Date: Tue, 13 Dec 2005 07:08:47 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: cvs-src@FreeBSD.org, Alexey Dokuchaev <danfe@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>, cvs-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) Message-ID: <20051213070846.A10708@xorpc.icir.org> In-Reply-To: <12911.1134485339@critter.freebsd.dk>; from phk@phk.freebsd.dk on Tue, Dec 13, 2005 at 03:48:59PM %2B0100 References: <20051213061503.A10373@xorpc.icir.org> <12911.1134485339@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 13, 2005 at 03:48:59PM +0100, Poul-Henning Kamp wrote: > In message <20051213061503.A10373@xorpc.icir.org>, Luigi Rizzo writes: > > >talking about ipfw2, a couple of years ago i posted some code for 4.x > >to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so > >that people in need of detailed logging could just get it from > >there through tcpdump or whatever. > > Isn't it easier to use ipfwpcap(8) and a divert socket ? well apart that i just learned about it from this email and couldn't find a manpage, they are similar in spirit but they don't seem to do exactly the same thing: - 'log' is an option that you can set on any ipfw rule, independently from the action; - ipfwpcap only works on divert or tee rules (i read in the code that tee is broken but assume it can be fixed so the performance objection for the -r option will not matter, eventually). so i believe the /dev/ipfw trick is a bit more flexible cheers luigi > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051213070846.A10708>