From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 1 00:10:08 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C962106566B for ; Thu, 1 Apr 2010 00:10:08 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 5FC228FC08 for ; Thu, 1 Apr 2010 00:10:07 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 63B1373106; Thu, 1 Apr 2010 02:20:14 +0200 (CEST) Date: Thu, 1 Apr 2010 02:20:14 +0200 From: Luigi Rizzo To: "Ass.Tec. Matik" Message-ID: <20100401002014.GA57424@onelab2.iet.unipi.it> References: <4BB24C86.3030709@hardonline.com.br> <20100331020943.GA47928@onelab2.iet.unipi.it> <20100331164302.GA55699@korolev-net.ru> <20100331170221.GB55010@onelab2.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw error in last stable version freebsd 8 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2010 00:10:08 -0000 On Wed, Mar 31, 2010 at 03:47:49PM -0300, Ass.Tec. Matik wrote: > > > > it means that you are probably using a new kernel and an old /sbin/ipfw. > > The new ipfw/dummynet has a different kernel/userland API to accommodate > > some new features, and the kernel has a compatibility layer to translate > > requests back and forth between the two APIs. > > > > > where this is coming from: > > ipfw0: flags=8801 metric 0 mtu 65536 sys/netinet/ipfw/ip_fw_log.c Revision 200654 - (view) (annotate) - [select for diffs] Modified Thu Dec 17 23:11:16 2009 UTC (3 months, 1 week ago) by luigi Add some experimental code to log traffic with tcpdump, similar to pflog(4). To use the feature, just put the 'log' options on rules you are interested in, e.g. ipfw add 5000 count log .... and run tcpdump -ni ipfw0 ... net.inet.ip.fw.verbose=0 enables logging to ipfw0, net.inet.ip.fw.verbose=1 sends logging to syslog as before. cheers luigi