Add a pseudo interface for packet filtering IPSec connections before or after

encryption. There are two functions, a bpf tap which has a basic header with the SPI number which our current tcpdump knows how to display, and handoff to pfil(9) for packet filtering. Obtained from: OpenBSD Based on: kern/94829 No objections: arch, net MFC after: 1 month
author: thompsa <thompsa@FreeBSD.org> 2006-06-26 22:30:08 +0000
committer: thompsa <thompsa@FreeBSD.org> 2006-06-26 22:30:08 +0000
commit: 320c8e5164d793a94bf5d538add0abe0d4f665ca (patch)
tree: ad08e122ba3a5390ec867d258e80d618c4727731 /sys/netipsec/ipsec.h
parent: f0555f2de979cc15b2f5899edf00461f6d7ead98 (diff)
download: FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.zip
FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 7dfe1ac..e514ce5 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -417,6 +417,8 @@ extern	void m_checkalignment(const char* where, struct mbuf *m0,
 extern	struct mbuf *m_makespace(struct mbuf *m0, int skip, int hlen, int *off);
 extern	caddr_t m_pad(struct mbuf *m, int n);
 extern	int m_striphdr(struct mbuf *m, int skip, int hlen);
+extern	int ipsec_filter(struct mbuf **, int);
+extern	void ipsec_bpf(struct mbuf *, struct secasvar *, int);
 #endif /* _KERNEL */
 
 #ifndef _KERNEL
author	thompsa <thompsa@FreeBSD.org>	2006-06-26 22:30:08 +0000
committer	thompsa <thompsa@FreeBSD.org>	2006-06-26 22:30:08 +0000
commit	320c8e5164d793a94bf5d538add0abe0d4f665ca (patch)
tree	ad08e122ba3a5390ec867d258e80d618c4727731 /sys/netipsec/ipsec.h
parent	f0555f2de979cc15b2f5899edf00461f6d7ead98 (diff)
download	FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.zip FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.tar.gz