Date: Tue, 13 Dec 2005 10:42:18 -0800 From: John-Mark Gurney <gurney_j@resnet.uoregon.edu> To: Luigi Rizzo <rizzo@icir.org> Cc: cvs-src@FreeBSD.org, Alexey Dokuchaev <danfe@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>, cvs-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) Message-ID: <20051213184218.GC55657@funkthat.com> In-Reply-To: <20051213061503.A10373@xorpc.icir.org> References: <200512131216.jBDCG3FJ042136@repoman.freebsd.org> <20051213134143.GC77985@FreeBSD.org> <20051213140744.GH37414@FreeBSD.org> <20051213061503.A10373@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote this message on Tue, Dec 13, 2005 at 06:15 -0800:
> talking about ipfw2, a couple of years ago i posted some code for 4.x
> to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so
> that people in need of detailed logging could just get it from
> there through tcpdump or whatever.
>
> If someone is interested, here it is a copy of the message and patch.
> It is very very trivial, so i don't expect to require a lot of
> porting work to be adapted to HEAD and more recent versions of
> FreeBSD.
I have patches that teach tcpdump how to understand divert sockets...
(I forget if I write the packets back to continue the chain or if you
have to use tee..) This has the advantage of preventing yet another
device in the system.. though it does prevent normal users from being
able to watch the traffic...
Anyone interested?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051213184218.GC55657>