diff options
| -rw-r--r-- | sbin/pflogd/pflogd.8 | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/sbin/pflogd/pflogd.8 b/sbin/pflogd/pflogd.8 index 3f5e9a1ea73..23cb4ed036f 100644 --- a/sbin/pflogd/pflogd.8 +++ b/sbin/pflogd/pflogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pflogd.8,v 1.11 2002/02/28 22:19:47 kjell Exp $ +.\" $OpenBSD: pflogd.8,v 1.12 2002/02/28 22:27:33 dhartmei Exp $ .\" .\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. .\" @@ -120,6 +120,26 @@ operation of pflogd): # ifconfig pflog0 up # tcpdump -n -e -ttt -i pflog0 .Ed +.Pp +The ethernet protocol layer of packets logged by pflogd consists +of an object of type struct pfloghdr (defined in net/if_pflog.h), +which allows to use the following tcpdump expressions to filter on +pf specific criteria: +.Bl -tag -width "ether[99:9]=0xFFFFFFFF " -compact +.It ether[0:4]=4 +Address family equals IPv4 (4) or IPv6 (24). +.It ether[4:4]=0x6b756530 +Interface name equals "kue0" (0x6b756530). +.It ether[20:2]=10 +Rule number equals 10. +.It ether[22:2]=0 +Reason equals match (0), bad offset (1), fragment (2), short (3), +normalization (4) or memory (5). +.It ether[24:2]=0 +Action equals pass (0) or block (1). +.It ether[26:2]=0 +Direction equals in (0) or out (1). +.El .Sh FILES .Bl -tag -width /var/run/pflogd.pid -compact .It Pa /var/run/pflogd.pid |