Patch to enable our tcpdump to handle CARP

Kevin Wilcox kevin.wilcox at gmail.com
Thu Oct 20 16:37:54 UTC 2011


On 19 October 2011 16:20, George Neville-Neil <gnn at neville-neil.com> wrote:

> I've been trying to debug CARP problems of late. I noticed that our tcpdump didn't have CARP
> support.  I took and fixed some code from OpenBSD so that our tcpdump can work with
> CARP.  Unlike OpenBSD you have to specify -T carp to read carp packets.  In their version
> you specify -T VRRP, because they don't like VRRP.  I decided that we should go with
> what most of the industry cares about rather than what OpenBSD cares about.

Additionally, Daniel Hartmeier posted a significant patch to
freebsd-questions@ for pf+tcpdump earlier this year that added support
for the pfsync device. I've been using it in production on firewalls
with 125k pps average to track NAT translations for a /17 and it's
been of endless utility since pf doesn't offer the translation logging
you see on some commercial devices.

kmw


More information about the freebsd-net mailing list