From owner-freebsd-pf@FreeBSD.ORG Sun Dec 16 16:21:07 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF6FB16A46B for ; Sun, 16 Dec 2007 16:21:07 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from smtp805.mail.ird.yahoo.com (smtp805.mail.ird.yahoo.com [217.146.188.65]) by mx1.freebsd.org (Postfix) with SMTP id 0B89913C447 for ; Sun, 16 Dec 2007 16:21:06 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: (qmail 21377 invoked from network); 16 Dec 2007 15:54:24 -0000 Received: from unknown (HELO ?192.168.1.2?) (thomasjudge@btinternet.com@86.139.146.42 with plain) by smtp805.mail.ird.yahoo.com with SMTP; 16 Dec 2007 15:54:24 -0000 X-YMail-OSG: vwv9nTQVM1myiwPXjo0O5OiOoXoeTIE0AwJqPLtNK_l99g53 Message-ID: <47654B58.7070500@tomjudge.com> Date: Sun, 16 Dec 2007 15:59:20 +0000 From: Tom Judge User-Agent: Thunderbird 1.5.0.13 (X11/20070824) MIME-Version: 1.0 To: "Bruce M. Simpson" References: <47628E11.7030803@tomjudge.com> <4762AC1E.3030101@FreeBSD.org> <200712142030.14728.max@love2party.net> <4764851F.1000304@FreeBSD.org> In-Reply-To: <4764851F.1000304@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org, freebsd-net Subject: Re: Spurious error from i[pf]_carp X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2007 16:21:07 -0000 Bruce M. Simpson wrote: > Max Laier wrote: >> Alternatively you could change IPPROTO_CARP in netinet/in.h to another >> unused protocol number. This is really the preferred way of dealing >> with mixed CARP and VRRP environments as the CARP packets might in >> turn irritate the VRRP routers, too. >> This seems to make the most sense to me. At this time it seems (in RELENG_6_2 at least) that because the protocol number is shared with VRRP that tcpdump tries to decode the CARP frames as VRRP frames and although the header/frame is very simple this does not provide a useful decoding of the CARP frame. After the protocol number is changed it would be possible to write a proper carp decoder for tcpdump or at least make any existing decoder be able to tell the difference between VRRP and CARP frames. > This sounds like a common use case. Perhaps there is motivation for > making the protocol number used by CARP a loader tunable? > > [I'd really like it if we had a kernel API for adding the virtual MAC > addresses to ifnet too, then again I'd like the cheat for infinite > chocolate fudge sundaes in life, bed and breakfast at The Savoy with my > choice of actress, etc] >> /* no comment */ >> > No disrespect to anyone intended, just that CARP does duplicate the > functionality of VRRP. > Please correct me if I am wrong, from the limited research I have done, carp was born because Cisco made a patent claim (based on its patents for HSRP) against a VRRP implementation. > It's worth reiterating that this is what happens when software patents > are allowed to creep in to the nuts and bolts of the operational > Internet -- and thus, CARP was born, and thus Tom runs into the issue he > has seen. > > later > BMS > Thoughts? Tom