From owner-freebsd-ipfw@FreeBSD.ORG  Tue Oct 24 10:53:38 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E15916A403;
	Tue, 24 Oct 2006 10:53:38 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from mx18.yandex.ru (smtp2.yandex.ru [213.180.200.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E15E43D5C;
	Tue, 24 Oct 2006 10:53:36 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from mail.kirov.so-cdu.ru ([81.18.142.225]:59410 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S3377745AbWJXKxa (ORCPT <rfc822;oleg@FreeBSD.org>
	+ 1 other); Tue, 24 Oct 2006 14:53:30 +0400
X-Comment: RFC 2476 MSA function at smtp2.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <453DF0A7.6030700@yandex.ru>
Date: Tue, 24 Oct 2006 14:53:27 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Luigi Rizzo <rizzo@icir.org>, Oleg Bulyzhin <oleg@FreeBSD.org>,
	Julian Elischer <julian@elischer.org>
Subject: ipfw tracing
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2006 10:53:38 -0000

Hi, All!

I've make a small patch that add a rule action
tracing feature to ipfw2.

http://butcher.heavennet.ru/patches/kernel/ipfw_trace/

This patch can be usefull when you have too many
ipfw-rules. When some packets not pass ipfw - It is not
easy to determine rule which block these packets.

How to use:

# ipfw add 1 count tag <SOME_TAG> <RULE_BODY>
# sysctl net.inet.ip.fw.trace_tag=<SOME_TAG>
# tail -f /var/log/security

<SOME_TAG> - some tag number
<RULE_BODY> - rule for matching needed packets

What you think about that?

-- 
WBR, Andrey V. Elsukov