Date: Tue, 13 Dec 2005 17:59:07 +0100 From: Max Laier <max@love2party.net> To: Ceri Davies <ceri@submonkey.net> Cc: Alexey Dokuchaev <danfe@freebsd.org>, src-committers@freebsd.org, Luigi Rizzo <rizzo@icir.org>, cvs-all@freebsd.org, Gleb Smirnoff <glebius@freebsd.org>, cvs-src@freebsd.org Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) Message-ID: <200512131759.15695.max@love2party.net> In-Reply-To: <20051213150858.GL78709@submonkey.net> References: <200512131216.jBDCG3FJ042136@repoman.freebsd.org> <20051213061503.A10373@xorpc.icir.org> <20051213150858.GL78709@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tuesday 13 December 2005 16:08, Ceri Davies wrote: > On Tue, Dec 13, 2005 at 06:15:04AM -0800, Luigi Rizzo wrote: > > talking about ipfw2, a couple of years ago i posted some code for 4.x > > to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so > > that people in need of detailed logging could just get it from > > there through tcpdump or whatever. > > I don't actually use pf, but there is a pflog interface which I believe > does a similar thing. It would be good to integrate the two somehow. Indeed. pflog(4) has the additional edge that it prepends a header that indicates the reason for logging this packet - i.e. rule number, action, original interface etc. ... it is open if the same header can be used for ipfw. Most of the fields are certainly filter independent. In Basel we talked about a general interface for dumping "interesting" packets in order to debug tcp problems etc. ... I am certainly interested in discussing this further and maybe getting some universal API for it into the kernel. Including tcpdump/pcap support to make sense of the possibly different packet header - if we decide to go this way. If there is interest this should go to -net or private mail in order to agree upon requirements and an API. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD4DBQBDnv3jXyyEoT62BG0RArTRAJ9uAlqD6IFc8mXBuTpVLj8ALEIjawCTB8As A4urSTsTjj9g1MdvUo9HIA== =a8oA -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512131759.15695.max>