On Tue, Dec 15, 2009 at 09:06:04AM -0800, Julian Elischer wrote: > Luigi Rizzo wrote: ... > >>>The following ipfw patch (which i wrote back in 2001/2002) makes > >>>ipfw logging possible through tcpdump -- it works by passing to the > >>>fake device 'ipfw0' all packets matching rules marked 'log' . > >>>The use is very simple -- to test it just do > >>> > >>> ipfw add 100 count log ip from any to any > >>> > >>>and then > >>> > >>> tcpdump -ni ipfw0 > >>> > >>>will show all matching traffic. > >>> > >>>I think this is a quite convenient and flexible option, so if there > >>>are no objections I plan to commit it to head. ... > I'm not sure we should do everything just because we can. > it gives us nothing that we can't already get. you can filter using > ipfw netgraph -> netgraph bpf -> ng_socket > you can efficiently capture packets with divert (or tee) > you can write to pcap files using phk's program. it's not "because we can", it is "because it costs almost nothing and gives new functionality". The cost is just 30 lines of code (including comments) and one extra compare on matching packets (those for which you already enabled the 'log' option, so were prepared to pay the price of logging. Most importantly, you don't need to change the existing ipfw configs. That is, in my opinion, the main advantage. cheers luigiReceived on Tue Dec 15 2009 - 17:52:01 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC