ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...)
    Gleb Smirnoff 
    glebius at FreeBSD.org
       
    Tue Dec 13 07:12:43 PST 2005
    
    
  
On Tue, Dec 13, 2005 at 07:08:47AM -0800, Luigi Rizzo wrote:
L> On Tue, Dec 13, 2005 at 03:48:59PM +0100, Poul-Henning Kamp wrote:
L> > In message <20051213061503.A10373 at xorpc.icir.org>, Luigi Rizzo writes:
L> > 
L> > >talking about ipfw2, a couple of years ago i posted some code for 4.x
L> > >to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so
L> > >that people in need of detailed logging could just get it from
L> > >there through tcpdump or whatever.
L> > 
L> > Isn't it easier to use ipfwpcap(8) and a divert socket ?
L> 
L> well apart that i just learned about it from this email and couldn't
L> find a manpage, they are similar in spirit but they don't seem to
L> do exactly the same thing:
L> 
L> - 'log' is an option that you can set on any ipfw rule, independently
L>   from the action;
L> - ipfwpcap only works on divert or tee rules (i read in the code
L>   that tee is broken but assume it can be fixed so the performance
L>   objection for the -r option will not matter, eventually).
AFAIK, "tee" is not broken since Andre has made ipfw to use pfil(9)
framework.
-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
    
    
More information about the cvs-src
mailing list