ipl man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

IPL(7)									IPL(7)

       ipl - IP packet log device

       The  ipl	 pseudo	 device's  purpose is to provide an easy way to gather
       packet headers of packets you wish to log.  If a packet header is to be
       logged, the entire header is logged (including any IP options - TCP/UDP
       options are not included when it calculates header size) or not at all.
       The  packet  contents  are  also	 logged	 after the header.  If the log
       reader is busy or otherwise unable to read log records, upto IPLLOGSIZE
       (8192 is the default) bytes of data are stored.

       Prepending  every packet header logged is a structure containing infor‐
       mation relevant to the packet following and why	it  was	 logged.   The
       structure's format is as follows:
	* Log structure.  Each packet header logged is prepended by one of
	* these.  Following this in the log records read from the device
	* will be an ipflog structure which is then followed by any packet
	* data.
       typedef struct iplog    {
	       u_32_t  ipl_magic;
	       u_int   ipl_count;
	       u_32_t  ipl_sec;
	       u_long  ipl_usec;
	       size_t  ipl_dsize;
	       struct  iplog   *ipl_next;
       } iplog_t;

       typedef struct  ipflog  {
	       u_int   fl_unit;
	       char    fl_ifname[IFNAMSIZ];
	       u_short fl_plen;	       /* extra data after hlen */
	       u_char  fl_hlen;	       /* length of IP headers saved */
	       u_short fl_loglevel;    /* syslog log level */
	       u_32_t  fl_rule;
	       u_32_t  fl_group;
	       u_32_t  fl_flags;
	       u_32_t  fl_lflags;
	       u_32_t  limit_type;     /* Limit type */
	       u_32_t  limit_threshold;/* Configured limit */
	       u_32_t  limit_current;  /* current # of connections */
	       u_32_t  limit_excd;     /* # of times limit exceeded so far */
	       u_32_t  limit_lfreq;    /* log per blocked connections */
       } ipflog_t;

       When  reading from the ipl device, it is necessary to call read(2) with
       a buffer big enough to hold at least 1 complete log record - reading of
       partial log records is not supported.

       If  the	packet	contents is more then 128 bytes when log body is used,
       then only 128 bytes of the packet contents is logged.

       Although it is only possible to read from the ipl  device,  opening  it
       for  writing  is	 required when using an ioctl which changes any kernel

       The ioctls which are loaded with this device can be found under ipf(4).
       The  ioctls  which are for use with logging and don't affect the filter
	       ioctl(fd, SIOCIPFFB, int *)
	       ioctl(fd, FIONREAD, int *)

       The SIOCIPFFB ioctl flushes the log buffer and returns  the  number  of
       bytes flushed.  FIONREAD returns the number of bytes currently used for
       storing log data.  If IPFILTER_LOG is not defined when compiling,  SIO‐
       CIPFFB is not available and FIONREAD will return but not do anything.

       There  is  currently  no	 support for non-blocking IO with this device,
       meaning all read operations should be considered blocking in nature (if
       there is no data to read, it will sleep until some is made available).


       Packet  headers	are  dropped  when  the	 internal buffer (static size)


       IPFilter	 was  originally  developed  by	  Darren   Reed.   This	 HP-UX
       enhanced	  version   of	IPFilter  is based  on the open source version
       3.5  Alpha 5.


List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net