ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...)

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Dec 20 04:23:27 PST 2005

In message <20051213184218.GC55657 at funkthat.com>, John-Mark Gurney writes:

>I have patches that teach tcpdump how to understand divert sockets...
>(I forget if I write the packets back to continue the chain or if you
>have to use tee..)  This has the advantage of preventing yet another
>device in the system.. though it does prevent normal users from being
>able to watch the traffic...
>Anyone interested?

I guess you can do the same thing with "ipfwpcap | tcpdump -r -" so
I wonder if it isn't wiser to leave tcpdumps sources alone, in particular
given that it is 3rd party software ?

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the cvs-src mailing list