diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-02-28 22:27:34 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-02-28 22:27:34 +0000 |
| commit | 9b4a3511a8f6793deabeefe86d65650ad4a61001 (patch) | |
| tree | 3d48c8ba44aea6eea1c586bc11842bf18c216531 /sbin/pflogd | |
| parent | d8473e4b0c4055f66abd273b3346d560840da062 (diff) | |
Document ethernet layer expressions.
Diffstat (limited to 'sbin/pflogd')
| -rw-r--r-- | sbin/pflogd/pflogd.8 | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/sbin/pflogd/pflogd.8 b/sbin/pflogd/pflogd.8 index 3f5e9a1ea73..23cb4ed036f 100644 --- a/sbin/pflogd/pflogd.8 +++ b/sbin/pflogd/pflogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pflogd.8,v 1.11 2002/02/28 22:19:47 kjell Exp $ +.\" $OpenBSD: pflogd.8,v 1.12 2002/02/28 22:27:33 dhartmei Exp $ .\" .\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. .\" @@ -120,6 +120,26 @@ operation of pflogd): # ifconfig pflog0 up # tcpdump -n -e -ttt -i pflog0 .Ed +.Pp +The ethernet protocol layer of packets logged by pflogd consists +of an object of type struct pfloghdr (defined in net/if_pflog.h), +which allows to use the following tcpdump expressions to filter on +pf specific criteria: +.Bl -tag -width "ether[99:9]=0xFFFFFFFF " -compact +.It ether[0:4]=4 +Address family equals IPv4 (4) or IPv6 (24). +.It ether[4:4]=0x6b756530 +Interface name equals "kue0" (0x6b756530). +.It ether[20:2]=10 +Rule number equals 10. +.It ether[22:2]=0 +Reason equals match (0), bad offset (1), fragment (2), short (3), +normalization (4) or memory (5). +.It ether[24:2]=0 +Action equals pass (0) or block (1). +.It ether[26:2]=0 +Direction equals in (0) or out (1). +.El .Sh FILES .Bl -tag -width /var/run/pflogd.pid -compact .It Pa /var/run/pflogd.pid |