From nobody Thu Aug 03 10:58:08 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RGm6F4t8XzZYFX for ; Thu, 3 Aug 2023 10:58:13 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward500a.mail.yandex.net (forward500a.mail.yandex.net [IPv6:2a02:6b8:c0e:500:1:45:d181:d500]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RGm6F24Ysz3QZ8 for ; Thu, 3 Aug 2023 10:58:13 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Authentication-Results: mx1.freebsd.org; none Received: from mail-nwsmtp-smtp-production-main-67.vla.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-67.vla.yp-c.yandex.net [IPv6:2a02:6b8:c15:2c95:0:640:f90:0]) by forward500a.mail.yandex.net (Yandex) with ESMTP id 300995EE94; Thu, 3 Aug 2023 13:58:10 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-67.vla.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id 8wQcsWLsG4Y0-cklWQZ7P; Thu, 03 Aug 2023 13:58:09 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1691060289; bh=p0pHW3UXQBkOlhKQ2gh+OCvpFCQCphR+WQPNqm2llaM=; h=Subject:From:In-Reply-To:Cc:Date:References:To:Message-ID; b=jskDEaeFLyujb+3nhw93q8GdVdSlEK0roMSnUNskTcfG5UBIq0jLPJ+LdeLLJJ8uP lqxnVH3m/XDv2TZRJ0Zu8spGrZqf+VAnUXqOodpgzV19LP73luzR3MRXUtHvo1qRJu 8UErC4j4m0zKhwC+9raJwY8dtxcRDgvrsIn92Q+4= Message-ID: <12c7e165-b941-125a-4f23-0dd88ced0f01@yandex.ru> Date: Thu, 3 Aug 2023 13:58:08 +0300 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 To: Zane C B-H , Mark Saad Cc: net@freebsd.org References: <3376670f5c14ac160e75420a2c168481@vvelox.net> Content-Language: ru, en-US From: "Andrey V. Elsukov" Subject: Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux? In-Reply-To: <3376670f5c14ac160e75420a2c168481@vvelox.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4RGm6F24Ysz3QZ8 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU] On 02.08.2023 06:49, Zane C B-H wrote: > Replacement for daemonlogger given it is dead upstream and no one else > has picked up development. On Linux the same can easily be accomplished > via tcpdump and the pcap rotation options and then just using removing > old files based on age/disk usage. Unfortunately FreeBSD lacks support > for '-i any'. In many ways settled upon tcpdump as it is not likely to > just stopped be developed. > > Netgraph looks semiworkable via one2many and setting the interfaces on > the many side or promisc, but this also creates the issue of the > listening interface can also transmit. That said looks like putting the > connected ng_iface in monitor mode at creation should solve that. Been > looking at that on and off today trying to wrap my head around netgraph. You also can implement DLT_PKTAP or DLT_LINUX_SLL linktypes through some pseudo network driver, then modify ETHER_BPF_MTAP() macro, probably make some tweaks for tcpdump and you will get what you need. It seems not so hard. -- WBR, Andrey V. Elsukov