ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...)
Max Laier
max at love2party.net
Tue Dec 13 08:59:40 PST 2005
On Tuesday 13 December 2005 16:08, Ceri Davies wrote:
> On Tue, Dec 13, 2005 at 06:15:04AM -0800, Luigi Rizzo wrote:
> > talking about ipfw2, a couple of years ago i posted some code for 4.x
> > to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so
> > that people in need of detailed logging could just get it from
> > there through tcpdump or whatever.
>
> I don't actually use pf, but there is a pflog interface which I believe
> does a similar thing. It would be good to integrate the two somehow.
Indeed. pflog(4) has the additional edge that it prepends a header that
indicates the reason for logging this packet - i.e. rule number, action,
original interface etc. ... it is open if the same header can be used for
ipfw. Most of the fields are certainly filter independent.
In Basel we talked about a general interface for dumping "interesting" packets
in order to debug tcp problems etc. ... I am certainly interested in
discussing this further and maybe getting some universal API for it into the
kernel. Including tcpdump/pcap support to make sense of the possibly
different packet header - if we decide to go this way.
If there is interest this should go to -net or private mail in order to agree
upon requirements and an API.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20051213/d85bf2c8/attachment.bin
More information about the cvs-all
mailing list