Date: Tue, 13 Dec 2005 17:59:07 +0100 From: Max Laier <max@love2party.net> To: Ceri Davies <ceri@submonkey.net> Cc: Alexey Dokuchaev <danfe@freebsd.org>, src-committers@freebsd.org, Luigi Rizzo <rizzo@icir.org>, cvs-all@freebsd.org, Gleb Smirnoff <glebius@freebsd.org>, cvs-src@freebsd.org Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) Message-ID: <200512131759.15695.max@love2party.net> In-Reply-To: <20051213150858.GL78709@submonkey.net> References: <200512131216.jBDCG3FJ042136@repoman.freebsd.org> <20051213061503.A10373@xorpc.icir.org> <20051213150858.GL78709@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1444112.xLiW4n69Xg Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 13 December 2005 16:08, Ceri Davies wrote: > On Tue, Dec 13, 2005 at 06:15:04AM -0800, Luigi Rizzo wrote: > > talking about ipfw2, a couple of years ago i posted some code for 4.x > > to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so > > that people in need of detailed logging could just get it from > > there through tcpdump or whatever. > > I don't actually use pf, but there is a pflog interface which I believe > does a similar thing. It would be good to integrate the two somehow. Indeed. pflog(4) has the additional edge that it prepends a header that=20 indicates the reason for logging this packet - i.e. rule number, action,=20 original interface etc. ... it is open if the same header can be used for=20 ipfw. Most of the fields are certainly filter independent. In Basel we talked about a general interface for dumping "interesting" pack= ets=20 in order to debug tcp problems etc. ... I am certainly interested in=20 discussing this further and maybe getting some universal API for it into th= e=20 kernel. Including tcpdump/pcap support to make sense of the possibly=20 different packet header - if we decide to go this way. If there is interest this should go to -net or private mail in order to agr= ee=20 upon requirements and an API. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1444112.xLiW4n69Xg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD4DBQBDnv3jXyyEoT62BG0RArTRAJ9uAlqD6IFc8mXBuTpVLj8ALEIjawCTB8As A4urSTsTjj9g1MdvUo9HIA== =a8oA -----END PGP SIGNATURE----- --nextPart1444112.xLiW4n69Xg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512131759.15695.max>