For what it's worth, I'd like to see this mentioned, not necessarly in those exact words though.
How about " optionally, an alternate file inside /var/run/ can be specified." ? Mitja > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Lawrence Teo > Sent: Sunday, June 05, 2011 4:20 AM > To: [email protected] > Subject: isakmpd(8) man page: clarify IKE packet capture file > > isakmpd(8)'s -L command-line option enables IKE packet capture. It is > documented on the isakmpd(8) man page as follows: > > -L Enable IKE packet capture. When this option is given, isakmpd > will capture to file an unencrypted copy of the negotiation > packets it is sending and receiving. This file can later be read > by tcpdump(8) and other utilities using pcap(3). > > The documentation is currently not clear exactly which file isakmpd > will use to log the packet captures. The correct file *is* listed in > the FILES section (it is /var/run/isakmpd.pcap); however, I think it > would be helpful to mention that file in the description of -L itself, > so that the reader would not have to hunt for it throughout the entire > man page. > > Similarly, the "p on/off" FIFO commands to enable IKE packet capture > are documented as follows: > > p on[=<path>] > p off Enable or disable cleartext IKE packet capture. > When enabling, optionally specify which file isakmpd should > capture the packets to. > > Again, the default file is not mentioned. What is also not documented > is, if an alternate file is specified via "p on=/path/to/altfile", its > path must begin with /var/run (I found out the hard way :)). > > The following diff improves the documentation by specifying the default > packet capture file in the text for -L itself, and also documents the > restriction about the alternate file path for the "p on" FIFO command > (borrowing some text from the -l option). > > Any thoughts or comments? > > Lawrence > > > Index: isakmpd.8 > =================================================================== > RCS file: /cvs/src/sbin/isakmpd/isakmpd.8,v > retrieving revision 1.107 > diff -u -p -r1.107 isakmpd.8 > --- isakmpd.8 7 Jun 2010 08:38:09 -0000 1.107 > +++ isakmpd.8 5 Jun 2011 02:09:21 -0000 > @@ -249,7 +249,9 @@ or > Enable IKE packet capture. > When this option is given, > .Nm > -will capture to file an unencrypted copy of the negotiation packets it > +will capture to > +.Pa /var/run/isakmpd.pcap > +an unencrypted copy of the negotiation packets it > is sending and receiving. > This file can later be read by > .Xr tcpdump 8 > @@ -469,9 +471,12 @@ In passive mode no packets are sent to p > .Xc > .It Ic p off > Enable or disable cleartext IKE packet capture. > -When enabling, optionally specify which file > -.Nm > -should capture the packets to. > +When enabling, packets are captured to > +.Pa /var/run/isakmpd.pcap ; > +optionally, an alternate file can be specified but > +note that only paths beginning with > +.Pa /var/run > +are allowed. > .Pp > .It Ic Q > Cleanly shutdown the daemon, as when sent a
