summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authordm <dm@cvs.openbsd.org>1996-05-10 21:41:01 +0000
committerdm <dm@cvs.openbsd.org>1996-05-10 21:41:01 +0000
commit76242ad5ccbbf411a0dfd66daab39d9a460c09dc (patch)
tree92b555bd9197bb7976ae825d415f70d567c37170 /share/man
parent75774d963fafaaaa2cf697156d616e2ebe3db3c8 (diff)
ipfilter 3.0.4
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man4/Makefile4
-rw-r--r--share/man/man4/ipl.458
2 files changed, 60 insertions, 2 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile
index 4722a171713..cacc87448f0 100644
--- a/share/man/man4/Makefile
+++ b/share/man/man4/Makefile
@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.7 1996/04/22 01:26:48 deraadt Exp $
+# $OpenBSD: Makefile,v 1.8 1996/05/10 21:39:29 dm Exp $
# $NetBSD: Makefile,v 1.22 1996/03/28 21:32:58 mark Exp $
# @(#)Makefile 8.1 (Berkeley) 6/18/93
MAN= audio.4 bpf.4 ccd.4 clnp.4 cltp.4 ddb.4 drum.4 esis.4 fd.4 icmp.4 \
idp.4 imp.4 inet.4 ip.4 iso.4 lkm.4 lo.4 netintro.4 ns.4 nsip.4 \
null.4 pty.4 rnd.4 route.4 spp.4 tb.4 tcp.4 termios.4 tty.4 tp.4 udp.4 \
- unix.4 vnd.4
+ unix.4 vnd.4 ipl.4
MLINKS+=fd.4 stderr.4 fd.4 stdin.4 fd.4 stdout.4
MLINKS+=netintro.4 networking.4
MLINKS+=rnd.4 srnd.4 rnd.4 urnd.4 rnd.4 prnd.4
diff --git a/share/man/man4/ipl.4 b/share/man/man4/ipl.4
new file mode 100644
index 00000000000..377a3383549
--- /dev/null
+++ b/share/man/man4/ipl.4
@@ -0,0 +1,58 @@
+.TH IPL 4
+.SH NAME
+ipl - IP packet log device
+.SH DESCRIPTION
+The \fBipl\fP pseudo device's purpose is to provide an easy way to gather
+packet headers of packets you wish to log. If a packet header is to be
+logged, the entire header is logged (including any IP options - TCP/UDP
+options are not included when it calculates header size) or not at all.
+The packet contents is also logged after the header.
+.LP
+.PP
+Prepending every packet header logged is a structure containing information
+relevant to the packet following and why it was logged. The structure's
+format is as follows:
+.LP
+.nf
+struct ipl_ci {
+ u_long sec; /* time when the packet was logged */
+ u_long usec;
+ u_long plen; /* length of packet data logged */
+ u_short hlen; /* length of headers logged */
+ u_short rule; /* rule number (for log ...) or 0 if result = log */
+ u_short flags:12; /* flags, ie BLOCK, PASS, SHORT, etc */
+ u_short unit:4; /* interface unit # */
+ u_char ifname[2]; /* 2 character interface abbreviation */
+};
+.nf
+.PP
+In the case of the header causing the buffer to finish on a non-32bit
+boundary, padding will be `appended' to ensure that the next log entry
+is aligned to a 32bit boundary.
+.LP
+.PP
+If the packet contents is more then 128 bytes, then only 128 bytes of the
+packet contents is logged. Should the packet contents finish on a non-32bit
+boundary, then the last few bytes are not logged to ensure the log entry
+is aligned to a 32bit boundary.
+
+\fBipl\fP is a read-only (sequential) character pseudo-device.
+
+The ioctls which are loaded with this device can be found under \fBipf(4)\fP.
+The only ioctl which is used for logging and doesn't affect the filter is:
+.LP
+.nf
+ ioctl(fd, SIOCIPFFB, int *)
+.fi
+.PP
+This ioctl flushes the log buffer and returns the number of bytes flushed.
+.PP
+There is currently no support for non-blocking IO with this device, meaning
+all read operations should be considered blocking in nature (if there is no
+data to read, it will sleep until some is made available).
+.SH SEE ALSO
+ipf(4)
+.SH BUGS
+Packet headers are dropped when the internal buffer (static size) fills.
+.SH FILES
+/dev/ipl0