From owner-cvs-all@FreeBSD.ORG  Tue Dec 20 12:23:27 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 09F7716A41F;
	Tue, 20 Dec 2005 12:23:27 +0000 (GMT)
	(envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 918D143D55;
	Tue, 20 Dec 2005 12:23:26 +0000 (GMT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (unknown [192.168.48.2])
	by phk.freebsd.dk (Postfix) with ESMTP id E041BBC66;
	Tue, 20 Dec 2005 12:23:24 +0000 (UTC)
To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Tue, 13 Dec 2005 10:42:18 PST."
	<20051213184218.GC55657@funkthat.com> 
Date: Tue, 20 Dec 2005 13:23:24 +0100
Message-ID: <9760.1135081404@critter.freebsd.dk>
Sender: phk@critter.freebsd.dk
Cc: Alexey Dokuchaev <danfe@FreeBSD.org>, src-committers@FreeBSD.org,
	Luigi Rizzo <rizzo@icir.org>, cvs-all@FreeBSD.org,
	Gleb Smirnoff <glebius@FreeBSD.org>, cvs-src@FreeBSD.org
Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw
	ipfw2.c...) 
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2005 12:23:27 -0000

In message <20051213184218.GC55657@funkthat.com>, John-Mark Gurney writes:

>I have patches that teach tcpdump how to understand divert sockets...
>(I forget if I write the packets back to continue the chain or if you
>have to use tee..)  This has the advantage of preventing yet another
>device in the system.. though it does prevent normal users from being
>able to watch the traffic...
>
>Anyone interested?

I guess you can do the same thing with "ipfwpcap | tcpdump -r -" so
I wonder if it isn't wiser to leave tcpdumps sources alone, in particular
given that it is 3rd party software ?

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.