diff options
author | Phil Sutter <phil@nwl.cc> | 2019-01-16 22:47:59 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 02:52:30 +0100 |
commit | 032dc4a18ab86173847b6016baf0819ccd7641c5 (patch) | |
tree | ba35e12bd5a061e82b334534bd2b988eedd7be9c /utils/nfbpf_compile.8.in | |
parent | 5ca9acf51adf9dcc8e0d82cd8f5b9b2514f900ee (diff) |
utils: Add a manpage for nfbpf_compile
Content is rather sparse, but still better than no manpage at all.
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'utils/nfbpf_compile.8.in')
-rw-r--r-- | utils/nfbpf_compile.8.in | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/utils/nfbpf_compile.8.in b/utils/nfbpf_compile.8.in new file mode 100644 index 00000000..d02979a5 --- /dev/null +++ b/utils/nfbpf_compile.8.in @@ -0,0 +1,70 @@ +.TH NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" + +.SH NAME +nfbpf_compile \- generate bytecode for use with xt_bpf +.SH SYNOPSIS + +.ad l +.in +8 +.ti -8 +.B nfbpf_compile +[ +.I LLTYPE +] +.I PROGRAM + +.ti -8 +.I LLTYPE +:= { +.BR EN10MB " | " RAW " | " SLIP " | " +.I ... +} + +.SH DESCRIPTION +The +.B nfbpf_compile +utility aids in generating BPF byte code suitable for passing to +the iptables +.B bpf +match. + +.SH OPTIONS + +.TP +.I LLTYPE +Link-layer header type to operate on. This is a name as defined in +.RB < pcap/dlt.h > +but with the leading +.B DLT_ +prefix stripped. For use with iptables, +.B RAW +should be the right choice (it's also the default if not specified). + +.TP +.I PROGRAM +The BPF expression to compile, see +.BR pcap-filter (7) +for a description of the language. + +.SH EXIT STATUS +The program returns 0 on success, 1 otherwise. + +.SH EXAMPLE +Match incoming TCP packets with size bigger than 100 bytes: +.P +.in +8 +.EE +bpf=$(nfbpf_compile 'tcp and greater 100') +.br +iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT +.RE +.P +The description of +.B bpf +match in +.BR iptables-extensions (8) +lists a few more examples. + +.SH SEE ALSO +.BR iptables-extensions (8), +.BR pcap-filter (7) |