Add an example showing how to configure a node from the command line.

svn path=/head/; revision=72680
2001-02-19 04:00:52 +00:00 · 2001-02-19 04:00:52 +00:00 · 78c8722845 · 2020-12-20 02:59:44 +00:00
commit 78c8722845
parent 0937df81ca
1 changed files with 37 additions and 0 deletions
--- a/share/man/man4/ng_bpf.4
+++ b/share/man/man4/ng_bpf.4
@ -133,6 +133,43 @@ except that the statistics are also atomically cleared.
 This node shuts down upon receipt of a
 .Dv NGM_SHUTDOWN
 control message, or when all hooks have been disconnected.
+.Sh EXAMPLE
+It is possible to configure a node from the command line, using
+.Xr tcpdump 8 
+to generate raw BPF instructions which are then fed into an
+.Xr awk 1
+script to create the ASCII form of a
+.Dv NGM_BPF_SET_PROGRAM
+control message, as demonstrated here:
+.Bd -literal -offset 4n
+#!/bin/sh
+
+PATTERN="tcp dst port 80"
+INHOOK="hook1"
+MATCHHOOK="hook2"
+NOTMATCHHOOK="hook3"
+
+cat > /tmp/bpf.awk << xxENDxx
+{
+  if (!init) {
+    printf "bpf_prog_len=%d bpf_prog=[", \\$1;
+    init=1;
+  } else {
+    printf " { code=%d jt=%d jf=%d k=%d }", \\$1, \\$2, \\$3, \\$4;
+  }
+}
+END {
+  print " ]"
+}
+xxENDxx
+
+BPFPROG=`tcpdump -ddd ${PATTERN} | awk -f /tmp/bpf.awk`
+
+ngctl msg my_node: setprogram { thisHook=\\"${INHOOK}\\" \\
+  ifMatch=\\"${MATCHHOOK}\\" \\
+  ifNotMatch=\\"${NOTMATCHHOOK}\\" \\
+  ${BPFPROG} } }
+.Ed
 .Sh BUGS
 When built as a loadable kernel module, this module includes the file
 .Pa net/bpf_filter.c .