mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
Code Issues Releases Activity
4b9840932d
freebsd/sys/net
History
Luigi Rizzo 4b9840932d Add ipfw hooks to ether_demux() and ether_output_frame(). 
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable

	net.link.ether.ipfw=1

Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right.  As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.

I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.

		to upper layers
	     |			     |
	     +----------->-----------+
	     ^			     V
	[ip_input]		[ip_output]	net.inet.ip.fw.enable=1
	     |			     |
	     ^			     V
	[ether_demux]      [ether_output_frame]	net.link.ether.ipfw=1
	     |			     |
	     +->- [bdg_forward]-->---+		net.link.ether.bridge_ipfw=1
	     ^			     V
	     |			     |
		 to devices
2002-05-13 10:37:19 +00:00
..
bpf_compat.h
bpf_filter.c
bpf.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
bpf.h
bpfdesc.h
bridge.c Cleanup the interface to ip_fw_chk, two of the input arguments 2002-05-09 10:34:57 +00:00
bridge.h
bsd_comp.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
ethernet.h
fddi.h
if_arc.h
if_arcsubr.c Cosmetical change: remove empty line to reduce diffs to RELENG_4 2002-04-14 16:40:11 +00:00
if_arp.h
if_atm.h
if_atmsubr.c
if_disc.c
if_dl.h Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_ef.c Swap a bzero for an M_ZERO. Borris approved this ages ago, but 2002-04-10 21:08:33 +00:00
if_ethersubr.c Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
if_faith.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_fddisubr.c
if_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_gif.h
if_ieee80211.h Add two more IEEE80211 defines for status. 2002-04-11 05:43:10 +00:00
if_iso88025subr.c Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_llc.h
if_loop.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
if_media.c
if_media.h MFOpenBSD: ibss and ibss-master. 2002-05-07 18:16:39 +00:00
if_mib.c
if_mib.h
if_ppp.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
if_ppp.h
if_pppvar.h
if_sl.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
if_slvar.h
if_sppp.h
if_spppsubr.c Fix a misplaced break statement within a switch that accidentally made 2002-05-10 12:48:09 +00:00
if_stf.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_stf.h just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_tap.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
if_tap.h
if_tapvar.h
if_tun.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
if_tun.h
if_tunvar.h
if_types.h
if_var.h Minor style nit 2002-05-07 18:11:55 +00:00
if_vlan_var.h
if_vlan.c
if.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if.h
intrq.c
intrq.h
iso88025.h Fix logic inversion bug. 2002-05-11 06:27:24 +00:00
net_osdep.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
net_osdep.h just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
netisr.h
pfil.c
pfil.h
pfkeyv2.h
ppp_comp.h
ppp_deflate.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
ppp_defs.h
ppp_tty.c
radix.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
radix.h
raw_cb.c
raw_cb.h
raw_usrreq.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
route.c
route.h
rtsock.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
slcompress.c
slcompress.h
slip.h
zlib.c
zlib.h