From f8665d43b8e1e33a92b7529d49e3e8c8b1c3c586 Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Thu, 17 May 2018 17:02:31 +0200 Subject: man: reformat all man pages - use .TP for option and example labels - use .BR for references to other manpages, also in description texts - highlight options using .B in description texts - misc. cleanups Signed-off-by: Tobias Klauser --- astraceroute.8 | 146 +++++++++--------- bpfc.8 | 138 ++++++++--------- curvetun.8 | 88 +++++------ flowtop.8 | 93 ++++++------ ifpps.8 | 103 +++++++------ netsniff-ng.8 | 455 +++++++++++++++++++++++++++++++-------------------------- trafgen.8 | 227 +++++++++++++++------------- 7 files changed, 669 insertions(+), 581 deletions(-) diff --git a/astraceroute.8 b/astraceroute.8 index aedf730..fc999aa 100644 --- a/astraceroute.8 +++ b/astraceroute.8 @@ -7,7 +7,7 @@ astraceroute \- autonomous system trace route utility .PP .SH SYNOPSIS .PP -\fBastraceroute\fR [\fIoptions\fR] +\fBastraceroute\fP [\fIoptions\fP] .PP .SH DESCRIPTION astraceroute is a small utility to retrieve path information in a traceroute @@ -29,133 +29,133 @@ keywords. This tool might be a good start for further in-depth analysis of such systems. .PP .SH OPTIONS -.PP -.SS -H , --host +.TP +.B -H , --host Hostname or IPv4 or IPv6 address of the remote host where the AS route should -be traced to. In the case of an IPv6 address or host, option ''\-6'' must be +be traced to. In the case of an IPv6 address or host, option \fB-6\fP must be used. IPv4 is the default. -.PP -.SS -p , --port +.TP +.B -p , --port TCP port for the remote host to use. If not specified, the default port used is 80. -.PP -.SS -i , -d , --dev +.TP +.B -i , -d , --dev Networking device to start the trace route from, e.g. eth0, wlan0. -.PP -.SS -b , --bind +.TP +.B -b , --bind IP address to bind to other than the network device's address. You must specify -\-6 for an IPv6 address. -.PP -.SS -f , --init-ttl +\fB-6\fP for an IPv6 address. +.TP +.B -f , --init-ttl Initial TTL value to be used. This option might be useful if you are not interested in the first n hops, but only the following ones. The default initial TTL value is 1. -.PP -.SS -m , --max-ttl +.TP +.B -m , --max-ttl Maximum TTL value to be used. If not otherwise specified, the maximum TTL value is 30. Thus, after this has been reached astraceroute exits. -.PP -.SS -q , --num-probes +.TP +.B -q , --num-probes Specifies the number of queries to be done on a particular hop. The default is 2 query requests. -.PP -.SS -x , --timeout +.TP +.B -x , --timeout Tells astraceroute the probe response timeout in seconds, in other words the maximum time astraceroute must wait for an ICMP response from the current hop. The default is 3 seconds. -.PP -.SS -X , --payload +.TP +.B -X , --payload Places an ASCII cleartext string into the packet payload. Cleartext that contains whitespace must be put into quotes (e.g.: "censor me"). -.PP -.SS -l , --totlen +.TP +.B -l , --totlen Specifies the total length of the packet. Payload that does not have a cleartext string in it is padded with random garbage. -.PP -.SS -4, --ipv4 +.TP +.B -4, --ipv4 Use IPv4 only requests. This is the default. -.PP -.SS -6, --ipv6 +.TP +.B -6, --ipv6 Use IPv6 only requests. This must be used when passing an IPv6 host as an argument. -.PP -.SS -n, --numeric +.TP +.B -n, --numeric Tells astraceroute to not perform reverse DNS lookup for hop replies. The -reverse option is ''\-N''. -.PP -.SS -u, --update +reverse option is \fB-N\fP. +.TP +.B -u, --update The built-in geo-database update mechanism will be invoked to get Maxmind's latest version. To configure search locations for databases, the file /etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to save bandwidth or for mirroring Maxmind's databases (to bypass their traffic limit policy), different hosts or IP addresses can be placed into geoip.conf, separated by a newline. -.PP -.SS -L, --latitude +.TP +.B -L, --latitude Also show latitude and longitude of hops. -.PP -.SS -N, --dns +.TP +.B -N, --dns Tells astraceroute to perform reverse DNS lookup for hop replies. The -reverse option is ''\-n''. -.PP -.SS -S, --syn +reverse option is \fB-n\fP. +.TP +.B -S, --syn Use TCP's SYN flag for the request. -.PP -.SS -A, --ack +.TP +.B -A, --ack Use TCP's ACK flag for the request. -.PP -.SS -F, --fin +.TP +.B -F, --fin Use TCP's FIN flag for the request. -.PP -.SS -P, --psh +.TP +.B -P, --psh Use TCP's PSH flag for the request. -.PP -.SS -U, --urg +.TP +.B -U, --urg Use TCP's URG flag for the request. -.PP -.SS -R, --rst +.TP +.B -R, --rst Use TCP's RST flag for the request. -.PP -.SS -E, --ecn-syn +.TP +.B -E, --ecn-syn Use TCP's ECN flag for the request. -.PP -.SS -t , --tos +.TP +.B -t , --tos Explicitly specify IP's TOS. -.PP -.SS -G, --nofrag +.TP +.B -G, --nofrag Set IP's no fragmentation flag. -.PP -.SS -Z, --show-packet +.TP +.B -Z, --show-packet Show and dissect the returned packet. -.PP -.SS -v, --version +.TP +.B -v, --version Show version information and exit. -.PP -.SS -h, --help +.TP +.B -h, --help Show user help and exit. .PP .SH USAGE EXAMPLE -.PP -.SS astraceroute -i eth0 -N -S -H netsniff-ng.org +.TP +.B astraceroute -i eth0 -N -S -H netsniff-ng.org This sends out a TCP SYN probe via the ''eth0'' networking device to the remote IPv4 host netsniff-ng.org. This request is most likely to pass. Also, tell astraceroute to perform reverse DNS lookups for each hop. -.PP -.SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net +.TP +.B astraceroute -6 -i eth0 -S -E -N -H www.6bone.net In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being performed. Also in this case, the ''eth0'' device is being used as well as a reverse DNS lookup for each hop. -.PP -.SS astraceroute -i eth0 -N -F -H netsniff-ng.org +.TP +.B astraceroute -i eth0 -N -F -H netsniff-ng.org Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again, on each hop a reverse DNS lookup is being done and the queries are transmitted from ''eth0''. IPv4 is used. -.PP -.SS astraceroute -i eth0 -N -FPU -H netsniff-ng.org +.TP +.B astraceroute -i eth0 -N -FPU -H netsniff-ng.org As in most other examples, we perform a trace route to IPv4 host netsniff-ng.org and do a TCP Xmas probe this time. -.PP -.SS astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z +.TP +.B astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z In this example, we have a Null probe to the remote host netsniff-ng.org, port 80 (default) and this time, we append the cleartext string "censor-me" into the packet payload to test if a firewall or DPI will let this string pass. Such a trace @@ -173,8 +173,8 @@ http://bgp.he.net/AS. .SH BUGS The geographical locations are estimated with the help of Maxmind's GeoIP database and can differ from the real physical location. To decrease the -possible errors, update the database regularly using astraceroute's \-\-update -option. +possible errors, update the database regularly using astraceroute's +\fB--update\fP option. .PP At some point in time, we need a similar approach to gather more reliable path information such as in the paris-traceroute tool. diff --git a/bpfc.8 b/bpfc.8 index 3456e1e..d14d977 100644 --- a/bpfc.8 +++ b/bpfc.8 @@ -7,7 +7,7 @@ bpfc \- a Berkeley Packet Filter assembler and compiler .PP .SH SYNOPSIS .PP -\fBbpfc\fR { [\fIoptions\fR] | [\fIsource-file\fR] } +\fBbpfc\fP { [\fIoptions\fP] | [\fIsource-file\fP] } .PP .SH DESCRIPTION .PP @@ -15,8 +15,9 @@ bpfc is a small Berkeley Packet Filter assembler and compiler which is able to translate BPF assembler-like mnemonics into a numerical or C-like format, that can be read by tools such as netsniff-ng, iptables (xt_bpf) and many others. BPF is the one and only upstream filtering construct that is used -in