Re: Checking Routes/Gateways For Good Connection

Mon, 30 Aug 2010 11:37:02 -0700 

 On 8/29/2010 11:54 AM, Henning Brauer wrote:

when pf sees that packet it is outbound on em0. you are logging that
fact. then pf re-routes via em1. when pf sees it again on em1, you log
that fact.


My tcpdump output does not seem to confirm this.  For instance:

$ traceroute -m 4 -s 172.16.0.1 -n google.com

$ sudo tcpdump -n -e -ttt -i pflog0 host 172.16.0.1
tcpdump: listening on pflog0, link-type PFLOG
Aug 30 13:13:09.622700 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33435: udp 12 [ttl 1] Aug 30 13:13:14.630584 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33436: udp 12 [ttl 1] Aug 30 13:13:19.639902 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33437: udp 12 [ttl 1] Aug 30 13:13:24.649161 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33438: udp 12 Aug 30 13:13:29.658493 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33439: udp 12 Aug 30 13:13:34.667819 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33440: udp 12 Aug 30 13:13:39.677161 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33441: udp 12 Aug 30 13:13:44.686542 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33442: udp 12 Aug 30 13:13:49.695834 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33443: udp 12 Aug 30 13:13:54.705161 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33444: udp 12 Aug 30 13:13:59.714426 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33445: udp 12 Aug 30 13:14:04.723664 rule 42/(match) pass out on em1: 172.16.0.1.58471 > 209.85.225.104.33446: udp 12
Traceroute's defaults dictate a 5 second wait between probes and 3 probes per hop. I forced my max_ttl to 4 (hops). I get exactly 12 lines of log corresponding to (3 probes * 4 hops) and the log shows 5 seconds between hops. So where are the log lines for the re-routes? It appears to me PF is ignoring my route-to(s), or it is ignoring the source and not matching, and the request is simply going out whichever of my two multipath default routes gets chosen at the time.

Reply via email to