Module Name: src
Committed By: gutteridge
Date: Thu Jun 29 23:20:02 UTC 2023
Modified Files:
src/share/man/man4: npflog.4
Log Message:
npflog.4: add and adjust some details
Add details about the header structure (though the if_npflog.h file is
not presently installed and has a _KERNEL guard). Also adjust some
sentences (requested by riastradh@), and include the original OpenBSD
RCS ID, since much of this content shares that origin.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/share/man/man4/npflog.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/npflog.4
diff -u src/share/man/man4/npflog.4:1.1 src/share/man/man4/npflog.4:1.2
--- src/share/man/man4/npflog.4:1.1 Tue Jun 20 01:02:46 2023
+++ src/share/man/man4/npflog.4 Thu Jun 29 23:20:02 2023
@@ -1,4 +1,5 @@
-.\" $NetBSD: npflog.4,v 1.1 2023/06/20 01:02:46 gutteridge Exp $
+.\" $NetBSD: npflog.4,v 1.2 2023/06/29 23:20:02 gutteridge Exp $
+.\" $OpenBSD: pflog.4,v 1.10 2007/05/31 19:19:51 jmc Exp $
.\"
.\" Copyright (c) 2001 Tobias Weingartner
.\" All rights reserved.
@@ -29,7 +30,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 19, 2023
+.Dd June 29, 2023
.Dt NPFLOG 4
.Os
.Sh NAME
@@ -44,8 +45,7 @@ interface is a pseudo-device which makes
the
.Xr npf 7
packet filter.
-Logged packets can easily be monitored in real
-time by invoking
+Logged packets can be monitored in real time by invoking
.Xr tcpdump 8
on the
.Nm
@@ -61,8 +61,27 @@ further instances can be created using
Each packet retrieved on this interface has a header associated
that presently matches the format used by
.Xr pf 4 .
-However, this is intentionally not exposed to userland, and is also
-possibly subject to change in future.
+This header documents the address family, interface name, rule
+number, reason, action, and direction of the packet that was logged.
+This structure looks like:
+.Bd -literal -offset indent
+struct npfloghdr {
+ uint8_t length;
+ sa_family_t af;
+ uint8_t action;
+ uint8_t reason;
+ char ifname[IFNAMSIZ];
+ char ruleset[NPFLOG_RULESET_NAME_SIZE];
+ uint32_t rulenr;
+ uint32_t subrulenr;
+ uint32_t uid;
+ uint32_t pid;
+ uint32_t rule_uid;
+ uint32_t rule_pid;
+ uint8_t dir;
+ uint8_t pad[3];
+};
+.Ed
.Sh EXAMPLES
Monitor all packets logged on the default interface:
.Bd -literal -offset indent
