diff options
author | ru <ru@FreeBSD.org> | 2000-10-30 09:16:18 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2000-10-30 09:16:18 +0000 |
commit | c4bae732d250330f0293865a5feeb2cf1ccca79a (patch) | |
tree | c05dc5936f31ece8a57b6ef5030274d1fd891d39 /sys/net | |
parent | 2ba8b5cbd1db5bbe7a35e23eef35760f06aea11e (diff) | |
download | FreeBSD-src-c4bae732d250330f0293865a5feeb2cf1ccca79a.zip FreeBSD-src-c4bae732d250330f0293865a5feeb2cf1ccca79a.tar.gz |
Add pfil.9 manpage to build after a repository copy.
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pfil.9 | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/sys/net/pfil.9 b/sys/net/pfil.9 deleted file mode 100644 index a0e9e82..0000000 --- a/sys/net/pfil.9 +++ /dev/null @@ -1,133 +0,0 @@ -.\" Copyright (c) 1996 Matthew R. Green -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED -.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.Dd August 4, 1996 -.Dt PFIL 9 -.Os -.Sh NAME -.Nm pfil , -.Nm pfil_hook_get , -.Nm pfil_add_hook , -.Nm pfil_remove_hook -.Nd packet filter interface -.Sh SYNOPSIS -.Fd #include <sys/param.h> -.Fd #include <sys/mbuf.h> -.Fd #include <net/if.h> -.Fd #include <net/pfil.h> -.Ft struct packet_filter_hook * -.Fn pfil_hook_get "int" "struct pfil_head *" -.Ft void -.Fn pfil_add_hook "int (*func)()" "int flags" "struct pfil_head *" -.Ft void -.Fn pfil_remove_hook "int (*func)()" "int flags" "struct pfil_head *" -.\"(void *, int, struct ifnet *, int, struct mbuf **) -.Sh DESCRIPTION -The -.Nm -interface allows a function to be called on every incoming or outgoing -packets. The hooks for these are embedded in the -.Fn ip_input -and -.Fn ip_output -routines. The -.Fn pfil_hook_get -function returns the first member of a particular hook, either the in or out -list. The -.Fn pfil_add_hook -function takes a function of the form below as it's first argument, and the -flags for which lists to add the function to. The possible values for these -flags are some combination of PFIL_IN and PFIL_OUT. The -.Fn pfil_remove_hook -removes a hook from the specified lists. -.Pp -The -.Va func -argument is a function with the following prototype. -.Pp -.Fn func "void *data" "int hlen" "struct ifnet *net" "int dir" "struct mbuf **m" -.Pp -The -.Va data -describes the packet. Currently, this may only be a pointer to a ip structure. The -.Va net -and -.Va m -arguments describe the network interface and the mbuf holding data for this -packet. The -.Va dir -is the direction; 0 for incoming packets and 1 for outgoing packets. if the function -returns non-zero, this signals an error and no further processing of this packet is -performed. The function should set errno to indicate the nature of the error. -It is the hook's responsibiliy to free the chain if the packet is being dropped. -.Pp -The -.Nm -interface is enabled in the kernel via the -.Sy PFIL_HOOKS -option. -.Sh RETURN VALUES -If successful -.Fn pfil_hook_get -returns the first member of the packet filter list, -.Fn pfil_add_hook -and -.Fn pfil_remove_hook -are expected to always succeed. -.Sh HISTORY -The -.Nm -interface first appeared in -.Nx 1.3 . -The -.Nm -input and output lists were originally implemented as -.Pa Aq sys/queue.h -.Dv LIST -structures; -however this was changed in -.Nx 1.4 -to -.Dv TAILQ -structures. This change was to allow the input and output filters to be -processed in reverse order, to allow the same path to be taken, in or out -of the kernel. -.Pp -The -.Nm -interface was changed in 1.4T to accept a 3rd parameter to both -.Fn pfil_add_hook -and -.Fn pfil_remove_hook , -introducing the capability of per-protocol filtering. This was done -primarily in order to support filtering of IPv6. -.Sh BUGS -The current -.Nm -implementation will need changes to suit a threaded kernel model. -.Sh SEE ALSO -.Xr bpf 4 |