Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
NPFLOG(4) Device Drivers Manual NPFLOG(4)
NAME
npflog - packet filter logging interface
SYNOPSIS
pseudo-device npflog
DESCRIPTION
The npflog interface is a pseudo-device which makes visible all packets
logged by the npf(7) packet filter. Logged packets can be monitored in
real time by invoking tcpdump(8) on the npflog interface, or stored to
disk using npfd(8).
The npflog0 interface is created automatically at boot if npf(7) is
enabled; further instances can be created using ifconfig(8).
Each packet retrieved on this interface has a header associated that
presently matches the format used by pf(4). This header documents the
address family, interface name, rule number, reason, action, and
direction of the packet that was logged. This structure looks like:
struct npfloghdr {
uint8_t length;
sa_family_t af;
uint8_t action;
uint8_t reason;
char ifname[IFNAMSIZ];
char ruleset[NPFLOG_RULESET_NAME_SIZE];
uint32_t rulenr;
uint32_t subrulenr;
uint32_t uid;
uint32_t pid;
uint32_t rule_uid;
uint32_t rule_pid;
uint8_t dir;
uint8_t pad[3];
};
EXAMPLES
Monitor all packets logged on the default interface:
# tcpdump -n -e -tttt -i npflog0
SEE ALSO
inet(4), inet6(4), netintro(4), npf(7), ifconfig(8), npfd(8), tcpdump(8)
HISTORY
The npflog device first appeared in NetBSD 6.0.
NetBSD 10.99 June 29, 2023 NetBSD 10.99