Date: Tue, 20 Dec 2005 13:23:24 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: Alexey Dokuchaev <danfe@FreeBSD.org>, src-committers@FreeBSD.org, Luigi Rizzo <rizzo@icir.org>, cvs-all@FreeBSD.org, Gleb Smirnoff <glebius@FreeBSD.org>, cvs-src@FreeBSD.org Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) Message-ID: <9760.1135081404@critter.freebsd.dk> In-Reply-To: Your message of "Tue, 13 Dec 2005 10:42:18 PST." <20051213184218.GC55657@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20051213184218.GC55657@funkthat.com>, John-Mark Gurney writes: >I have patches that teach tcpdump how to understand divert sockets... >(I forget if I write the packets back to continue the chain or if you >have to use tee..) This has the advantage of preventing yet another >device in the system.. though it does prevent normal users from being >able to watch the traffic... > >Anyone interested? I guess you can do the same thing with "ipfwpcap | tcpdump -r -" so I wonder if it isn't wiser to leave tcpdumps sources alone, in particular given that it is 3rd party software ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9760.1135081404>