diff options
author | dm <dm@cvs.openbsd.org> | 1996-05-10 21:41:01 +0000 |
---|---|---|
committer | dm <dm@cvs.openbsd.org> | 1996-05-10 21:41:01 +0000 |
commit | 76242ad5ccbbf411a0dfd66daab39d9a460c09dc (patch) | |
tree | 92b555bd9197bb7976ae825d415f70d567c37170 /share/man | |
parent | 75774d963fafaaaa2cf697156d616e2ebe3db3c8 (diff) |
ipfilter 3.0.4
Diffstat (limited to 'share/man')
-rw-r--r-- | share/man/man4/Makefile | 4 | ||||
-rw-r--r-- | share/man/man4/ipl.4 | 58 |
2 files changed, 60 insertions, 2 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 4722a171713..cacc87448f0 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.7 1996/04/22 01:26:48 deraadt Exp $ +# $OpenBSD: Makefile,v 1.8 1996/05/10 21:39:29 dm Exp $ # $NetBSD: Makefile,v 1.22 1996/03/28 21:32:58 mark Exp $ # @(#)Makefile 8.1 (Berkeley) 6/18/93 MAN= audio.4 bpf.4 ccd.4 clnp.4 cltp.4 ddb.4 drum.4 esis.4 fd.4 icmp.4 \ idp.4 imp.4 inet.4 ip.4 iso.4 lkm.4 lo.4 netintro.4 ns.4 nsip.4 \ null.4 pty.4 rnd.4 route.4 spp.4 tb.4 tcp.4 termios.4 tty.4 tp.4 udp.4 \ - unix.4 vnd.4 + unix.4 vnd.4 ipl.4 MLINKS+=fd.4 stderr.4 fd.4 stdin.4 fd.4 stdout.4 MLINKS+=netintro.4 networking.4 MLINKS+=rnd.4 srnd.4 rnd.4 urnd.4 rnd.4 prnd.4 diff --git a/share/man/man4/ipl.4 b/share/man/man4/ipl.4 new file mode 100644 index 00000000000..377a3383549 --- /dev/null +++ b/share/man/man4/ipl.4 @@ -0,0 +1,58 @@ +.TH IPL 4 +.SH NAME +ipl - IP packet log device +.SH DESCRIPTION +The \fBipl\fP pseudo device's purpose is to provide an easy way to gather +packet headers of packets you wish to log. If a packet header is to be +logged, the entire header is logged (including any IP options - TCP/UDP +options are not included when it calculates header size) or not at all. +The packet contents is also logged after the header. +.LP +.PP +Prepending every packet header logged is a structure containing information +relevant to the packet following and why it was logged. The structure's +format is as follows: +.LP +.nf +struct ipl_ci { + u_long sec; /* time when the packet was logged */ + u_long usec; + u_long plen; /* length of packet data logged */ + u_short hlen; /* length of headers logged */ + u_short rule; /* rule number (for log ...) or 0 if result = log */ + u_short flags:12; /* flags, ie BLOCK, PASS, SHORT, etc */ + u_short unit:4; /* interface unit # */ + u_char ifname[2]; /* 2 character interface abbreviation */ +}; +.nf +.PP +In the case of the header causing the buffer to finish on a non-32bit +boundary, padding will be `appended' to ensure that the next log entry +is aligned to a 32bit boundary. +.LP +.PP +If the packet contents is more then 128 bytes, then only 128 bytes of the +packet contents is logged. Should the packet contents finish on a non-32bit +boundary, then the last few bytes are not logged to ensure the log entry +is aligned to a 32bit boundary. + +\fBipl\fP is a read-only (sequential) character pseudo-device. + +The ioctls which are loaded with this device can be found under \fBipf(4)\fP. +The only ioctl which is used for logging and doesn't affect the filter is: +.LP +.nf + ioctl(fd, SIOCIPFFB, int *) +.fi +.PP +This ioctl flushes the log buffer and returns the number of bytes flushed. +.PP +There is currently no support for non-blocking IO with this device, meaning +all read operations should be considered blocking in nature (if there is no +data to read, it will sleep until some is made available). +.SH SEE ALSO +ipf(4) +.SH BUGS +Packet headers are dropped when the internal buffer (static size) fills. +.SH FILES +/dev/ipl0 |