On Thu, Mar 27, 2003 at 02:31:00PM -0500, David Powers wrote: [ I was experimenting with a recent build of -current (3/25/2003) ... a tcpdump -vv on both ends showed ... do I just have a bad build of current? ]
this might not be wholly relavant, but i was in a similar boat recently, experimenting with a -current. my difficulty was showing up differently; i had a rule, say : block out log on $ext_if from any to 216.239.35.101 the tcpdump would then show something like: block in - ($ext_if's IP) > 216.239.35.101 when i pinged it. pardon me for not having a copy/paste handy ... it was misreporting the rule( saying it was 'out' for when pf.conf was 'in', or vice versa )'s direction and i think also the SRC -> DST part of the tcpdump output was flipped... i was trying to figure out what was up, and considered posting up here to the group, but as the system was at that point running on a frankenversion somewhere between 3.2-patch and -current, due to a make build that bombed after making it quite far along, i figured to post up *any* question about this would be like shooting myself in the face, seeing as how the system was running on a non-cleanly-exited make build. <g> i went in and did a make install on tcpdump, outta /usr/src/whatever, and that fixed 1/2 of the problem, the 'in' / 'out' was now reported correctly, but then something else was wrong... don't remember what it was but it was either something i hadn't noticed before or "correcter" tcpdump output was letting me see.. anyway, after i finally got a make build to fly from start to finish with a clean exit, the output of tcpdump has been utterly sane and in agreement with pf.conf.... so, yeah; i could buy the bad build of current angle, especially if it hit any relavant hiccups. jared.
