Limiting data size in tee rules
Luigi Rizzo
rizzo at icir.org
Thu Oct 9 14:05:35 PDT 2003
On Thu, Oct 09, 2003 at 12:20:10AM +0300, Valentine Zaretsky wrote:
> Hi!
>
> In some applications there is no need to send the whole packet to
> divert-socket (e.g. traffic accounting, where information contained in
> headers is enough) and it might be useful to have a setting for the
> length of data buffer that will be diverted from each matching packet.
for those cases, you might want to use the patches i posted some
time ago, which send packets that match a 'log' rule
to a bpf listener.
This would also enable you to set the 'snaplen' at runtime, and
use the vast amount of bpf-based tools instead to have to write
your own.
cheers
luigi
More information about the freebsd-ipfw
mailing list