From owner-freebsd-pf@FreeBSD.ORG Fri May 26 05:52:31 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B505F16A625 for ; Fri, 26 May 2006 05:52:31 +0000 (UTC) (envelope-from wsantee@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D9F543D46 for ; Fri, 26 May 2006 05:52:31 +0000 (GMT) (envelope-from wsantee@gmail.com) Received: by nz-out-0102.google.com with SMTP id l8so370481nzf for ; Thu, 25 May 2006 22:52:30 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=pjtAxyHbWhvf91bCJDa1QDmdFOZsdHhzChKUF+HHOHvy+36lzPuThaKw8J42Vt17doXnjJvv0s1V2naTdg33UqirraCxxNvwhWW7DiF+pxzsVDSjPnnXC1ZlAuWdut/T4a/JkD+uhrQcmkEwt+IiACZ/oRGe0YuXDWzuRg4IGsU= Received: by 10.36.134.14 with SMTP id h14mr238623nzd; Thu, 25 May 2006 22:52:30 -0700 (PDT) Received: from ?10.0.1.3? ( [70.56.74.135]) by mx.gmail.com with ESMTP id 8sm172767nzn.2006.05.25.22.52.29; Thu, 25 May 2006 22:52:30 -0700 (PDT) Message-ID: <447697BE.2080403@gmail.com> Date: Thu, 25 May 2006 22:53:02 -0700 From: Wes Santee User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: pfsync broadcasts without CARP/pfsync enabled X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 05:52:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Greetings! I noticed that in FreeBSD 6.1-RELEASE, I'm seeing a lot of pfsync broadcasts. However, I have neither CARP nor pfsync enabled on the box. Anyone know where these are coming from and how I can stop them? $ tcpdump -n -i ath0 proto pfsync tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 22:40:41.232887 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:41.273770 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:42.232928 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:43.232635 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:44.282448 IP 10.0.0.2 > 0.0.0.0: pfsync 452 22:40:45.291284 IP 10.0.0.2 > 0.0.0.0: pfsync 452 22:40:45.771212 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:46.514065 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:46.517593 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:47.514947 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:48.574785 IP 10.0.0.2 > 0.0.0.0: pfsync 228 22:40:48.919877 IP 10.0.0.2 > 0.0.0.0: pfsync 452 22:40:48.992723 IP 10.0.0.2 > 0.0.0.0: pfsync 900 ^C 13 packets captured 21 packets received by filter 0 packets dropped by kernel I've got 2 interfaces in the box, but it's only happening on ath0 (which is the only wireless NIC). Note that these appear to be pfsync protocol broadcast packets, not pfsync multicast packets. Cheers, - -Wes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRHaXuorq8W17hxGfAQiCpw//QcjjtnI+/v/HFXVo1wO1pFnUK4rcwvk0 bsapBxmadE64ryLEz3uTfsGHRh777OP3owPRSnvVlzo8MMob6Rofj8ZRdBvQZaV2 vinR/lqXi8ZuXIMdiZAqHgAHfRGkLYRFjw71k/Aj+1bbhZh14ty1r7UZ4F3Y8nim cjyFIFs9wgFeddFyffNJKkuhyp2/IYeXu8BRJAhrdVEBnkjKcpTVmbGc/z5IJQkO YB4C/kkCfdUtGv60xwnYAYjDKAXlPAA5svfpmIe8jpSSwIUStBJK70kLdv0PkaWh +QN/G/uDPavYXwlblu3zHMdpemQaz91B4TUT7cGoVinbk/sOisHlWRb+HAHDhhks WejDhyo6QozqcXmzm8TweD95dF0cszEj3uGV/a7BT2pHd6VtwYhvv4veGStOdf01 MZ3UzVPs5QVasa07XID8bGkoTJlXvUn47FmP5OWJU97ys8tg0/8/CVdJ5Uwdo/3m auyxxSeDqAlx8w8reksRXWO68wNre4lj8G35IVNUgSvJhOgl5MrvYvAfhOswvGA+ x2W5e+zQ16pPsUEPxRO8TVJPW2V8EopcZZy1k5FilKa6ZTHM1MlZu9BCM/anApN2 +QomvIWomekXhkUyaCItXKINARAE3zBEQjXUY+RZCJ26NpqiTXEVEiFSbdWuqmWn jCzxlwM35kE= =upDG -----END PGP SIGNATURE-----