Commit Graph

17 Commits

Author SHA1 Message Date
wiz
32e20d8993 Back out previous change. It causes NAT to fail, and was CLEARLY
NOT TESTED before it was committed.
2000-12-25 02:00:46 +00:00
thorpej
d0357bdb4f Slight adjustment to how pfil_head's are registered. Instead of a
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type.  This allows for more future
flexibility with the pfil_hook mechanism.
2000-12-22 20:01:17 +00:00
thorpej
bb1175954d Use <net/dlt.h> 2000-12-12 18:03:25 +00:00
thorpej
65fd25ea82 Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
2000-11-11 00:52:36 +00:00
itojun
5e5941eda1 remove extra memory region kept by "struct pfil_head pfil_head_t;".
it seems totally, unnecessary, or seems to be typo for typedef.
(correct me if i'm wrong)
2000-04-19 04:46:23 +00:00
darrenr
81069f7a58 return int from pfil_add_hook and pfil_remove_hook to indicate failure
or success, rather than panic'ing
2000-02-22 10:45:47 +00:00
darrenr
4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr
fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
mrg
45159fa631 convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue.  update
the two users of these functions, and document these changes.

fixes PR#4593.
1998-03-19 15:45:30 +00:00
mrg
74f573d85d remove advertising clause from all my licenses. 1997-10-10 05:39:47 +00:00
thorpej
0226fc32e4 Don't attempt to include config(8)-generated headers if we're included
by userland.
1997-03-29 19:52:41 +00:00
scottr
64d150af76 Avoid duplicate definition of PFIL_HOOKS in the case that the config
file specifies that option.
1997-02-22 17:52:44 +00:00
scottr
54b157939d Don't include ipfilter.h if building an LKM. 1997-02-19 23:07:57 +00:00
mrg
4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
mrg
2cf2442208 remove pfil_bad. 1996-12-20 08:40:46 +00:00
mrg
7b71cdec46 minor copyright update. 1996-10-05 23:41:53 +00:00
mrg
a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00