On Tue, Dec 16, 2025 at 11:32:37PM +0100, Kristof Provost wrote: K> Pflog seems harder. There’s not much to configure, but exporting K> information is done through `tcpdump -n -e -ttt -i pflog1`, which sort of K> assumes a network interface. K> Your ddf4f9eda9c2 change talks about a BPF tap ipfwlog0. Does that mean we K> can `tcpdump -i ipfwlog0` even if there’s no struct ifnet ipfwlog0?
Exactly! K> That’d probably be fine, even if I’m sure doing `tcpdump -i pflog0` is K> going to confuse me if ifconfig claims there’s no such interface as pflog0. We will get used to that soon :) Now we can easily implement bpf taps anywhere, e.g. "tcp_input" or on a named unix(4) socket. -- Gleb Smirnoff
