Date: Thu, 17 Dec 2009 23:11:16 +0000 (UTC) From: Luigi Rizzo <luigi@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/netinet/ipfw ip_fw2.c ip_fw_log.c ip_fw_private.h Message-ID: <200912172311.nBHNBUaX072614@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
luigi 2009-12-17 23:11:16 UTC
FreeBSD src repository
Modified files:
sys/netinet/ipfw ip_fw2.c ip_fw_log.c ip_fw_private.h
Log:
SVN rev 200654 on 2009-12-17 23:11:16Z by luigi
Add some experimental code to log traffic with tcpdump,
similar to pflog(4).
To use the feature, just put the 'log' options on rules
you are interested in, e.g.
ipfw add 5000 count log ....
and run
tcpdump -ni ipfw0 ...
net.inet.ip.fw.verbose=0 enables logging to ipfw0,
net.inet.ip.fw.verbose=1 sends logging to syslog as before.
More features can be added, similar to pflog(), to store in
the MAC header metadata such as rule numbers and actions.
Manpage to come once features are settled.
Revision Changes Path
1.31 +3 -2 src/sys/netinet/ipfw/ip_fw2.c
1.3 +75 -1 src/sys/netinet/ipfw/ip_fw_log.c
1.4 +1 -0 src/sys/netinet/ipfw/ip_fw_private.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912172311.nBHNBUaX072614>