combination with packet(7) sockets, but also seccomp-BPF for system call -sandboxing. +in combination with +.BR packet (7) +sockets, but also seccomp-BPF for system call sandboxing. .PP The Linux kernel and also BSD kernels implement "virtual machine" like constructs and JIT compilers that mimic a small register-based machine in @@ -29,22 +30,27 @@ application in other areas such as in the communication between user and kernel space like system call sand-boxing. .PP At the time of writing this man page, the only other available BPF compiler -is part of the pcap(3) library and accessible through a high-level filter -language that might be familiar to many people as tcpdump-like filters. +is part of the +.BR pcap (3) +library and accessible through a high-level filter language that might be +familiar to many people as tcpdump-like filters. .PP However, it is quite often useful to bypass that compiler and write -optimized code that cannot be produced by the pcap(3) compiler, or is -wrongly optimized, or is defective on purpose in order to debug test kernel -code. Also, a reason to use bpfc could be to try out some new BPF extensions -that are not supported by other compilers. Furthermore, bpfc can be useful -to verify JIT compiler behavior or to find possible bugs that need -to be fixed. -.PP -bpfc is implemented with the help of flex(1) and bison(1), tokenizes the -source file in the first stage and parses its content into an AST. In two -code generation stages it emits target opcodes. bpfc furthermore supports -Linux kernel BPF extensions. More about that can be found in the syntax -section. +optimized code that cannot be produced by the +.BR pcap (3) +compiler, or is wrongly optimized, or is defective on purpose in order to debug +test kernel code. Also, a reason to use bpfc could be to try out some new BPF +extensions that are not supported by other compilers. Furthermore, bpfc can be +useful to verify JIT compiler behavior or to find possible bugs that need to be +fixed. +.PP +bpfc is implemented with the help of +.BR flex (1) +and +.BR bison (1), +tokenizes the source file in the first stage and parses its content into an AST. +In two code generation stages it emits target opcodes. bpfc furthermore supports +Linux kernel BPF extensions. More about that can be found in the syntax section. .PP The Linux kernel BPF JIT compiler is automatically turned on if detected by netsniff-ng. However, it can also be manually turned on through the @@ -56,38 +62,38 @@ source tree under ''tools/net/bpf_jit_disasm.c'' or within the netsniff-ng Git repository. .PP .SH OPTIONS -.PP -.SS -i , --input +.TP +.B -i , --input Read BPF assembly instruction from an input file or from stdin. -.PP -.SS -p, --cpp +.TP +.B -p, --cpp Pass the bpf program through the C preprocessor before reading it in bpfc. This allows #define and #include directives (e.g. to include definitions from system headers) to be used in the bpf program. -.PP -.SS -D =, --define = +.TP +.B -D =, --define = Add macro definition for the C preprocessor to use it within bpf file. This -option is used in combination with the -p,--cpp option. -.PP -.SS -f , --format +option is used in combination with the \fB-p\fP/\fB--cpp\fP option. +.TP +.B -f , --format Specify a different output format than the default that is netsniff-ng compatible. The specifier can be: C, netsniff-ng, xt_bpf, tcpdump. -.PP -.SS -b, --bypass +.TP +.B -b, --bypass Bypass basic filter validation when emitting opcodes. This can be useful for explicitly creating malformed BPF expressions for injecting into the kernel, for example, for bug testing. -.PP -.SS -V, --verbose +.TP +.B -V, --verbose Be more verbose and display some bpfc debugging information. -.PP -.SS -d, --dump +.TP +.B -d, --dump Dump all supported instructions to stdout. -.PP -.SS -v, --version +.TP +.B -v, --version Show version