From owner-freebsd-questions  Sat Apr  6 01:48:31 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA18570
          for questions-outgoing; Sat, 6 Apr 1996 01:48:31 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA18565
          for <questions@freebsd.org>; Sat, 6 Apr 1996 01:48:28 -0800 (PST)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id TAA03595; Sat, 6 Apr 1996 19:43:37 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199604061013.TAA03595@genesis.atrad.adelaide.edu.au>
Subject: Re: Q on kernel
To: dima@irs.riga.lv
Date: Sat, 6 Apr 1996 19:43:37 +0930 (CST)
Cc: questions@freebsd.org
In-Reply-To: <31656c84.irs@irs.riga.lv> from "Dmitry Solodov" at Apr 5, 96 08:54:58 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Dmitry Solodov stands accused of saying:
> 
> how to enable logging of in/out IP packets in the kernel ? 
> 
> We want FreeBSD code on our router to write a log of all in/out
> packets.

Not to be rude, but you must be _nuts_.  Think about it for a second;
how many packets do you handle?  Consider a small router with a
14.4KBps modem; on a PPP link with an MTU of ~500 bytes, you can move
about three packets a second.  If you log the time, type , source and
destination of the packet, you get a log entry of about 100 bytes.
At 300 bytes per second, your log will grow at about a megabyte
an hour.

If you want something fairly simple, look at the 'ipacct'
code in the FreeBSD kernel. (Start with 'man ipacct').

For the opposite end of the scale, look at 'tcpdump'.
Somewhere in the middle is the (unfinished) 'cantipole' tool; 
if neither of these two do what you want, and you are willing
to hack on some fairly primitive code, then you're welcome to
a copy of it.

> Dmitry Solodov

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[