summaryrefslogtreecommitdiff
path: root/share/man/man4/ipl.4
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man4/ipl.4')
-rw-r--r--share/man/man4/ipl.4122
1 files changed, 69 insertions, 53 deletions
diff --git a/share/man/man4/ipl.4 b/share/man/man4/ipl.4
index 7a28b88f915..d7de70920c0 100644
--- a/share/man/man4/ipl.4
+++ b/share/man/man4/ipl.4
@@ -1,63 +1,79 @@
-.TH IPL 4
-.SH NAME
-ipl - IP packet log device
-.SH DESCRIPTION
-The \fBipl\fP pseudo device's purpose is to provide an easy way to gather
-packet headers of packets you wish to log. If a packet header is to be
-logged, the entire header is logged (including any IP options - TCP/UDP
-options are not included when it calculates header size) or not at all.
-The packet contents is also logged after the header.
-.LP
-.PP
-Prepending every packet header logged is a structure containing information
-relevant to the packet following and why it was logged. The structure's
-format is as follows:
-.LP
-.nf
-struct ipl_ci {
- u_long sec; /* time when the packet was logged */
- u_long usec;
- u_long plen; /* length of packet data logged */
- u_short hlen; /* length of headers logged */
- u_short rule; /* rule number (for log ...) or 0 if result = log */
- u_long flags:24; /* XXX FIXME do we care about the extra bytes? */
-#if (defined(OpenBSD) && (OpenBSD <= 1991011) && (OpenBSD >= 199606))
- u_long filler:8; /* XXX FIXME do we care? */
- u_char ifname[IFNAMSIZ];
-#else
- u_long unit:8;
- u_char ifname[4];
-#endif
-};
-.nf
-.PP
+.Dd 13 June, 1999
+.Os
+.Dt IPL 4
+.Sh NAME
+.Nm ipl
+.Nd IP packet log device
+.Sh DESCRIPTION
+The
+.Nm
+pseudo device's purpose is to provide an easy way to gather
+packet headers of packets you wish to log. If a packet header is to be
+logged, either the entire header (including any
+.Tn IP
+options \(en
+.Tn TCP/UDP
+options are not included when it calculates header size) is logged or nothing.
+Up to 128 bytes of the packet content are logged after the header.
+.Pp
+Prepending every packet header logged are two structures containing information
+relevant to the packet following and why it was logged. The first structure
+is
+.Fa iplog
+and the second is
+.Fa ipflog .
+Both are declared in
+.Pa netinet/ip_fil.h .
+and their formats are as follows:
+.Bd -literal -offset indent
+struct iplog {
+ u_long ipl_magic; /* IPL_MAGIC 0x49504c4d 'IPLM' */
+ u_long ipl_sec;
+ u_long ipl_usec;
+ u_int ipl_len;
+ u_int ipl_count;
+ size_t ipl_dsize;
+ struct iplog *ipl_next;
+}
+
+struct ipflog {
+ u_char fl_ifname[IFNAMSIZ];
+ u_char fl_plen; /* extra data after hlen */
+ u_char fl_hlen; /* length of IP headers saved */
+ u_short fl_rule; /* assume < 64k rules, total */
+ u_short fl_group;
+ u_32_t fl_flags;
+}
+.Ed
+.Pp
In the case of the header causing the buffer to finish on a non-32bit
-boundary, padding will be `appended' to ensure that the next log entry
+boundary, padding will be appended to ensure that the next log entry
is aligned to a 32bit boundary.
-.LP
-.PP
-If the packet contents is more than 128 bytes, then only 128 bytes of the
-packet contents is logged. Should the packet contents finish on a non-32bit
+.Pp
+If the packet content is more than 128 bytes, only
+the first 128 bytes of the
+packet content are logged. Should the packet content finish on a non-32bit
boundary, then the last few bytes are not logged to ensure the log entry
is aligned to a 32bit boundary.
-
-\fBipl\fP is a read-only (sequential) character pseudo-device.
-
-The ioctls which are loaded with this device can be found under \fBipf(4)\fP.
+.Pp
+.Nm
+is a read-only (sequential) character pseudo-device.
+.Pp
+The ioctls which are loaded with this device can be found under
+.Xr ipf 4 .
The only ioctl which is used for logging and doesn't affect the filter is:
-.LP
-.nf
- ioctl(fd, SIOCIPFFB, int *)
-.fi
-.PP
+.Pp
+.Dl Fn ioctl fd SIOCIPFFB "int *"
+.Pp
This ioctl flushes the log buffer and returns the number of bytes flushed.
-.PP
+.Pp
There is currently no support for non-blocking IO with this device, meaning
all read operations should be considered blocking in nature (if there is no
data to read, it will sleep until some is made available).
-.SH SEE ALSO
-ipf(4), ipmon(8)
-.SH BUGS
+.Sh SEE ALSO
+.Xr ipf 4 ,
+.Xr ipmon 8
+.Sh BUGS
Packet headers are dropped when the internal buffer (static size) fills.
-.SH FILES
-/dev/ipl0
+.Sh FILES
+.Pa /dev/ipl