On 02.08.2023 06:49, Zane C B-H wrote:
Replacement for daemonlogger given it is dead upstream and no one else
has picked up development. On Linux the same can easily be accomplished
via tcpdump and the pcap rotation options and then just using removing
old files based on age/disk usage. Unfortunately FreeBSD lacks support
for '-i any'. In many ways settled upon tcpdump as it is not likely to
just stopped be developed.
Netgraph looks semiworkable via one2many and setting the interfaces on
the many side or promisc, but this also creates the issue of the
listening interface can also transmit. That said looks like putting the
connected ng_iface in monitor mode at creation should solve that. Been
looking at that on and off today trying to wrap my head around netgraph.
You also can implement DLT_PKTAP or DLT_LINUX_SLL linktypes through some
pseudo network driver, then modify ETHER_BPF_MTAP() macro, probably make
some tweaks for tcpdump and you will get what you need. It seems not so
hard.
--
WBR, Andrey V. Elsukov
