From owner-cvs-all@FreeBSD.ORG Tue Dec 13 17:33:02 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5010416A422; Tue, 13 Dec 2005 17:33:02 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A3C643D8C; Tue, 13 Dec 2005 17:32:02 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id jBDHVXGM013857; Tue, 13 Dec 2005 09:31:33 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id jBDHVXYs013856; Tue, 13 Dec 2005 09:31:33 -0800 (PST) (envelope-from rizzo) Date: Tue, 13 Dec 2005 09:31:33 -0800 From: Luigi Rizzo To: Max Laier Message-ID: <20051213093133.A13701@xorpc.icir.org> References: <200512131216.jBDCG3FJ042136@repoman.freebsd.org> <20051213061503.A10373@xorpc.icir.org> <20051213150858.GL78709@submonkey.net> <200512131759.15695.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200512131759.15695.max@love2party.net>; from max@love2party.net on Tue, Dec 13, 2005 at 05:59:07PM +0100 Cc: Alexey Dokuchaev , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, Gleb Smirnoff , Ceri Davies Subject: Re: ipfw2 logs to bpf (was Re: cvs commit: src/sbin/ipfw ipfw2.c...) X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 17:33:02 -0000 On Tue, Dec 13, 2005 at 05:59:07PM +0100, Max Laier wrote: > On Tuesday 13 December 2005 16:08, Ceri Davies wrote: > > On Tue, Dec 13, 2005 at 06:15:04AM -0800, Luigi Rizzo wrote: > > > talking about ipfw2, a couple of years ago i posted some code for 4.x > > > to let ipfw2 "log" packets to a pseudo interface called /dev/ipfw0 so > > > that people in need of detailed logging could just get it from > > > there through tcpdump or whatever. > > > > I don't actually use pf, but there is a pflog interface which I believe > > does a similar thing. It would be good to integrate the two somehow. > > Indeed. pflog(4) has the additional edge that it prepends a header that > indicates the reason for logging this packet - i.e. rule number, action, ok it certainly looks like something that is fully usable for ipfw as well, and i think that as a first step the patch i submitted can be trivially simplified to use "pflog". On a related topic, what is the point, in net/bpf.c, of duplicating the body of bpf_mtap2 into bpf_mtap when the latter could be implemented in terms of the former, with only a very minor change (essentially checking for NULL data and prepending mb or not accordingly) ? cheers luigi