From owner-freebsd-net@FreeBSD.ORG  Tue Aug  5 17:35:14 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 03A5437B401; Tue,  5 Aug 2003 17:35:14 -0700 (PDT)
Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B9F7D43FAF; Tue,  5 Aug 2003 17:35:12 -0700 (PDT)
	(envelope-from jdp@polstra.com)
Received: from strings.polstra.com (strings.polstra.com [206.213.73.20])
	by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h760ZB1w001288
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Tue, 5 Aug 2003 17:35:12 -0700 (PDT)
	(envelope-from jdp@strings.polstra.com)
Received: (from jdp@localhost)
	by strings.polstra.com (8.12.6/8.12.6/Submit) id h760ZBwU007379;
	Tue, 5 Aug 2003 17:35:11 -0700 (PDT)
	(envelope-from jdp)
Date: Tue, 5 Aug 2003 17:35:11 -0700 (PDT)
Message-Id: <200308060035.h760ZBwU007379@strings.polstra.com>
To: net@freebsd.org
From: John Polstra <jdp@polstra.com>
In-Reply-To: <20030806001459.GB558@k7.mavetju>
References: <20030805133922.GA7713@k7.mavetju>
	<200308051817.h75IH7jb006622@strings.polstra.com>
	<20030806001459.GB558@k7.mavetju>
Organization: Polstra & Co., Seattle, WA
X-Bogosity: No, tests=bogofilter, spamicity=0.377706, version=0.11.2
cc: edwin@freebsd.org
Subject: Re: bpf, ipfw and before-and-after
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2003 00:35:14 -0000

In article <20030806001459.GB558@k7.mavetju>,
Edwin Groothuis  <edwin@freebsd.org> wrote:
> On Tue, Aug 05, 2003 at 11:17:07AM -0700, John Polstra wrote:
> > Tcpdump has always shown traffic _at_ the network interface.  That's
> > why it has the "-i" option.  I would not like to see that behavior
> > changed.
> 
> I totally agree with the idea that it is _at_ the network interface,
> but if you think about what people are actually using it for you
> realise that most of the output you're interested in is at the IP
> or the TCP layer.

Different people use tcpdump for different things.  I myself typically
use it when I'm debugging ethernet drivers.  When I use it to look at
the IP or TCP layer, I generally specify a filter on the command line
so that I only see what I'm interested in.  Given that tcpdump has
been around for so long, and that it can be used for so many different
purposes, and that it allows the specification of a packet filter on
its command line, it doesn't make sense to move its packet hooks to
somewhere else by default.

> If you want it to be enabled via a kernel option, fine with me.

Great.  That's all I'm asking for.

John
-- 
  John Polstra
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Two buttocks cannot avoid friction."                     -- Malawi saying