From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 00:09:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 317C237B401; Wed, 6 Aug 2003 00:09:25 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5B3843F85; Wed, 6 Aug 2003 00:09:24 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h7679LkN059061; Wed, 6 Aug 2003 00:09:21 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h7679L3D059060; Wed, 6 Aug 2003 00:09:21 -0700 (PDT) (envelope-from rizzo) Date: Wed, 6 Aug 2003 00:09:21 -0700 From: Luigi Rizzo To: Barney Wolff Message-ID: <20030806000921.A50665@xorpc.icir.org> References: <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030805143100.GA52099@pit.databus.com>; from barney@databus.com on Tue, Aug 05, 2003 at 10:31:01AM -0400 cc: freebsd-net@freebsd.org cc: Edwin Groothuis Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 07:09:25 -0000 one thing one could do is to add special 'interface names' to the list recognised by /dev/bpf (e.g. "ipfw", "ipf", etc) in bpf_setif(), and insert calls to bpf_mtap() at the end of ipfw_check() and friends. Now the question is, of course, do you want only 'accept'ed packets, or all of them ? In the end, i kind-of agree that it is probably better to make judicious use of bpf filtering and ipfw logging to see in detail what is going on... cheers luigi On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote: > On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote: > > > > Now my question to you guys is, does what I want or what I describe > > here make a little bit sense? Or am I totally going the wrong way? > > Or has this topic already been discussed multiple times and decided > > not to do it? Maybe there is somebody thinks this is a cool thing > > and wants to help me with adding it to the system? > > Seems to me that with ipfw logging and tcpdump packet selection this > is largely a non-issue. We should be wary of adding complexity to > what's already at the limits of human comprehension. > > Now if somebody wanted to add the ability to dump the complete packet > to ipfw ... :) > > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"