Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Aug 2003 00:09:21 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Barney Wolff <barney@databus.com>
Cc:        Edwin Groothuis <edwin@freebsd.org>
Subject:   Re: bpf, ipfw and before-and-after
Message-ID:  <20030806000921.A50665@xorpc.icir.org>
In-Reply-To: <20030805143100.GA52099@pit.databus.com>; from barney@databus.com on Tue, Aug 05, 2003 at 10:31:01AM -0400
References:  <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
one thing one could do is to add special 'interface names'
to the list recognised by /dev/bpf (e.g. "ipfw", "ipf", etc)
in bpf_setif(), and insert calls to bpf_mtap() at the end
of ipfw_check() and friends. Now the question is, of course,
do you want only 'accept'ed packets, or all of them ?

In the end, i kind-of agree that it is probably better to make
judicious use of bpf filtering and ipfw logging to see in detail
what is going on...

	cheers
	luigi

On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote:
> On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote:
> > 
> > Now my question to you guys is, does what I want or what I describe
> > here make a little bit sense? Or am I totally going the wrong way?
> > Or has this topic already been discussed multiple times and decided
> > not to do it? Maybe there is somebody thinks this is a cool thing
> > and wants to help me with adding it to the system?
> 
> Seems to me that with ipfw logging and tcpdump packet selection this
> is largely a non-issue.  We should be wary of adding complexity to
> what's already at the limits of human comprehension.
> 
> Now if somebody wanted to add the ability to dump the complete packet
> to ipfw ...  :)
> 
> -- 
> Barney Wolff         http://www.databus.com/bwresume.pdf
> I'm available by contract or FT, in the NYC metro area or via the 'Net.
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030806000921.A50665>