119 lines
4.7 KiB
Groff
119 lines
4.7 KiB
Groff
.\" $NetBSD: ipl.4,v 1.3 1997/01/07 11:32:24 mrg Exp $
|
|
.\"
|
|
.\" Copyright (c) 1997 Matthew R. Green
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Matthew R. Green for
|
|
.\" the NetBSD Project.
|
|
.\" 4. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" (C)opyright 1993, 1994, 1995 by Darren Reed.
|
|
.\"
|
|
.\" The author accepts no responsibility for the use of this software and
|
|
.\" provides it on an ``as is'' basis without express or implied warranty.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms are permitted
|
|
.\" provided that this notice is preserved and due credit is given
|
|
.\" to the original author and the contributors.
|
|
.\"
|
|
.\" This program is distributed in the hope that it will be useful,
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
.\"
|
|
.\" I hate legaleese, don't you ?
|
|
.Dd January 5, 1997
|
|
.Dt IPL 4
|
|
.Os NetBSD 1.3
|
|
.Sh NAME
|
|
.Nm ipl
|
|
.Nd IP filter software
|
|
.Sh SYNOPSIS
|
|
.Cd pseudo-device ipfilter
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
pseudo device's purpose is to provide an easy way to gather
|
|
packet headers of packets you wish to log. If a packet header is to be
|
|
logged, the entire header is logged (including any IP options \- TCP/UDP
|
|
options are not included when it calculates header size) or not at all.
|
|
The packet contents are also logged after the header.
|
|
.Pp
|
|
Prepending every packet header logged is a structure containing information
|
|
relevant to the packet following and why it was logged. The structure's
|
|
format is as follows:
|
|
.Lp
|
|
.nf
|
|
struct ipl_ci {
|
|
u_long sec; /* time when the packet was logged */
|
|
u_long usec;
|
|
u_long plen; /* length of packet data logged */
|
|
u_short hlen; /* length of headers logged */
|
|
u_short rule; /* rule number (for log ...) or 0 if result = log */
|
|
u_long flags:24; /* XXX FIXME do we care about the extra bytes? */
|
|
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
|
|
u_long filler:8; /* XXX FIXME do we care? */
|
|
u_char ifname[IFNAMSIZ];
|
|
#else
|
|
u_long unit:8;
|
|
u_char ifname[4];
|
|
#endif
|
|
};
|
|
.fi
|
|
.Pp
|
|
In the case of the header causing the buffer to finish on a non-32bit
|
|
boundary, padding will be `appended' to ensure that the next log entry
|
|
is aligned to a 32bit boundary.
|
|
.Lp
|
|
.Pp
|
|
If the packet contents is more then 128 bytes, then only 128 bytes of the
|
|
packet contents is logged. Should the packet contents finish on a non-32bit
|
|
boundary, then the last few bytes are not logged to ensure the log entry
|
|
is aligned to a 32bit boundary.
|
|
.Pp
|
|
.Nm
|
|
is a read-only (sequential) character pseudo-device.
|
|
|
|
The ioctls which are loaded with this device can be found under
|
|
.Xr ipf 4 .
|
|
The only ioctl which is used for logging and doesn't affect the filter is:
|
|
.Lp
|
|
.nf
|
|
ioctl(fd, SIOCIPFFB, int *)
|
|
.fi
|
|
.Pp
|
|
This ioctl flushes the log buffer and returns the number of bytes flushed.
|
|
.Pp
|
|
There is currently no support for non-blocking IO with this device, meaning
|
|
all read operations should be considered blocking in nature (if there is no
|
|
data to read, it will sleep until some is made available).
|
|
.Sh SEE ALSO
|
|
.Xr ipf 4
|
|
.Sh BUGS
|
|
Packet headers are dropped when the internal buffer (static size) fills.
|
|
.Sh FILES
|
|
.Pa /dev/ipl
|
|
device for ioctl and packet loging.
|