40:32 -0400
Message-ID: <CACqU3MVkO_7DcQwDHUM_tsOEyjbyn8MX+wiyyJkuBUetMZEz2g@mail.gmail.com>
From: Arnaud Lacombe <lacombar@gmail.com>
To: Kevin Wilcox <kevin.wilcox@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: net@freebsd.org
Subject: Re: Patch to enable our tcpdump to handle CARP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 18:40:34 -0000

Hi,

On Thu, Oct 20, 2011 at 12:12 PM, Kevin Wilcox <kevin.wilcox@gmail.com> wro=
te:
> On 19 October 2011 16:20, George Neville-Neil <gnn@neville-neil.com> wrot=
e:
>
>> I've been trying to debug CARP problems of late. I noticed that our tcpd=
ump didn't have CARP
>> support. =A0I took and fixed some code from OpenBSD so that our tcpdump =
can work with
>> CARP. =A0Unlike OpenBSD you have to specify -T carp to read carp packets=
. =A0In their version
>> you specify -T VRRP, because they don't like VRRP. =A0I decided that we =
should go with
>> what most of the industry cares about rather than what OpenBSD cares abo=
ut.
>
> Additionally, Daniel Hartmeier posted a significant patch to
> freebsd-questions@ for pf+tcpdump earlier this year that added support
> for the pfsync device. I've been using it in production on firewalls
> with 125k pps average to track NAT translations for a /17 and it's
> been of endless utility since pf doesn't offer the translation logging
> you see on some commercial devices.
>
any URL about the patch in question ? I cannot find anything in the
recent archives of freebsd-questions@

Thanks,
 - Arnaud