Commit Graph

25 Commits

Author SHA1 Message Date
elad
976bf6cfdd Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.
2005-12-10 23:21:38 +00:00
yamt
0370fc7128 - rename PFIL_NEWIF to PFIL_IFNET, and handle interface detach events
as well.
- use it for pf(4).

mostly from Peter Postma.  PR/26403.
2004-07-27 12:22:59 +00:00
itojun
047170b1cc prepare PF-related hooks. reviewed by matt, perry, christos 2004-06-22 12:50:41 +00:00
martin
4858ba3d93 Protect kernel opt_*.h include by #ifdef _KERNEL_OPT 2003-06-23 12:56:07 +00:00
martin
d505b18964 Make sure to include opt_foo.h if a defflag option FOO is used. 2003-06-23 11:00:59 +00:00
mrg
67afbd6270 use _KERNEL_OPT 2001-05-30 11:57:16 +00:00
itojun
e366844be7 need to declare NULL for inline function. 2001-04-11 14:44:55 +00:00
thorpej
ad5b855ef0 Back out the sledgehammer damage applied by wiz while I was out for
the holiday.
2000-12-28 21:40:59 +00:00
wiz
32e20d8993 Back out previous change. It causes NAT to fail, and was CLEARLY
NOT TESTED before it was committed.
2000-12-25 02:00:46 +00:00
thorpej
d0357bdb4f Slight adjustment to how pfil_head's are registered. Instead of a
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type.  This allows for more future
flexibility with the pfil_hook mechanism.
2000-12-22 20:01:17 +00:00
thorpej
bb1175954d Use <net/dlt.h> 2000-12-12 18:03:25 +00:00
thorpej
65fd25ea82 Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
2000-11-11 00:52:36 +00:00
itojun
5e5941eda1 remove extra memory region kept by "struct pfil_head pfil_head_t;".
it seems totally, unnecessary, or seems to be typo for typedef.
(correct me if i'm wrong)
2000-04-19 04:46:23 +00:00
darrenr
81069f7a58 return int from pfil_add_hook and pfil_remove_hook to indicate failure
or success, rather than panic'ing
2000-02-22 10:45:47 +00:00
darrenr
4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr
fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
mrg
45159fa631 convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue.  update
the two users of these functions, and document these changes.

fixes PR#4593.
1998-03-19 15:45:30 +00:00
mrg
74f573d85d remove advertising clause from all my licenses. 1997-10-10 05:39:47 +00:00
thorpej
0226fc32e4 Don't attempt to include config(8)-generated headers if we're included
by userland.
1997-03-29 19:52:41 +00:00
scottr
64d150af76 Avoid duplicate definition of PFIL_HOOKS in the case that the config
file specifies that option.
1997-02-22 17:52:44 +00:00
scottr
54b157939d Don't include ipfilter.h if building an LKM. 1997-02-19 23:07:57 +00:00
mrg
4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
mrg
2cf2442208 remove pfil_bad. 1996-12-20 08:40:46 +00:00
mrg
7b71cdec46 minor copyright update. 1996-10-05 23:41:53 +00:00
mrg
a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00