Date: Wed, 6 Aug 2003 00:09:21 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Barney Wolff <barney@databus.com> Cc: Edwin Groothuis <edwin@freebsd.org> Subject: Re: bpf, ipfw and before-and-after Message-ID: <20030806000921.A50665@xorpc.icir.org> In-Reply-To: <20030805143100.GA52099@pit.databus.com>; from barney@databus.com on Tue, Aug 05, 2003 at 10:31:01AM -0400 References: <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
one thing one could do is to add special 'interface names' to the list recognised by /dev/bpf (e.g. "ipfw", "ipf", etc) in bpf_setif(), and insert calls to bpf_mtap() at the end of ipfw_check() and friends. Now the question is, of course, do you want only 'accept'ed packets, or all of them ? In the end, i kind-of agree that it is probably better to make judicious use of bpf filtering and ipfw logging to see in detail what is going on... cheers luigi On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote: > On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote: > > > > Now my question to you guys is, does what I want or what I describe > > here make a little bit sense? Or am I totally going the wrong way? > > Or has this topic already been discussed multiple times and decided > > not to do it? Maybe there is somebody thinks this is a cool thing > > and wants to help me with adding it to the system? > > Seems to me that with ipfw logging and tcpdump packet selection this > is largely a non-issue. We should be wary of adding complexity to > what's already at the limits of human comprehension. > > Now if somebody wanted to add the ability to dump the complete packet > to ipfw ... :) > > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030806000921.A50665>