Date: Tue, 5 Aug 2003 23:39:23 +1000 From: Edwin Groothuis <edwin@freebsd.org> To: freebsd-net@freebsd.org Subject: bpf, ipfw and before-and-after Message-ID: <20030805133922.GA7713@k7.mavetju>
next in thread | raw e-mail | index | archive | help
Greetings, This afternoon I ran into the ever lasting of "bpf runs before ipfw" problem again: when you run tcpdump and you get all the rubbish coming from the public internet into an interface, while all I wanted to see was how much traffic was actually going past the ipfw rules. Looking through the code of sys/net/if_ethersubr.c, I thought this could be solved pretty easy: The second thing ether_input() does is checking for ifp->ip_bpf and calling bpf_mtap(). If that call could be repeated in ether_demux() after ether_ipfw_chk() is checked, and bpf_mtap() did have a way to determine wether it should print the first or the second one[*], this would solve the problem for the incoming packets. For outgoing packets, the call to bpf_mtap() is done in the driver of the cards, but the check for ipfw is done in ether_output_frame(), so it could be done in that routine anyway. [*] During the opening of the bpf-device, it could check for a sysctl-setting or something so it knows wether it has to print the before-ipfw or the behind-ipfw packets. Further bpf_mtap() should have a third parameter, stating whether it was a before-ipfw packet or an behind-ipfw or a I-don't-care-about-ipfw packet so that the function knows if it has to do something with them. For non ethernet-driver I'm not sure how to do this yet, but I'm sure there is a way to figure it out. Now my question to you guys is, does what I want or what I describe here make a little bit sense? Or am I totally going the wrong way? Or has this topic already been discussed multiple times and decided not to do it? Maybe there is somebody thinks this is a cool thing and wants to help me with adding it to the system? Edwin -- Edwin Groothuis edwin@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030805133922.GA7713>