information and exit. -.PP -.SS -h, --help +.TP +.B -h, --help Show user help and exit. .PP .SH SYNTAX @@ -230,20 +236,20 @@ Used Abbreviations: .PP In this section, we give a couple of examples of bpfc source files, in other words, some small example filter programs: -.PP -.SS Only return packet headers (truncate packets): +.TP +.B Only return packet headers (truncate packets): .PP ld poff ret a -.PP -.SS Only allow ARP packets: +.TP +.B Only allow ARP packets: .PP ldh [12] jne #0x806, drop ret #-1 drop: ret #0 -.PP -.SS Only allow IPv4 TCP packets: +.TP +.B Only allow IPv4 TCP packets: .PP ldh [12] jne #0x800, drop @@ -251,8 +257,8 @@ words, some small example filter programs: jneq #6, drop ret #-1 drop: ret #0 -.PP -.SS Only allow IPv4 TCP SSH traffic: +.TP +.B Only allow IPv4 TCP SSH traffic: .PP ldh [12] jne #0x800, drop @@ -267,8 +273,8 @@ words, some small example filter programs: jne #0x16, drop pass: ret #-1 drop: ret #0 -.PP -.SS A loadable x86_64 seccomp-BPF filter to allow a given set of syscalls: +.TP +.B A loadable x86_64 seccomp-BPF filter to allow a given set of syscalls: .PP ld [4] /* offsetof(struct seccomp_data, arch) */ jne #0xc000003e, bad /* AUDIT_ARCH_X86_64 */ @@ -285,22 +291,22 @@ words, some small example filter programs: jeq #35, good /* __NR_nanosleep */ bad: ret #0 /* SECCOMP_RET_KILL */ good: ret #0x7fff0000 /* SECCOMP_RET_ALLOW */ -.PP -.SS Allow any (hardware accelerated) VLAN: +.TP +.B Allow any (hardware accelerated) VLAN: .PP ld vlanp jeq #0, drop ret #-1 drop: ret #0 -.PP -.SS Only allow traffic for (hardware accelerated) VLAN 10: +.TP +.B Only allow traffic for (hardware accelerated) VLAN 10: .PP ld vlant jneq #10, drop ret #-1 drop: ret #0 -.PP -.SS More pedantic check for the above VLAN example: +.TP +.B More pedantic check for the above VLAN example: .PP ld vlanp jeq #0, drop @@ -308,8 +314,8 @@ words, some small example filter programs: jneq #10, drop ret #-1 drop: ret #0 -.PP -.SS Filter rtnetlink messages +.TP +.B Filter rtnetlink messages: .PP ldh #proto /* A = skb->protocol */ @@ -334,25 +340,27 @@ words, some small example filter programs: skip: ret #0 .PP .SH USAGE EXAMPLE -.PP -.SS bpfc fubar +.TP +.B bpfc fubar Compile the source file ''fubar'' into BPF opcodes. Opcodes will be directed to stdout. -.PP -.SS bpfc -f xt_bpf -b -p -i fubar, resp. iptables -A INPUT -m bpf --bytecode "`bpfc -f xt_bpf -i fubar`" -j LOG +.TP +.B bpfc -f xt_bpf -b -p -i fubar, resp. iptables -A INPUT -m bpf --bytecode "`bpfc -f xt_bpf -i fubar`" -j LOG Compile the source file ''fubar'' into BPF opcodes, bypass basic filter validation and emit opcodes in netfilter's xt_bpf readable format. Note that the source file ''fubar'' is first passed to the C preprocessor for textual replacements before handing over to the bpfc compiler. -.PP -.SS bpfc - +.TP +.B cat fubar | bpfc - Read bpfc instruction from stdin and emit opcodes to stdout. -.PP -.SS bpfc foo > bar, resp. netsniff-ng -f bar ... +.TP +.B bpfc foo > bar && netsniff-ng -f bar ... Compile filter instructions from file foo and redirect bpfc's output into -the file bar, that can then be read by netsniff-ng(8) through option \-f. -.PP -.SS bpfc -f tcpdump -i fubar +the file bar, that can then be read by +.BR netsniff-ng (8) +through option \fB-f\fP. +.TP +.B bpfc -f tcpdump -i fubar Output opcodes from source file fubar in the same behavior as ''tcpdump \-ddd''. .PP .SH LEGAL diff --git a/curvetun.8 b/curvetun.8 index e90ea53..2b2cb25 100644 --- a/curvetun.8 +++ b/curvetun.8 @@ -7,12 +7,14 @@ curvetun \- a lightweight curve25519 ip4/6 tunnel .PP .SH SYNOPSIS .PP -\fBcurvetun\fR [\fIoptions\fR] +\fBcurvetun\fP [\fIoptions\fP] .PP .SH DESCRIPTION curvetun is a lightweight, high-speed ECDH multiuser IP tunnel for Linux -that is based on epoll(2). curvetun uses the Linux TUN/TAP interface and -supports {IPv4, IPv6} over {IPv4, IPv6} with UDP or