unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (FreeBSD-5.4-RELEASE)
Page:
Section:
Apropos / Subsearch:
optional field

PFLOG(4)                 BSD Kernel Interfaces Manual                 PFLOG(4)

NAME
     pflog -- packet filter logging interface

SYNOPSIS
     device pflog

DESCRIPTION
     The pflog interface is a pseudo-device which makes visible all packets
     logged by the packet filter, pf(4).  Logged packets can easily be moni-
     tored in real time by invoking tcpdump(8) on the pflog interface, or
     stored to disk using pflogd(8).

     Each packet retrieved on this interface has a header associated with it
     of length PFLOG_HDRLEN.  This header documents the address family, inter-
     face name, rule number, reason, action, and direction of the packet that
     was logged.  This structure, defined in <net/if_pflog.h> looks like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };

EXAMPLES
           # ifconfig pflog0 up
           # tcpdump -n -e -ttt -i pflog0

SEE ALSO
     inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8), tcpdump(8)

HISTORY
     The pflog device first appeared in OpenBSD 3.0.

BSD                            December 10, 2001                           BSD