*** UNIX MANUAL PAGE BROWSER ***

NPFLOG(4) FreeBSD Kernel Interfaces Manual NPFLOG(4) NAME npflog - packet filter logging interface SYNOPSIS pseudo-device npflog DESCRIPTION The npflog interface is a pseudo-device which makes visible all packets logged by the npf(7) packet filter. Logged packets can be monitored in real time by invoking tcpdump(8) on the npflog interface, or stored to disk using npfd(8). The npflog0 interface is created automatically at boot if npf(7) is enabled; further instances can be created using ifconfig(8). Each packet retrieved on this interface has a header associated that presently matches the format used by pf(4). This header documents the address family, interface name, rule number, reason, action, and direction of the packet that was logged. This structure looks like: struct npfloghdr { uint8_t length; sa_family_t af; uint8_t action; uint8_t reason; char ifname[IFNAMSIZ]; char ruleset[NPFLOG_RULESET_NAME_SIZE]; uint32_t rulenr; uint32_t subrulenr; uint32_t uid; uint32_t pid; uint32_t rule_uid; uint32_t rule_pid; uint8_t dir; uint8_t pad[3]; }; EXAMPLES Monitor all packets logged on the default interface: # tcpdump -n -e -tttt -i npflog0 SEE ALSO inet(4), inet6(4), netintro(4), npf(7), ifconfig(8), npfd(8), tcpdump(8) HISTORY The npflog device first appeared in NetBSD 6.0. FreeBSD 14.1-RELEASE-p8 June 29, 2023 FreeBSD 14.1-RELEASE-p8