Page MenuHomeFreeBSD

Add additional example to ng_bpf(4)
ClosedPublic

Authored by markus_stoffdv.at on Sep 20 2020, 8:26 AM.

Details

Summary

Include a practical example that shows how ng_bpf can be used to prevent spoofing.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

May you please provide a full context diff?
See https://wiki.freebsd.org/Phabricator

Okay from my side, final words come from "manpages".

share/man/man4/ng_bpf.4
182 ↗(On Diff #77242)

May you use "documentation" IP space? See RFC 5737

This revision is now accepted and ready to land.Sep 20 2020, 12:08 PM

Now using documentation IP space and full context diff.

This revision now requires review to proceed.Sep 20 2020, 2:11 PM

There are two ways to check man pages:

textproc/igor, it reports:

$ igor ng_bpf.4
ng_bpf.4:38:date not today, September 20, 2020:.Dd [April 29, 2020]
ng_bpf.4:173:blank line:

and mandoc -Tlint, which reports:

$ mandoc -Tlint ng_bpf.4
mandoc: ng_bpf.4:173:1: WARNING: blank line in fill mode, using .sp
mandoc: ng_bpf.4:117:2: STYLE: useless macro: Tn
mandoc: ng_bpf.4:124:2: STYLE: useless macro: Tn
mandoc: ng_bpf.4:130:2: STYLE: useless macro: Tn

Can you fix them ?

markus_stoffdv.at marked an inline comment as done.
In D26488#589643, @pi wrote:

There are two ways to check man pages:

textproc/igor, it reports:

$ igor ng_bpf.4
ng_bpf.4:38:date not today, September 20, 2020:.Dd [April 29, 2020]
ng_bpf.4:173:blank line:

and mandoc -Tlint, which reports:

$ mandoc -Tlint ng_bpf.4
mandoc: ng_bpf.4:173:1: WARNING: blank line in fill mode, using .sp
mandoc: ng_bpf.4:117:2: STYLE: useless macro: Tn
mandoc: ng_bpf.4:124:2: STYLE: useless macro: Tn
mandoc: ng_bpf.4:130:2: STYLE: useless macro: Tn

Can you fix them ?

Sure. Here you go.

The EXAMPLES section mentions tcpdump to generate BPF instructions that are fed into awk -- I do not see the awk(1) call in the example ? Is awk really needed for the example ?

share/man/man4/ng_bpf.4
143 ↗(On Diff #77260)

This awk script exists in an older version of the man page.
It was rewritten to shell starting with 7.1-RELEASE, but this comment was not modified.

  1. about awk: So the mention of awk(1) can be removed from the EXAMPLES section ?
  1. tcpdump wants to operate on some interface, as far as I can see, even it that interface will not be used ?

So running it as normal user gives this error:

$ tcpdump -s 8192 -p -ddd tcp dst port 80
tcpdump: igb0: You don't have permission to capture on that device

So this script needs to be run as root, right ? Can this be mentioned somewhere ? Any options to avoid running this as root ?

The change is fine, with or without removing awk(1), and the root requirement is implicit, you can't modify hooks as normal user anyway (or can you?).

In D26488#589662, @pi wrote:

The change is fine, with or without removing awk(1), and the root requirement is implicit, you can't modify hooks as normal user anyway (or can you?).

I'm glad to hear that. As it isn't any effort, I've removed the awk reference anyway.

This revision is now accepted and ready to land.Sep 21 2020, 5:11 AM
hselasky added a subscriber: hselasky.

Looks good to me.

bcr added a subscriber: bcr.

Also good from manpages (again).