From owner-freebsd-ipfw@FreeBSD.ORG  Tue Oct 24 20:05:26 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EFF6116A47B;
	Tue, 24 Oct 2006 20:05:26 +0000 (UTC)
	(envelope-from prvs=julian=445c89c70@elischer.org)
Received: from a50.ironport.com (a50.ironport.com [63.251.108.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2536E43D9A;
	Tue, 24 Oct 2006 20:05:17 +0000 (GMT)
	(envelope-from prvs=julian=445c89c70@elischer.org)
Received: from unknown (HELO [192.168.2.5]) ([10.251.60.28])
	by a50.ironport.com with ESMTP; 24 Oct 2006 13:05:12 -0700
Message-ID: <453E71F8.7020809@elischer.org>
Date: Tue, 24 Oct 2006 13:05:12 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
References: <453DF0A7.6030700@yandex.ru>
In-Reply-To: <453DF0A7.6030700@yandex.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org, Oleg Bulyzhin <oleg@freebsd.org>,
	Luigi Rizzo <rizzo@icir.org>
Subject: Re: ipfw tracing
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2006 20:05:27 -0000

Andrey V. Elsukov wrote:
> Hi, All!
> 
> I've make a small patch that add a rule action
> tracing feature to ipfw2.
> 
> http://butcher.heavennet.ru/patches/kernel/ipfw_trace/
> 
> This patch can be usefull when you have too many
> ipfw-rules. When some packets not pass ipfw - It is not
> easy to determine rule which block these packets.
> 
> How to use:
> 
> # ipfw add 1 count tag <SOME_TAG> <RULE_BODY>
> # sysctl net.inet.ip.fw.trace_tag=<SOME_TAG>
> # tail -f /var/log/security
> 
> <SOME_TAG> - some tag number
> <RULE_BODY> - rule for matching needed packets
> 
> What you think about that?
> 

Can you show some sample usage and output?