1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00
freebsd/sys/netinet
Luigi Rizzo 4b9840932d Add ipfw hooks to ether_demux() and ether_output_frame().
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable

	net.link.ether.ipfw=1

Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right.  As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.

I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.

		to upper layers
	     |			     |
	     +----------->-----------+
	     ^			     V
	[ip_input]		[ip_output]	net.inet.ip.fw.enable=1
	     |			     |
	     ^			     V
	[ether_demux]      [ether_output_frame]	net.link.ether.ipfw=1
	     |			     |
	     +->- [bdg_forward]-->---+		net.link.ether.bridge_ipfw=1
	     ^			     V
	     |			     |
		 to devices
2002-05-13 10:37:19 +00:00
..
libalias
accf_data.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
accf_http.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
icmp6.h Revised MLD-related definitions 2002-05-06 16:28:25 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_ether.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c s/demon/daemon/ 2002-05-12 00:22:38 +00:00
igmp.h
in_cksum.c
in_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
in_gif.h Remove __P. 2002-03-19 21:25:46 +00:00
in_pcb.c Change the first argument of prison_xinpcb() to be a thread pointer instead 2002-04-09 20:04:10 +00:00
in_pcb.h Change the first argument of prison_xinpcb() to be a thread pointer instead 2002-04-09 20:04:10 +00:00
in_proto.c Remove __P. 2002-03-19 21:25:46 +00:00
in_rmx.c Remove __P. 2002-03-19 21:25:46 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
in.c Remove the code that masks an EEXIST returned from rtinit() when 2002-04-10 01:42:44 +00:00
in.h Remove some duplicate types that should have been removed as part of 2002-05-11 23:28:51 +00:00
ip6.h
ip_divert.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
ip_dummynet.c Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
ip_dummynet.h Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c
ip_flow.h
ip_fw.c Remove custom definitions (IP_FW_TCPF_SYN etc.) of TCP header flags 2002-05-13 10:21:13 +00:00
ip_fw.h Remove custom definitions (IP_FW_TCPF_SYN etc.) of TCP header flags 2002-05-13 10:21:13 +00:00
ip_icmp.c Prevent icmp_reflect() from calling ip_output() with a NULL route 2002-03-22 16:45:54 +00:00
ip_icmp.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c s/demon/daemon/ 2002-05-12 00:22:38 +00:00
ip_mroute.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
ip_mroute.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_output.c Cleanup the interface to ip_fw_chk, two of the input arguments 2002-05-09 10:34:57 +00:00
ip_var.h Remove __P. 2002-03-19 21:25:46 +00:00
ip.h
ipprotosw.h
raw_ip.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
tcp_output.c
tcp_reass.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
tcp_seq.h
tcp_subr.c Remove some ISN generation code which has been unused since the 2002-04-10 22:12:01 +00:00
tcp_syncache.c Switch vm_zone.h with uma.h. Change over to uma interfaces. 2002-03-20 05:48:55 +00:00
tcp_timer.c
tcp_timer.h Remove __P. 2002-03-19 21:25:46 +00:00
tcp_timewait.c Remove some ISN generation code which has been unused since the 2002-04-10 22:12:01 +00:00
tcp_usrreq.c Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
tcp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
tcp.h
tcpip.h
udp_usrreq.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
udp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
udp.h