Tracing packets passing through PF
Tom Judge
tom at tomjudge.com
Fri Mar 2 10:03:28 UTC 2007
Greg Hennessy wrote:
>> I was wondering if there is any way to trace packets as they pass
>> through PF and possibly even the network stack. If someone could give
>> me some pointers on this it would be greatly appreciated.
>
> A full tcpdump on the ingress and egress interfaces,a bpf filter will find
> the interesting bits for you.
>
>
>
> Greg
>
>
I actually need to see how a packet that the IPSEC code generates is
passes through PF (What rules it is (not) matching etc). At the moment
it seems that it is either a) not passing through pf at all, b) For some
reason not matching the source routing rule.
Is there anyway to see this, possibly by setting debuging to loud (pfctl
-x loud) ?
Tom
More information about the freebsd-pf
mailing list