bpf, ipfw and before-and-after
John Polstra
jdp at polstra.com
Tue Aug 5 17:35:14 PDT 2003
In article <20030806001459.GB558 at k7.mavetju>,
Edwin Groothuis <edwin at freebsd.org> wrote:
> On Tue, Aug 05, 2003 at 11:17:07AM -0700, John Polstra wrote:
> > Tcpdump has always shown traffic _at_ the network interface. That's
> > why it has the "-i" option. I would not like to see that behavior
> > changed.
>
> I totally agree with the idea that it is _at_ the network interface,
> but if you think about what people are actually using it for you
> realise that most of the output you're interested in is at the IP
> or the TCP layer.
Different people use tcpdump for different things. I myself typically
use it when I'm debugging ethernet drivers. When I use it to look at
the IP or TCP layer, I generally specify a filter on the command line
so that I only see what I'm interested in. Given that tcpdump has
been around for so long, and that it can be used for so many different
purposes, and that it allows the specification of a packet filter on
its command line, it doesn't make sense to move its packet hooks to
somewhere else by default.
> If you want it to be enabled via a kernel option, fine with me.
Great. That's all I'm asking for.
John
--
John Polstra
John D. Polstra & Co., Inc. Seattle, Washington USA
"Two buttocks cannot avoid friction." -- Malawi saying
More information about the freebsd-net
mailing list