pflog(4) - NetBSD Manual Pages

PFLOG(4)                NetBSD Kernel Interfaces Manual               PFLOG(4)


NAME
pflog -- packet filter logging interface
SYNOPSIS
pseudo-device pflog
DESCRIPTION
The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be moni- tored in real time by invoking tcpdump(8) on the pflog interface, or stored to disk using pflogd(8). Each packet retrieved on this interface has a header associated with it of length PFLOG_HDRLEN. This header documents the address family, inter- face name, rule number, reason, action, and direction of the packet that was logged. This structure, defined in <net/if_pflog.h> looks like struct pfloghdr { u_int8_t length; sa_family_t af; u_int8_t action; u_int8_t reason; char ifname[IFNAMSIZ]; char ruleset[PF_RULESET_NAME_SIZE]; u_int32_t rulenr; u_int32_t subrulenr; u_int8_t dir; u_int8_t pad[3]; };
EXAMPLES
# ifconfig pflog0 up # tcpdump -n -e -ttt -i pflog0
SEE ALSO
inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)
HISTORY
The pflog device first appeared in OpenBSD 3.0. NetBSD 4.0.1 December 10, 2001 NetBSD 4.0.1

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.