diff options
| author | darrenr <darrenr@FreeBSD.org> | 2002-06-07 09:01:41 +0000 |
|---|---|---|
| committer | darrenr <darrenr@FreeBSD.org> | 2002-06-07 09:01:41 +0000 |
| commit | 97653820111cf879c1a59bd107cd0725c4e18886 (patch) | |
| tree | 7f5d814cf49593c349eab3bf708f8d18f9e0a015 /contrib/ipfilter | |
| parent | 221a9f73d4a8b4c7fe81ba0ff7ae4234dd7387d9 (diff) | |
| download | FreeBSD-src-97653820111cf879c1a59bd107cd0725c4e18886.zip FreeBSD-src-97653820111cf879c1a59bd107cd0725c4e18886.tar.gz | |
Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28
Diffstat (limited to 'contrib/ipfilter')
| -rw-r--r-- | contrib/ipfilter/ipmon.c | 11 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipftest.1 | 14 |
2 files changed, 18 insertions, 7 deletions
diff --git a/contrib/ipfilter/ipmon.c b/contrib/ipfilter/ipmon.c index 05cf9b9..e3cd594 100644 --- a/contrib/ipfilter/ipmon.c +++ b/contrib/ipfilter/ipmon.c @@ -1254,14 +1254,15 @@ int main(argc, argv) int argc; char *argv[]; { - struct stat sb; - FILE *log = stdout; - int fd[3], doread, n, i; - int tr, nr, regular[3], c; int fdt[3], devices = 0, make_daemon = 0; char buf[IPLLOGSIZE], *iplfile[3], *s; - extern int optind; + int fd[3], doread, n, i; extern char *optarg; + extern int optind; + int regular[3], c; + FILE *log = stdout; + struct stat sb; + size_t nr, tr; fd[0] = fd[1] = fd[2] = -1; fdt[0] = fdt[1] = fdt[2] = -1; diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index eadd786..9d2965b 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,10 +1,11 @@ +.\" $FreeBSD$ .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-vbdPSTEHX +.B \-vbdPRSTEHX ] [ .B \-I interface @@ -76,6 +77,10 @@ The input file specified by \fB\-i\fP is a binary file produced using libpcap (i.e., tcpdump version 3). Packets are read from this file as being input (for rule purposes). An interface maybe specified using \fB\-I\fP. .TP +.B \-R +Remove rules rather than load them. This is not a toggle option, so once +set, it cannot be reset by further use of -R. +.TP .B \-S The input file is to be in "snoop" format (see RFC 1761). Packets are read from this file and used as input from any interface. This is perhaps the @@ -98,7 +103,12 @@ option combinations: .B \-H The input file is to be hex digits, representing the binary makeup of the packet. No length correction is made, if an incorrect length is put in -the IP header. +the IP header. A packet may be broken up over several lines of hex digits, +a blank line indicating the end of the packet. It is possible to specify +both the interface name and direction of the packet (for filtering purposes) +at the start of the line using this format: [direction,interface] To define +a packet going in on le0, we would use \fB[in,le0]\fP - the []'s are required +and part of the input syntax. .TP .B \-X The input file is composed of text descriptions of IP packets. |
