freebsd-dev/sys
Luigi Rizzo 4b9840932d Add ipfw hooks to ether_demux() and ether_output_frame().
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable

	net.link.ether.ipfw=1

Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right.  As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.

I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.

		to upper layers
	     |			     |
	     +----------->-----------+
	     ^			     V
	[ip_input]		[ip_output]	net.inet.ip.fw.enable=1
	     |			     |
	     ^			     V
	[ether_demux]      [ether_output_frame]	net.link.ether.ipfw=1
	     |			     |
	     +->- [bdg_forward]-->---+		net.link.ether.bridge_ipfw=1
	     ^			     V
	     |			     |
		 to devices
2002-05-13 10:37:19 +00:00
..
alpha These were repo-copied to dump_machdep.c. 2002-05-13 02:52:35 +00:00
amd64 Gcc 3.1 varargs support. 2002-05-10 02:02:54 +00:00
arm Sync with the other platforms. 2002-05-10 02:20:33 +00:00
boot Match the default newfs UFS block size. 2002-05-13 05:09:34 +00:00
cam Make Veritas Storage Appliance a HILUNS device. 2002-04-24 00:00:55 +00:00
coda Don't put a line break in string literals. GCC 3.1 complains and GCC 2002-04-20 01:42:56 +00:00
compat sysctl -w -> sysctl 2002-05-11 06:06:11 +00:00
conf Build the fpu support routines. 2002-05-13 07:53:22 +00:00
contrib Merge updates from 3.4.26 - 3.4.27. 2002-04-27 16:56:25 +00:00
crypto Remove macros that are defined elsewhere. 2002-04-21 10:32:48 +00:00
ddb Reconnect db_elf.c to the build (now under "options DDB_NOKLDSYM"). It 2002-05-07 10:59:52 +00:00
dev style(9) changes before further editing that region: 2002-05-13 10:28:20 +00:00
fs Fix several bugs in devfs_lookupx(). When we check the nameiop to 2002-05-10 15:41:14 +00:00
geom Retire the bogus uses of the disklabel field d_sbsize and begin to 2002-05-12 20:49:41 +00:00
gnu Remove register keyword. 2002-05-13 09:22:31 +00:00
i4b Fix a problem which could cause some machines to hang after a warm boot. 2002-05-10 12:04:04 +00:00
i386 These were repo-copied to dump_machdep.c. 2002-05-13 02:52:35 +00:00
ia64 s/_ALPHA_/_MACHINE_/ 2002-05-13 05:01:05 +00:00
isa style(9) changes before further editing that region: 2002-05-13 10:28:20 +00:00
isofs/cd9660 Include systm.h for panic(9) so that DEBUG_ALL_VFS_LOCKS compiles. 2002-05-04 02:37:00 +00:00
kern Retire the bogus uses of the disklabel field d_sbsize and begin to 2002-05-12 20:49:41 +00:00
libkern Remove bogus include of <machine/ansi.h>. 2002-04-11 06:53:40 +00:00
modules Zap KMODDEPS entries so that people do not wonder why it isn't working on 2002-05-01 01:34:48 +00:00
net Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
netatalk Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
netatm - Remove the init routine for loop -- it broke something and I don't have 2002-05-07 20:50:10 +00:00
netgraph Don't send packets out an interface unless it is IFF_UP|IFF_RUNNING. 2002-05-09 20:19:00 +00:00
netinet Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
netinet6 Recent zlib does not like Z_FLUSH at the end of inflate(). 2002-05-12 14:12:30 +00:00
netipx Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
netkey Redo the sigio locking. 2002-05-01 20:44:46 +00:00
netnatm Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
netncp Add character translation table between Unix and NetWare according 2002-04-20 05:35:02 +00:00
netns Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
netsmb Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
nfs Remove unused include. 2002-03-20 10:12:07 +00:00
nfsclient We don't need the arp kludge any more. 2002-04-28 18:29:44 +00:00
nfsserver Limit to the maximum allowed reply size the amount of data that 2002-04-21 16:14:54 +00:00
pc98 Typo fix: detects -> detect. 2002-05-03 17:59:25 +00:00
pccard Change the suser() API to take advantage of td_ucred as well as do a 2002-04-01 21:31:13 +00:00
pci Add support for the D-Link DFE-690TXD Cardbus card which has a RealTek 8139 2002-05-06 13:43:00 +00:00
posix4 Remove __P. 2002-03-19 22:20:14 +00:00
powerpc FPU support. 2002-05-13 07:44:48 +00:00
rpc
security/lomac Use the proc lock to protect p_ucred while we read a few items from it. 2002-04-11 21:17:45 +00:00
sparc64 Fix IF_SEXT(val, 32). The constants need to have type long to 2002-05-13 04:26:38 +00:00
sys Bump for GCC 3.1. 2002-05-13 07:14:17 +00:00
tools include systm.h in vnode_if.c so that panic is defined when we're doing 2002-05-04 02:35:13 +00:00
ufs Remove register keyword. 2002-05-13 09:22:31 +00:00
vm Don't call the uz free function while the zone lock is held. This can lead 2002-05-13 05:08:18 +00:00
Makefile Milestone #1 in cross-arch make releases. 2002-04-26 17:55:27 +00:00