From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:53:12 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BA9DB16A4CF; Thu, 16 Sep 2004 03:53:12 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 5312 invoked by uid 1005); 2 Oct 2003 07:26:18 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 5309 invoked from network); 2 Oct 2003 07:26:18 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd9e392bf.dip.t-dialin.net with SMTP; 2 Oct 2003 07:26:18 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A4yi8-0005k7-00 for max@vampire.homelinux.org; Thu, 02 Oct 2003 10:21:20 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 1A4yi5-0006AV-00 for max@love2party.net; Thu, 02 Oct 2003 10:21:18 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0CCF6390874; Thu, 2 Oct 2003 03:16:30 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 02 Oct 2003 03:16:23 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) ESMTP id A2C11390C2A for ; Thu, 2 Oct 2003 03:16:22 -0500 (EST) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id h928Kl5G043453 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 2 Oct 2003 17:20:48 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h928KVRB013182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 2 Oct 2003 17:20:31 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h928KUfb013181 for pf4freebsd@freelists.org; Thu, 2 Oct 2003 17:20:30 +0900 (KST) (envelope-from yongari@kt-is.co.kr) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20031002082030.GA13156@kt-is.co.kr> References: <52344114099.20031001172350@love2party.net> <3F7B1591.3010803@dequim.ist.utl.pt> <20031002035552.GA12179@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031002035552.GA12179@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) X-archive-position: 178 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 293 X-Length: 5929 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pftcpdump -i pfsync0 problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:53:12 -0000 X-Original-Date: Thu, 2 Oct 2003 17:20:30 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:53:12 -0000 On Thu, Oct 02, 2003 at 12:55:52PM +0900, To pf4freebsd@freelists.org wro= te: > On Wed, Oct 01, 2003 at 06:57:37PM +0100, Bruno Afonso wrote: > > Max Laier wrote: > >=20 > > > Hello, > > >=20 > > > it seems that we have released version 1.65 too early. There is a= major > > > problem in this version. > > >=20 > > > Here is version 1.66: > > > http://pf4freebsd.love2party.net/pf_freebsd_1.66.tar.gz > > > MD5 (pf_freebsd_1.66.tar.gz) =3D e14526765cb23f2b8ff5fb0cc6bccc8a > > >=20 > > > The port will be updated soon I hope: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D57452 > > >=20 > > > I am really sorry for the discomfort caused! > > >=20 > > No problem. I think I've found a bug though. This has been present = for a=20 > > while, but I haven't remembered to post it to the list: > >=20 > > deq# pftcpdump -s 0 -eni pfsync0 host 10.10.9.1 > > pftcpdump: WARNING: pfsync0: no IPv4 address assigned > > zsh: abort (core dumped) pftcpdump -s 0 -eni pfsync0 host 10.10.9.= 1 > >=20 > Yech! Can you try this one? >=20 > --- ./freebsd_libpcap/gencode.c.ORG Wed Jun 11 19:49:46 2003 > +++ ./freebsd_libpcap/gencode.c Thu Oct 2 12:40:36 2003 > @@ -760,7 +760,7 @@ > =20 > #if defined(DLT_PFSYNC) > case DLT_PFSYNC: > - off_linktype =3D -1; > + off_linktype =3D 0; > off_nl =3D 4; > return; > #endif >=20 > > Isn't it supposed to be possible to use regular tcpdump regular=20 > > expressions? _none_ AFAIK when monitoring pfsync0 :-) > >=20 > Yes. But there is exceptions in that you can't specify any meaningful > expresstions on both pflog and pfsync pseudo devices.(If you do you > don't see any outputs from pftcpdump.) > i.e. You can't specify host or port pairs on these devices. > However you can specify pf-specific expressions such as ifname, rnr, > reulenum, reason, action on pflog. >=20 I'm sorry.(While debugging pfsync's bogus anchor number I was somewhat confused with other things...) pflog can have any expressions you said. pfsync can't. In addition, pflog can accept new expressions ifname, rnr, and reulenum etc. Here is new patch. Please forget my previous patch. --- ./freebsd_libpcap/gencode.c.ORG Wed Jun 11 19:49:46 2003 +++ ./freebsd_libpcap/gencode.c Thu Oct 2 16:56:51 2003 @@ -1440,6 +1440,19 @@ break; #endif =20 +#if defined(DLT_PFSYNC) + case DLT_PFSYNC: + if (proto =3D=3D ETHERTYPE_IP) + return gen_true(); +#ifdef INET6 + else if (proto =3D=3D ETHERTYPE_IPV6) + return gen_true(); +#endif + else + return gen_false(); + break; +#endif + case DLT_ARCNET: /* * XXX should we check for first fragment if the protocol Regards, Pyun YongHyeon --=20 Pyun YongHyeon