ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw
phk at phk.freebsd.dk
Tue Dec 20 04:23:27 PST 2005
In message <20051213184218.GC55657 at funkthat.com>, John-Mark Gurney writes:
>I have patches that teach tcpdump how to understand divert sockets...
>(I forget if I write the packets back to continue the chain or if you
>have to use tee..) This has the advantage of preventing yet another
>device in the system.. though it does prevent normal users from being
>able to watch the traffic...
I guess you can do the same thing with "ipfwpcap | tcpdump -r -" so
I wonder if it isn't wiser to leave tcpdumps sources alone, in particular
given that it is 3rd party software ?
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the cvs-src