Date: Thu, 3 Aug 2023 13:58:08 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Zane C B-H <v.velox@vvelox.net>, Mark Saad <nonesuch@longcount.org> Cc: net@freebsd.org Subject: Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux? Message-ID: <12c7e165-b941-125a-4f23-0dd88ced0f01@yandex.ru> In-Reply-To: <3376670f5c14ac160e75420a2c168481@vvelox.net> References: <cb86f295fd30f94b57aaebb3ed8d6351@vvelox.net> <E3D42774-9C4D-44AC-8331-BA9F4B670834@longcount.org> <3376670f5c14ac160e75420a2c168481@vvelox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02.08.2023 06:49, Zane C B-H wrote: > Replacement for daemonlogger given it is dead upstream and no one else > has picked up development. On Linux the same can easily be accomplished > via tcpdump and the pcap rotation options and then just using removing > old files based on age/disk usage. Unfortunately FreeBSD lacks support > for '-i any'. In many ways settled upon tcpdump as it is not likely to > just stopped be developed. > > Netgraph looks semiworkable via one2many and setting the interfaces on > the many side or promisc, but this also creates the issue of the > listening interface can also transmit. That said looks like putting the > connected ng_iface in monitor mode at creation should solve that. Been > looking at that on and off today trying to wrap my head around netgraph. You also can implement DLT_PKTAP or DLT_LINUX_SLL linktypes through some pseudo network driver, then modify ETHER_BPF_MTAP() macro, probably make some tweaks for tcpdump and you will get what you need. It seems not so hard. -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12c7e165-b941-125a-4f23-0dd88ced0f01>