diff options
author | glebius <glebius@FreeBSD.org> | 2010-03-02 10:43:41 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2010-03-02 10:43:41 +0000 |
commit | f5bbcec387e488e77450848ba1fa908741b1fb01 (patch) | |
tree | e0382cb9cb5a81b9633b1cb6118bea9b1e28572a /share | |
parent | 5113f9d67db50b74bf7bf1c4c425d8219972b2b4 (diff) | |
download | FreeBSD-src-f5bbcec387e488e77450848ba1fa908741b1fb01.zip FreeBSD-src-f5bbcec387e488e77450848ba1fa908741b1fb01.tar.gz |
Sync with recent changes from luigi - struct ng_ipfw_tag superceeded
by more general ipfw_rule_ref. The latter isn't documented here, since
it should be documented in ipfw.4.
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/ng_ipfw.4 | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/share/man/man4/ng_ipfw.4 b/share/man/man4/ng_ipfw.4 index a1249db..9a9099e 100644 --- a/share/man/man4/ng_ipfw.4 +++ b/share/man/man4/ng_ipfw.4 @@ -24,13 +24,14 @@ .\" .\" $FreeBSD$ .\" -.Dd June 10, 2009 +.Dd March 2, 2010 .Dt NG_IPFW 4 .Os .Sh NAME .Nm ng_ipfw .Nd interface between netgraph and IP firewall .Sh SYNOPSIS +.In netinet/ip_var.h .In netgraph/ng_ipfw.h .Sh DESCRIPTION The @@ -73,30 +74,18 @@ If no hook matches, packets are discarded. Packets injected via the .Cm netgraph command are tagged with -.Vt "struct ng_ipfw_tag" . +.Vt "struct ipfw_rule_ref" . This tag contains information that helps the packet to re-enter .Xr ipfw 4 processing, should the packet come back from .Xr netgraph 4 to .Xr ipfw 4 . -.Bd -literal -offset 4n -struct ng_ipfw_tag { - struct m_tag mt; /* tag header */ - struct ip_fw *rule; /* matching rule */ - uint32_t rule_id; /* matching rule id */ - uint32_t chain_id; /* ruleset id */ - struct ifnet *ifp; /* interface, for ip_output */ - int dir; /* packet direction */ -#define NG_IPFW_OUT 0 -#define NG_IPFW_IN 1 -}; -.Ed .Pp Packets received by a node from .Xr netgraph 4 -must be tagged with -.Vt "struct ng_ipfw_tag" +subsystem must be tagged with +.Vt "struct ipfw_rule_ref" tag. Packets re-enter IP firewall processing at the next rule. If no tag is supplied, packets are discarded. |