Date: Thu, 9 Oct 2003 14:05:23 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Valentine Zaretsky <zaretsky@apex.dp.ua> Cc: ipfw@freebsd.org Subject: Re: Limiting data size in tee rules Message-ID: <20031009140523.C19092@xorpc.icir.org> In-Reply-To: <3F847F8A.9030300@apex.dp.ua>; from zaretsky@apex.dp.ua on Thu, Oct 09, 2003 at 12:20:10AM %2B0300 References: <3F847F8A.9030300@apex.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 09, 2003 at 12:20:10AM +0300, Valentine Zaretsky wrote: > Hi! > > In some applications there is no need to send the whole packet to > divert-socket (e.g. traffic accounting, where information contained in > headers is enough) and it might be useful to have a setting for the > length of data buffer that will be diverted from each matching packet. for those cases, you might want to use the patches i posted some time ago, which send packets that match a 'log' rule to a bpf listener. This would also enable you to set the 'snaplen' at runtime, and use the vast amount of bpf-based tools instead to have to write your own. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031009140523.C19092>