TCP as carrier protocols. +that is based on +.BR epoll (2). +curvetun uses the Linux TUN/TAP interface and supports {IPv4, IPv6} over {IPv4, +IPv6} with UDP or TCP as carrier protocols. .PP It has an integrated packet forwarding tree, thus multiple users with different IPs can be handled via a single tunnel device on the server side, @@ -48,83 +50,83 @@ Telex, anti-censorship in the network infrastructure .RE .PP .SH OPTIONS -.PP -.SS -d , --dev +.TP +.B -d , --dev Defines the name of the tunnel device that is being created. If this option is not set, then the default names, curves{0,1,2,..} for a curvetun server, and curvec{0,1,2,...} for a curvetun client are used. -.PP -.SS -p , --port +.TP +.B -p , --port Defines the port the curvetun server should listen on. There is no default port for curvetun, so setting this option for server bootstrap is mandatory. This option is for servers only. -.PP -.SS -t , --stun +.TP +.B -t , --stun If needed, this options enables an STUN lookup in order to show public IP to port mapping and to punch a hole into the firewall. In case you are unsure what STUN server to use, simply use ''\-\-stun stunserver.org''. -.PP -.SS -c[=alias], --client[=alias] +.TP +.B -c[=alias], --client[=alias] Starts curvetun in client mode and connects to the given connection alias that is defined in the configuration file. -.PP -.SS -k, --keygen +.TP +.B -k, --keygen Generate private and public keypair. This must be done initially. -.PP -.SS -x, --export +.TP +.B -x, --export Export user and key combination to stdout as a one-liner. -.PP -.SS -C, --dumpc +.TP +.B -C, --dumpc Dump all known clients that may connect to the local curvetun server and exit. -.PP -.SS -S, --dumps +.TP +.B -S, --dumps Dump all known servers curvetun as a client can connect to, and exit. -.PP -.SS -D, --nofork +.TP +.B -D, --nofork Do not fork off as a client or server on startup. -.PP -.SS -s, --server +.TP +.B -s, --server Start curvetun in server mode. Additional parameters are needed, at least the definition of the port that clients can connect to is required. -.PP -.SS -N, --no-logging +.TP +.B -N, --no-logging Disable all curvetun logging of user information. This option can be used to enable curvetun users to connect more anonymously. This option is for servers only. -.PP -.SS -u, --udp +.TP +.B -u, --udp Use UDP as a carrier protocol instead of TCP. By default, TCP is the carrier protocol. This option is for servers only. -.PP -.SS -4, --ipv4 +.TP +.B -4, --ipv4 Defines IPv4 as the underlying network protocol to be used on the tunnel device. IPv4 is the default. This option is for servers only. -.PP -.SS -6, --ipv6 +.TP +.B -6, --ipv6 Defines IPv6 as the underlying network protocol to be used on the tunnel device. This option is for servers only. -.PP -.SS -v, --version +.TP +.B -v, --version Show version information and exit. -.PP -.SS -h, --help +.TP +.B -h, --help Show user help and exit. .PP .SH USAGE EXAMPLE -.PP -.SS curvetun --server -4 -u -N --port 6666 --stun stunserver.org +.TP +.B curvetun --server -4 -u -N --port 6666 --stun stunserver.org Starts curvetun in server mode with IPv4 as network protocol and UDP as a transport carrier protocol. The curvetun server listens for incoming connections on port 6666 and performs an STUN lookup on startup to stunserver.org. -.PP -.SS curvetun --client=ethz +.TP +.B curvetun --client=ethz Starts curvetun in client mode and connects to the defined connection alias ''ethz'' that is defined in the curvetun ~/.curvetun/servers configuration file. -.PP -.SS curvetun --keygen +.TP +.B curvetun --keygen Generates initial keypairs and stores them in the ~/.curvetun/ directory. -.PP -.SS curvetun --export +.TP +.B curvetun --export Export user data to stdout for configuration of a curvetun server. .PP .SH CRYPTOGRAPHY diff --git a/flowtop.8 b/flowtop.8 index 27ba22c..5ffeed7 