diff options
Diffstat (limited to 'share/man/man4/ipl.4')
-rw-r--r-- | share/man/man4/ipl.4 | 122 |
1 files changed, 69 insertions, 53 deletions
diff --git a/share/man/man4/ipl.4 b/share/man/man4/ipl.4 index 7a28b88f915..d7de70920c0 100644 --- a/share/man/man4/ipl.4 +++ b/share/man/man4/ipl.4 @@ -1,63 +1,79 @@ -.TH IPL 4 -.SH NAME -ipl - IP packet log device -.SH DESCRIPTION -The \fBipl\fP pseudo device's purpose is to provide an easy way to gather -packet headers of packets you wish to log. If a packet header is to be -logged, the entire header is logged (including any IP options - TCP/UDP -options are not included when it calculates header size) or not at all. -The packet contents is also logged after the header. -.LP -.PP -Prepending every packet header logged is a structure containing information -relevant to the packet following and why it was logged. The structure's -format is as follows: -.LP -.nf -struct ipl_ci { - u_long sec; /* time when the packet was logged */ - u_long usec; - u_long plen; /* length of packet data logged */ - u_short hlen; /* length of headers logged */ - u_short rule; /* rule number (for log ...) or 0 if result = log */ - u_long flags:24; /* XXX FIXME do we care about the extra bytes? */ -#if (defined(OpenBSD) && (OpenBSD <= 1991011) && (OpenBSD >= 199606)) - u_long filler:8; /* XXX FIXME do we care? */ - u_char ifname[IFNAMSIZ]; -#else - u_long unit:8; - u_char ifname[4]; -#endif -}; -.nf -.PP +.Dd 13 June, 1999 +.Os +.Dt IPL 4 +.Sh NAME +.Nm ipl +.Nd IP packet log device +.Sh DESCRIPTION +The +.Nm +pseudo device's purpose is to provide an easy way to gather +packet headers of packets you wish to log. If a packet header is to be +logged, either the entire header (including any +.Tn IP +options \(en +.Tn TCP/UDP +options are not included when it calculates header size) is logged or nothing. +Up to 128 bytes of the packet content are logged after the header. +.Pp +Prepending every packet header logged are two structures containing information +relevant to the packet following and why it was logged. The first structure +is +.Fa iplog +and the second is +.Fa ipflog . +Both are declared in +.Pa netinet/ip_fil.h . +and their formats are as follows: +.Bd -literal -offset indent +struct iplog { + u_long ipl_magic; /* IPL_MAGIC 0x49504c4d 'IPLM' */ + u_long ipl_sec; + u_long ipl_usec; + u_int ipl_len; + u_int ipl_count; + size_t ipl_dsize; + struct iplog *ipl_next; +} + +struct ipflog { + u_char fl_ifname[IFNAMSIZ]; + u_char fl_plen; /* extra data after hlen */ + u_char fl_hlen; /* length of IP headers saved */ + u_short fl_rule; /* assume < 64k rules, total */ + u_short fl_group; + u_32_t fl_flags; +} +.Ed +.Pp In the case of the header causing the buffer to finish on a non-32bit -boundary, padding will be `appended' to ensure that the next log entry +boundary, padding will be appended to ensure that the next log entry is aligned to a 32bit boundary. -.LP -.PP -If the packet contents is more than 128 bytes, then only 128 bytes of the -packet contents is logged. Should the packet contents finish on a non-32bit +.Pp +If the packet content is more than 128 bytes, only +the first 128 bytes of the +packet content are logged. Should the packet content finish on a non-32bit boundary, then the last few bytes are not logged to ensure the log entry is aligned to a 32bit boundary. - -\fBipl\fP is a read-only (sequential) character pseudo-device. - -The ioctls which are loaded with this device can be found under \fBipf(4)\fP. +.Pp +.Nm +is a read-only (sequential) character pseudo-device. +.Pp +The ioctls which are loaded with this device can be found under +.Xr ipf 4 . The only ioctl which is used for logging and doesn't affect the filter is: -.LP -.nf - ioctl(fd, SIOCIPFFB, int *) -.fi -.PP +.Pp +.Dl Fn ioctl fd SIOCIPFFB "int *" +.Pp This ioctl flushes the log buffer and returns the number of bytes flushed. -.PP +.Pp There is currently no support for non-blocking IO with this device, meaning all read operations should be considered blocking in nature (if there is no data to read, it will sleep until some is made available). -.SH SEE ALSO -ipf(4), ipmon(8) -.SH BUGS +.Sh SEE ALSO +.Xr ipf 4 , +.Xr ipmon 8 +.Sh BUGS Packet headers are dropped when the internal buffer (static size) fills. -.SH FILES -/dev/ipl0 +.Sh FILES +.Pa /dev/ipl |