Date: Fri, 27 Sep 2013 16:15:16 +0200 From: Riaan Kruger <riaank@gmail.com> To: freebsd-questions@freebsd.org Subject: tcpdump behavior with netgraph Message-ID: <CABNwDi2PASidCny4fTdub47VT_pXnASgAHLUB4OFXUESnmPTRA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am trying to troubleshoot my netgraph setup. I have a custom node connected to ng_ether's orphan and upper hooks. This node inserts a special ethernet tag into certain UDP broadcast packets going out and strip it coming back in. With tcpdump I see two entries for each packet sent, one without the special ethernet tag and one with it. 1. Is it correct that tcpdump sees the packet twice, and why? According to the following diagram it does not make sense that tcpdump should see it twice: http://people.freebsd.org/~julian/layer2-current.pdf If the system has been running a while some of the UDP broadcast packets are not sent and I only see (with tcpdump) the packet without the special ethernet tag. 2. Is this an indication that the packet gets lost in the netgraph chain? Last question: 3. How can I better/debug troubleshoot what is going on in whole netgraphsubsystem, not just mode netgraph node that I inserted in the chain. Thanks PS. Questions numbered for your convenience :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABNwDi2PASidCny4fTdub47VT_pXnASgAHLUB4OFXUESnmPTRA>