diff options
Diffstat (limited to 'contrib/ipfilter/man/ipftest.1')
-rw-r--r-- | contrib/ipfilter/man/ipftest.1 | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index 4a17576..5153687 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-6bdDoRvx +.B \-6bCdDoRvx ] [ .B \-F input-format @@ -29,6 +27,9 @@ interface .B \-r <filename> ] [ +.B \-S +<ip_address> +] [ .B \-T <optionlist> ] @@ -58,6 +59,11 @@ Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP +.B \-C +Force the checksums to be (re)calculated for all packets being input into +\fBipftest\fP. This may be necessary if pcap files from tcpdump are being +fed in where there are partial checksums present due to hardware offloading. +.TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). @@ -169,6 +175,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format. .B \-R Don't attempt to convert IP addresses to hostnames. .TP +.BR \-S \0<ip_address> +The IP address specifived with this option is used by ipftest to determine +whether a packet should be treated as "input" or "output". If the source +address in an IP packet matches then it is considered to be inbound. If it +does not match then it is considered to be outbound. This is primarily +for use with tcpdump (pcap) files where there is no in/out information +saved with each packet. +.TP .BR \-T \0<optionlist> This option simulates the run-time changing of IPFilter kernel variables available with the \fB\-T\fP option of \fBipf\fP. |