diff options
author | ru <ru@FreeBSD.org> | 2000-10-30 09:16:18 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2000-10-30 09:16:18 +0000 |
commit | c4bae732d250330f0293865a5feeb2cf1ccca79a (patch) | |
tree | c05dc5936f31ece8a57b6ef5030274d1fd891d39 | |
parent | 2ba8b5cbd1db5bbe7a35e23eef35760f06aea11e (diff) | |
download | FreeBSD-src-c4bae732d250330f0293865a5feeb2cf1ccca79a.zip FreeBSD-src-c4bae732d250330f0293865a5feeb2cf1ccca79a.tar.gz |
Add pfil.9 manpage to build after a repository copy.
-rw-r--r-- | share/man/man9/Makefile | 3 | ||||
-rw-r--r-- | sys/net/pfil.9 | 133 |
2 files changed, 2 insertions, 134 deletions
diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 2b7a281..a4d3008 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -14,7 +14,7 @@ MAN9= CONDSPLASSERT.9 KASSERT.9 MD5.9 SPLASSERT.9 \ at_exit.9 at_fork.9 bios.9 boot.9 buf.9 cd.9 copy.9 \ devfs_add_devswf.9 devfs_link.9 devfs_remove_dev.9 devstat.9 \ devtoname.9 fetch.9 ifnet.9 inittodr.9 intro.9 kernacc.9 malloc.9 \ - make_dev.9 microseq.9 mi_switch.9 mutex.9 namei.9 panic.9 physio.9 \ + make_dev.9 microseq.9 mi_switch.9 mutex.9 namei.9 panic.9 pfil.9 physio.9 \ posix4.9 psignal.9 random.9 resettodr.9 rtalloc.9 rtentry.9 sleep.9 spl.9 \ store.9 style.9 suser.9 time.9 timeout.9 uio.9 \ vget.9 vnode.9 vput.9 vref.9 vrele.9 vslock.9 \ @@ -71,6 +71,7 @@ MLINKS+=malloc.9 FREE.9 malloc.9 MALLOC.9 malloc.9 free.9 MLINKS+=mi_switch.9 cpu_switch.9 MLINKS+=namei.9 NDINIT.9 MLINKS+=namei.9 NDFREE.9 +MLINKS+=pfil.9 pfil_hook_get.9 pfil.9 pfil_add_hook.9 pfil.9 pfil_remove_hook.9 MLINKS+=posix4.9 p1003_1b.9 MLINKS+=psignal.9 gsignal.9 psignal.9 pgsignal.9 MLINKS+=random.9 srandom.9 random.9 arc4random.9 random.9 read_random.9 diff --git a/sys/net/pfil.9 b/sys/net/pfil.9 deleted file mode 100644 index a0e9e82..0000000 --- a/sys/net/pfil.9 +++ /dev/null @@ -1,133 +0,0 @@ -.\" Copyright (c) 1996 Matthew R. Green -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED -.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.Dd August 4, 1996 -.Dt PFIL 9 -.Os -.Sh NAME -.Nm pfil , -.Nm pfil_hook_get , -.Nm pfil_add_hook , -.Nm pfil_remove_hook -.Nd packet filter interface -.Sh SYNOPSIS -.Fd #include <sys/param.h> -.Fd #include <sys/mbuf.h> -.Fd #include <net/if.h> -.Fd #include <net/pfil.h> -.Ft struct packet_filter_hook * -.Fn pfil_hook_get "int" "struct pfil_head *" -.Ft void -.Fn pfil_add_hook "int (*func)()" "int flags" "struct pfil_head *" -.Ft void -.Fn pfil_remove_hook "int (*func)()" "int flags" "struct pfil_head *" -.\"(void *, int, struct ifnet *, int, struct mbuf **) -.Sh DESCRIPTION -The -.Nm -interface allows a function to be called on every incoming or outgoing -packets. The hooks for these are embedded in the -.Fn ip_input -and -.Fn ip_output -routines. The -.Fn pfil_hook_get -function returns the first member of a particular hook, either the in or out -list. The -.Fn pfil_add_hook -function takes a function of the form below as it's first argument, and the -flags for which lists to add the function to. The possible values for these -flags are some combination of PFIL_IN and PFIL_OUT. The -.Fn pfil_remove_hook -removes a hook from the specified lists. -.Pp -The -.Va func -argument is a function with the following prototype. -.Pp -.Fn func "void *data" "int hlen" "struct ifnet *net" "int dir" "struct mbuf **m" -.Pp -The -.Va data -describes the packet. Currently, this may only be a pointer to a ip structure. The -.Va net -and -.Va m -arguments describe the network interface and the mbuf holding data for this -packet. The -.Va dir -is the direction; 0 for incoming packets and 1 for outgoing packets. if the function -returns non-zero, this signals an error and no further processing of this packet is -performed. The function should set errno to indicate the nature of the error. -It is the hook's responsibiliy to free the chain if the packet is being dropped. -.Pp -The -.Nm -interface is enabled in the kernel via the -.Sy PFIL_HOOKS -option. -.Sh RETURN VALUES -If successful -.Fn pfil_hook_get -returns the first member of the packet filter list, -.Fn pfil_add_hook -and -.Fn pfil_remove_hook -are expected to always succeed. -.Sh HISTORY -The -.Nm -interface first appeared in -.Nx 1.3 . -The -.Nm -input and output lists were originally implemented as -.Pa Aq sys/queue.h -.Dv LIST -structures; -however this was changed in -.Nx 1.4 -to -.Dv TAILQ -structures. This change was to allow the input and output filters to be -processed in reverse order, to allow the same path to be taken, in or out -of the kernel. -.Pp -The -.Nm -interface was changed in 1.4T to accept a 3rd parameter to both -.Fn pfil_add_hook -and -.Fn pfil_remove_hook , -introducing the capability of per-protocol filtering. This was done -primarily in order to support filtering of IPv6. -.Sh BUGS -The current -.Nm -implementation will need changes to suit a threaded kernel model. -.Sh SEE ALSO -.Xr bpf 4 |