Patch to enable our tcpdump to handle CARP
Kevin Wilcox
kevin.wilcox at gmail.com
Thu Oct 20 16:37:54 UTC 2011
On 19 October 2011 16:20, George Neville-Neil <gnn at neville-neil.com> wrote:
> I've been trying to debug CARP problems of late. I noticed that our tcpdump didn't have CARP
> support. I took and fixed some code from OpenBSD so that our tcpdump can work with
> CARP. Unlike OpenBSD you have to specify -T carp to read carp packets. In their version
> you specify -T VRRP, because they don't like VRRP. I decided that we should go with
> what most of the industry cares about rather than what OpenBSD cares about.
Additionally, Daniel Hartmeier posted a significant patch to
freebsd-questions@ for pf+tcpdump earlier this year that added support
for the pfsync device. I've been using it in production on firewalls
with 125k pps average to track NAT translations for a /17 and it's
been of endless utility since pf doesn't offer the translation logging
you see on some commercial devices.
kmw
More information about the freebsd-net
mailing list