Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/npf/npfd Simplify the description of npfd, default ...



details:   https://anonhg.NetBSD.org/src/rev/435c6093b480
branches:  trunk
changeset: 365231:435c6093b480
user:      sevan <sevan%NetBSD.org@localhost>
date:      Tue Aug 07 22:55:47 2018 +0000

description:
Simplify the description of npfd, default npflog interface & pcap file are
covered later.
Move advise regarding offline analysis to the CAVEATS section.

diffstat:

 usr.sbin/npf/npfd/npfd.8 |  30 +++++++++++++-----------------
 1 files changed, 13 insertions(+), 17 deletions(-)

diffs (50 lines):

diff -r b59ece9860e0 -r 435c6093b480 usr.sbin/npf/npfd/npfd.8
--- a/usr.sbin/npf/npfd/npfd.8  Tue Aug 07 22:02:08 2018 +0000
+++ b/usr.sbin/npf/npfd/npfd.8  Tue Aug 07 22:55:47 2018 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npfd.8,v 1.4 2018/08/07 22:02:08 sevan Exp $
+.\"    $NetBSD: npfd.8,v 1.5 2018/08/07 22:55:47 sevan Exp $
 .\"    $OpenBSD: pflogd.8,v 1.35 2007/05/31 19:19:47 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Can Erkin Acar.  All rights reserved.
@@ -43,24 +43,16 @@
 .Op Ar expression
 .Sh DESCRIPTION
 .Nm
-is a background daemon which reads packets logged by
+is a background daemon which writes to a file in
+.Xr pcap 3
+format logged packets read from an npflog interface.
+The npflog interface is used by
 .Xr npf 7
-to an
-.\" .Xr npflog 4
-npflog
-interface, normally
-.Pa npflog0 ,
-and writes the packets to a logfile (normally
-.Pa /var/log/npflog0.pcap )
-in
+to log packets as defined in
+.Xr npf.conf 5 .
+The generated
 .Xr pcap 3
-format, which can be read by
-.Xr tcpdump 8 .
-These logs can be reviewed later using the
-.Fl r
-option of
-.Xr tcpdump 8 ,
-hopefully offline in case there are bugs in the packet parsing code of
+files can then be analysed using tools such as
 .Xr tcpdump 8 .
 .Pp
 .Nm
@@ -260,3 +252,7 @@
 .Sh AUTHORS
 This manual page was written by
 .An Can Erkin Acar Aq Mt canacar%openbsd.org@localhost .
+.Sh CAVEATS
+Offline analysis of captured data is advised to alleviate issues with
+malicious data intended to exploit bugs in the packet parsing code of
+.Xr tcpdump 8 .



Home | Main Index | Thread Index | Old Index