100644 --- a/flowtop.8 +++ b/flowtop.8 @@ -7,7 +7,7 @@ flowtop \- top-like netfilter TCP/UDP/SCTP/DCCP/ICMP(v6) flow tracking .PP .SH SYNOPSIS .PP -\fBflowtop\fR { [\fIoptions\fR] } +\fBflowtop\fP { [\fIoptions\fP] } .PP .SH DESCRIPTION .PP @@ -43,7 +43,8 @@ The following information will be presented in flowtop's output: .PP In order for flowtop to work, netfilter must be active and running on your machine, thus kernel-side connection tracking is active. If netfilter -is not running, you can activate it with iptables(8): +is not running, you can activate it with +.BR iptables (8): .in +4 .sp iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT @@ -59,8 +60,9 @@ modprobe nf_conntrack_ipv4 modprobe nf_conntrack_ipv6 .in -4 .PP -To dump byte/packet counters flowtop enables the sysctl(8) parameter -\[lq]net.netfilter.nf_conntrack_acct\[rq] via: +To dump byte/packet counters flowtop enables the +.BR sysctl (8) +parameter \fBnet.netfilter.nf_conntrack_acct\fP via: .in +4 .sp echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct @@ -69,11 +71,15 @@ echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct and resets it to the previously set value on exit. These counters will only be active on connections which were created after accounting was enabled. Thus, to have these counters be active all the time the parameter should be enabled after -the system is up. To automatically enable it, sysctl.conf(8) or sysctl.d(8) +the system is up. To automatically enable it, +.BR sysctl.conf (8) +or +.BR sysctl.d (8) might be used. .PP -To calculate the connection duration flowtop enables the sysctl(8) parameter -\[lq]net.netfilter.nf_conntrack_timestamp\[rq] via: +To calculate the connection duration flowtop enables the +.BR sysctl (8) +parameter \fBnet.netfilter.nf_conntrack_timestamp\fP via: .in +4 .sp echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp @@ -82,72 +88,73 @@ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp and resets it to the previously set value on exit. .PP flowtop's intention is just to get a quick look over your active connections. -If you want logging support, have a look at netfilter's conntrack(8) tools -instead. +If you want logging support, have a look at netfilter's +.BR conntrack (8) +tools instead. .PP .SH OPTIONS -.PP -.SS -4, --ipv4 +.TP +.B -4, --ipv4 Display IPv4 flows. That is the default when flowtop is started without any arguments. -.PP -.SS -6, --ipv6 +.TP +.B -6, --ipv6 Display IPv6 flows. That is the default when flowtop is started without any arguments. -.PP -.SS -T, --tcp +.TP +.B -T, --tcp Display TCP flows. That is the default when flowtop is started without any arguments. -.PP -.SS -U, --udp +.TP +.B -U, --udp Display UDP and UDP-lite flows. -.PP -.SS -D, --dccp +.TP +.B -D, --dccp Display DCCP flows. -.PP -.SS -I, --icmp +.TP +.B -I, --icmp Display ICMP version 4 and version 6 flows. -.PP -.SS -S, --sctp +.TP +.B -S, --sctp Display SCTP flows. -.PP -.SS -n, --no-dns +.TP +.B -n, --no-dns Don't perform hostname lookup. Only numeric addresses will be shown for flow endpoints. -.PP -.SS -G, --no-geoip +.TP +.B -G, --no-geoip Don't perform GeoIP lookup. No geographical information will be shown for flow endpoints. -.PP -.SS -s, --show-src +.TP +.B -s, --show-src Also show source information of the flow, not only destination information. -.PP -.SS -b, --bits +.TP +.B -b, --bits Show flow rates in bits per second instead of bytes per second. -.PP -.SS -u, --update +.TP +.B -u, --update The built-in database update mechanism will be invoked to get Maxmind's latest database. To configure search locations for databases, the file /etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to save bandwidth or for mirroring Maxmind's databases (to bypass their traffic limit policy), different hosts or IP addresses can be placed into geoip.conf, separated by a newline. -.PP -.SS -t