bpf, ipfw and before-and-after
Luigi Rizzo
rizzo at icir.org
Wed Aug 6 00:09:25 PDT 2003
one thing one could do is to add special 'interface names'
to the list recognised by /dev/bpf (e.g. "ipfw", "ipf", etc)
in bpf_setif(), and insert calls to bpf_mtap() at the end
of ipfw_check() and friends. Now the question is, of course,
do you want only 'accept'ed packets, or all of them ?
In the end, i kind-of agree that it is probably better to make
judicious use of bpf filtering and ipfw logging to see in detail
what is going on...
cheers
luigi
On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote:
> On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote:
> >
> > Now my question to you guys is, does what I want or what I describe
> > here make a little bit sense? Or am I totally going the wrong way?
> > Or has this topic already been discussed multiple times and decided
> > not to do it? Maybe there is somebody thinks this is a cool thing
> > and wants to help me with adding it to the system?
>
> Seems to me that with ipfw logging and tcpdump packet selection this
> is largely a non-issue. We should be wary of adding complexity to
> what's already at the limits of human comprehension.
>
> Now if somebody wanted to add the ability to dump the complete packet
> to ipfw ... :)
>
> --
> Barney Wolff http://www.databus.com/bwresume.pdf
> I'm available by contract or FT, in the NYC metro area or via the 'Net.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list