From owner-cvs-all@FreeBSD.ORG  Tue Dec 13 16:59:40 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@freebsd.org
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0ADED16A41F;
	Tue, 13 Dec 2005 16:59:40 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 183F843D5D;
	Tue, 13 Dec 2005 16:59:38 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [84.163.227.222] (helo=amd64.laiers.local)
	by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis),
	id 0ML2Dk-1EmDUo0RE4-0005xu; Tue, 13 Dec 2005 17:59:22 +0100
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: Ceri Davies <ceri@submonkey.net>
Date: Tue, 13 Dec 2005 17:59:07 +0100
User-Agent: KMail/1.8.2
References: <200512131216.jBDCG3FJ042136@repoman.freebsd.org>
	<20051213061503.A10373@xorpc.icir.org>
	<20051213150858.GL78709@submonkey.net>
In-Reply-To: <20051213150858.GL78709@submonkey.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1444112.xLiW4n69Xg";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200512131759.15695.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	login:61c499deaeeba3ba5be80f48ecc83056
Cc: Alexey Dokuchaev <danfe@freebsd.org>, src-committers@freebsd.org,
	Luigi Rizzo <rizzo@icir.org>, cvs-all@freebsd.org,
	Gleb Smirnoff <glebius@freebsd.org>, cvs-src@freebsd.org
Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...)
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2005 16:59:40 -0000

--nextPart1444112.xLiW4n69Xg
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 13 December 2005 16:08, Ceri Davies wrote:
> On Tue, Dec 13, 2005 at 06:15:04AM -0800, Luigi Rizzo wrote:
> > talking about ipfw2, a couple of years ago i posted some code for 4.x
> > to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so
> > that people in need of detailed logging could just get it from
> > there through tcpdump or whatever.
>
> I don't actually use pf, but there is a pflog interface which I believe
> does a similar thing.  It would be good to integrate the two somehow.

Indeed.  pflog(4) has the additional edge that it prepends a header that=20
indicates the reason for logging this packet - i.e. rule number, action,=20
original interface etc. ... it is open if the same header can be used for=20
ipfw.  Most of the fields are certainly filter independent.

In Basel we talked about a general interface for dumping "interesting" pack=
ets=20
in order to debug tcp problems etc. ... I am certainly interested in=20
discussing this further and maybe getting some universal API for it into th=
e=20
kernel.  Including tcpdump/pcap support to make sense of the possibly=20
different packet header - if we decide to go this way.

If there is interest this should go to -net or private mail in order to agr=
ee=20
upon requirements and an API.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1444112.xLiW4n69Xg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD4DBQBDnv3jXyyEoT62BG0RArTRAJ9uAlqD6IFc8mXBuTpVLj8ALEIjawCTB8As
A4urSTsTjj9g1MdvUo9HIA==
=a8oA
-----END PGP SIGNATURE-----

--nextPart1444112.xLiW4n69Xg--