d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
74f168bf7a
freebsd-dev/sys/net
History
Luigi Rizzo 4b9840932d Add ipfw hooks to ether_demux() and ether_output_frame(). 
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable

	net.link.ether.ipfw=1

Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right.  As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.

I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.

		to upper layers
	     |			     |
	     +----------->-----------+
	     ^			     V
	[ip_input]		[ip_output]	net.inet.ip.fw.enable=1
	     |			     |
	     ^			     V
	[ether_demux]      [ether_output_frame]	net.link.ether.ipfw=1
	     |			     |
	     +->- [bdg_forward]-->---+		net.link.ether.bridge_ipfw=1
	     ^			     V
	     |			     |
		 to devices
2002-05-13 10:37:19 +00:00
..
bpf_compat.h Small fix for bpf compat: 2000-12-27 22:20:13 +00:00
bpf_filter.c Remove __P. 2002-03-19 21:54:18 +00:00
bpf.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
bpf.h Remove __P. 2002-03-19 21:54:18 +00:00
bpfdesc.h Make bpf's read timeout feature work more correctly with 2001-12-14 22:17:54 +00:00
bridge.c Cleanup the interface to ip_fw_chk, two of the input arguments 2002-05-09 10:34:57 +00:00
bridge.h Lots of improvement to the bridging code. 2002-02-15 05:11:11 +00:00
bsd_comp.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
ethernet.h Fix a couple of incorrect m_free() vs. m_freem() usages and related issues. 2002-04-04 05:42:09 +00:00
fddi.h - Merge the pdq driver (if_fpa and if_fea) from NetBSD. 2002-03-29 11:22:22 +00:00
if_arc.h Remove __P. 2002-03-19 21:54:18 +00:00
if_arcsubr.c Cosmetical change: remove empty line to reduce diffs to RELENG_4 2002-04-14 16:40:11 +00:00
if_arp.h bring in ARP support for variable length link level addresses 2001-10-14 20:17:53 +00:00
if_atm.h Remove __P. 2002-03-19 21:54:18 +00:00
if_atmsubr.c Fix warning; remove unused variable 2001-06-15 07:32:25 +00:00
if_disc.c minor style fix. 2001-12-14 19:28:06 +00:00
if_dl.h Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_ef.c Swap a bzero for an M_ZERO. Borris approved this ages ago, but 2002-04-10 21:08:33 +00:00
if_ethersubr.c Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
if_faith.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_fddisubr.c - Merge the pdq driver (if_fpa and if_fea) from NetBSD. 2002-03-29 11:22:22 +00:00
if_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_gif.h Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 09:34:04 +00:00
if_ieee80211.h Add two more IEEE80211 defines for status. 2002-04-11 05:43:10 +00:00
if_iso88025subr.c Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_llc.h Sync with NetBSD. 2002-03-29 06:58:45 +00:00
if_loop.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
if_media.c Remove __P. 2002-03-19 21:54:18 +00:00
if_media.h MFOpenBSD: ibss and ibss-master. 2002-05-07 18:16:39 +00:00
if_mib.c The interface index space may be sparsely populated (e.g. when an 2001-10-17 04:12:29 +00:00
if_mib.h
if_ppp.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
if_ppp.h
if_pppvar.h Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 09:34:04 +00:00
if_sl.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
if_slvar.h sc_lasttime and sc_starttime are time_t's, not long's. 2001-10-27 20:31:24 +00:00
if_sppp.h Implement an option to administratively disable the negotiation of 2001-12-30 20:42:29 +00:00
if_spppsubr.c Fix a misplaced break statement within a switch that accidentally made 2002-05-10 12:48:09 +00:00
if_stf.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_stf.h just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if_tap.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
if_tap.h Add the tap driver. 2000-07-20 17:01:10 +00:00
if_tapvar.h Add cloning support for the tap(4) device similar to that in the tun(4) 2001-09-05 01:06:21 +00:00
if_tun.c Make funsetown() take a 'struct sigio **' so that the locking can 2002-05-06 19:31:28 +00:00
if_tun.h
if_tunvar.h Support /dev/tun cloning. Ansify if_tun.c while I'm there. 2001-06-01 15:51:10 +00:00
if_types.h Add recently assigned interface types. 2001-04-04 14:18:57 +00:00
if_var.h Minor style nit 2002-05-07 18:11:55 +00:00
if_vlan_var.h Simplify the interface cloning framework by handling unit 2002-03-11 09:26:07 +00:00
if_vlan.c Fix a couple of incorrect m_free() vs. m_freem() usages and related issues. 2002-04-04 05:42:09 +00:00
if.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
if.h Remove __P. 2002-03-19 21:54:18 +00:00
intrq.c Initialise the intrq_present fields at runtime, not link time. This allows 2002-01-08 10:34:03 +00:00
intrq.h Remove __P. 2002-03-19 21:54:18 +00:00
iso88025.h Fix logic inversion bug. 2002-05-11 06:27:24 +00:00
net_osdep.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
net_osdep.h just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
netisr.h Remove __P. 2002-03-19 21:54:18 +00:00
pfil.c Remove __P. 2002-03-19 21:54:18 +00:00
pfil.h Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 09:34:04 +00:00
pfkeyv2.h printed current sequence number of the SA. accordingly, changed 2001-08-06 19:40:01 +00:00
ppp_comp.h Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 09:34:04 +00:00
ppp_deflate.c Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
ppp_defs.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ppp_tty.c Change the suser() API to take advantage of td_ucred as well as do a 2002-04-01 21:31:13 +00:00
radix.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
radix.h Remove __P. 2002-03-19 21:54:18 +00:00
raw_cb.c Give struct socket structures a ref counting interface similar to 2001-11-17 03:07:11 +00:00
raw_cb.h Remove __P. 2002-03-19 21:54:18 +00:00
raw_usrreq.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
route.c Remove __P. 2002-03-19 21:54:18 +00:00
route.h Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 09:34:04 +00:00
rtsock.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
slcompress.c
slcompress.h Remove __P. 2002-03-19 21:54:18 +00:00
slip.h
zlib.c Work around zlib bug where using a deflate window size of 8 will 2002-03-23 13:05:53 +00:00
zlib.h