Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...)

From: John-Mark Gurney <gurney_j_at_resnet.uoregon.edu>
Date: Tue, 13 Dec 2005 10:42:18 -0800
Luigi Rizzo wrote this message on Tue, Dec 13, 2005 at 06:15 -0800:
> talking about ipfw2, a couple of years ago i posted some code for 4.x
> to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so
> that people in need of detailed logging could just get it from
> there through tcpdump or whatever.
> 
> If someone is interested, here it is a copy of the message and patch.
> It is very very trivial, so i don't expect to require a lot of
> porting work to be adapted to HEAD and more recent versions of
> FreeBSD.

I have patches that teach tcpdump how to understand divert sockets...
(I forget if I write the packets back to continue the chain or if you
have to use tee..)  This has the advantage of preventing yet another
device in the system.. though it does prevent normal users from being
able to watch the traffic...

Anyone interested?

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
Received on Tue Dec 13 2005 - 18:42:22 UTC