[src/trunk]: src/usr.sbin/npf/npfd add example.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5922b64888d6
branches:  trunk
changeset: 820347:5922b64888d6
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Jan 07 18:48:47 2017 +0000

description:
add example.

diffstat:

 usr.sbin/npf/npfd/npfd.8 |  25 +++++++++++++++++++++++--
 1 files changed, 23 insertions(+), 2 deletions(-)

diffs (46 lines):

diff -r fa3b1ae7a0b6 -r 5922b64888d6 usr.sbin/npf/npfd/npfd.8
--- a/usr.sbin/npf/npfd/npfd.8  Sat Jan 07 18:28:49 2017 +0000
+++ b/usr.sbin/npf/npfd/npfd.8  Sat Jan 07 18:48:47 2017 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npfd.8,v 1.1 2017/01/07 16:48:03 christos Exp $
+.\"    $NetBSD: npfd.8,v 1.2 2017/01/07 18:48:47 christos Exp $
 .\"    $OpenBSD: pflogd.8,v 1.35 2007/05/31 19:19:47 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Can Erkin Acar.  All rights reserved.
@@ -225,7 +225,27 @@
 Display the logs in real time of inbound packets that were blocked on
 the wi0 interface:
 .Bd -literal -offset indent
-# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
+# tcpdump -n -e -ttt -i npflog0 inbound and action block and on wi0
+.Ed
+.Pp
+Each
+.Xr npf 4
+rule is marked with an id number, shown using:
+.Bd -literal -offset indent
+# npfctl show
+...
+        block final all apply "log" # id="45" 
+...
+.Ed
+.Pp
+This id is the rule id shown by tcpdump:
+.Bd -literal -offset indent
+# tcpdump -enr /var/log/npflog0.pcap
+...
+11:26:02.288199 rule 45.rules.0/0(match): block in on sk0: \e
+1.2.3.4.46063 > 5.6.7.8.23231: Flags [S], seq 1, win 8192, \e
+options [mss 1440], length 0
+...
 .Ed
 .Sh SEE ALSO
 .Xr pcap 3 ,
@@ -233,6 +253,7 @@
 .Xr npf.conf 5 ,
 .Xr newsyslog 8 ,
 .Xr npf 7 ,
+.Xr npfctl 8 ,
 .Xr tcpdump 8
 .Sh HISTORY
 The