1 files changed, 17 insertions, 3 deletions

diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1
index 4a17576..5153687 100644
--- a/contrib/ipfilter/man/ipftest.1
+++ b/contrib/ipfilter/man/ipftest.1
@@ -1,12 +1,10 @@
-.\"	$NetBSD$
-.\"
 .TH ipftest 1
 .SH NAME
 ipftest \- test packet filter rules with arbitrary input.
 .SH SYNOPSIS
 .B ipftest
 [
-.B \-6bdDoRvx
+.B \-6bCdDoRvx
 ] [
 .B \-F
 input-format
@@ -29,6 +27,9 @@ interface
 .B \-r
 <filename>
 ] [
+.B \-S
+<ip_address>
+] [
 .B \-T
 <optionlist>
 ]
@@ -58,6 +59,11 @@ Cause the output to be a brief summary (one-word) of the result of passing
 the packet through the filter; either "pass", "block" or "nomatch".
 This is used in the regression testing.
 .TP
+.B \-C
+Force the checksums to be (re)calculated for all packets being input into
+\fBipftest\fP.  This may be necessary if pcap files from tcpdump are being
+fed in where there are partial checksums present due to hardware offloading.
+.TP
 .B \-d
 Turn on filter rule debugging.  Currently, this only shows you what caused
 the rule to not match in the IP header checking (addresses/netmasks, etc).
@@ -169,6 +175,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format.
 .B \-R
 Don't attempt to convert IP addresses to hostnames.
 .TP
+.BR \-S \0<ip_address>
+The IP address specifived with this option is used by ipftest to determine
+whether a packet should be treated as "input" or "output".  If the source
+address in an IP packet matches then it is considered to be inbound.  If it
+does not match then it is considered to be outbound.  This is primarily
+for use with tcpdump (pcap) files where there is no in/out information
+saved with each packet.
+.TP
 .BR \-T \0<optionlist>
 This option simulates the run-time changing of IPFilter kernel variables
 available with the \fB\-T\fP option of \fBipf\fP.