NPFLOG(4) NetBSD Kernel Interfaces Manual NPFLOG(4)
NAME
npflog -- packet filter logging interface
SYNOPSIS
pseudo-device npflog
DESCRIPTION
The npflog interface is a pseudo-device which makes visible all packets logged by the npf(7) packet filter. Logged packets can be monitored in real time by invoking tcpdump(8) on the npflog interface, or stored to disk using npfd(8). The npflog0 interface is created automatically at boot if npf(7) is enabled; further instances can be created using ifconfig(8). Each packet retrieved on this interface has a header associated that presently matches the format used by pf(4). This header documents the address family, interface name, rule number, reason, action, and direc- tion of the packet that was logged. This structure looks like: struct npfloghdr { uint8_t length; sa_family_t af; uint8_t action; uint8_t reason; char ifname[IFNAMSIZ]; char ruleset[NPFLOG_RULESET_NAME_SIZE]; uint32_t rulenr; uint32_t subrulenr; uint32_t uid; uint32_t pid; uint32_t rule_uid; uint32_t rule_pid; uint8_t dir; uint8_t pad[3]; };
EXAMPLES
Monitor all packets logged on the default interface: # tcpdump -n -e -tttt -i npflog0
SEE ALSO
inet(4), inet6(4), netintro(4), npf(7), ifconfig(8), npfd(8), tcpdump(8)
HISTORY
The npflog device first appeared in NetBSD 6.0. NetBSD 10.99 June 29, 2023 NetBSD 10.99
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.