diff --git a/contrib/ipfilter/ipmon.c b/contrib/ipfilter/ipmon.c index 05cf9b990f52..e3cd5944ad97 100644 --- a/contrib/ipfilter/ipmon.c +++ b/contrib/ipfilter/ipmon.c @@ -1254,14 +1254,15 @@ int main(argc, argv) int argc; char *argv[]; { - struct stat sb; - FILE *log = stdout; - int fd[3], doread, n, i; - int tr, nr, regular[3], c; int fdt[3], devices = 0, make_daemon = 0; char buf[IPLLOGSIZE], *iplfile[3], *s; - extern int optind; + int fd[3], doread, n, i; extern char *optarg; + extern int optind; + int regular[3], c; + FILE *log = stdout; + struct stat sb; + size_t nr, tr; fd[0] = fd[1] = fd[2] = -1; fdt[0] = fdt[1] = fdt[2] = -1; diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index eadd7866dbeb..9d2965b082df 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,10 +1,11 @@ +.\" $FreeBSD$ .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-vbdPSTEHX +.B \-vbdPRSTEHX ] [ .B \-I interface @@ -76,6 +77,10 @@ The input file specified by \fB\-i\fP is a binary file produced using libpcap (i.e., tcpdump version 3). Packets are read from this file as being input (for rule purposes). An interface maybe specified using \fB\-I\fP. .TP +.B \-R +Remove rules rather than load them. This is not a toggle option, so once +set, it cannot be reset by further use of -R. +.TP .B \-S The input file is to be in "snoop" format (see RFC 1761). Packets are read from this file and used as input from any interface. This is perhaps the @@ -98,7 +103,12 @@ option combinations: .B \-H The input file is to be hex digits, representing the binary makeup of the packet. No length correction is made, if an incorrect length is put in -the IP header. +the IP header. A packet may be broken up over several lines of hex digits, +a blank line indicating the end of the packet. It is possible to specify +both the interface name and direction of the packet (for filtering purposes) +at the start of the line using this format: [direction,interface] To define +a packet going in on le0, we would use \fB[in,le0]\fP - the []'s are required +and part of the input syntax. .TP .B \-X The input file is composed of text descriptions of IP packets.