56132dcc0d
* make interface cloner VNET-aware; * simplify cloner code and use if_clone_simple(); * migrate LOGIF_LOCK() to rmlock; * add ipfw_bpf_mtap2() function to pass mbuf to BPF; * introduce new additional ipfwlog0 pseudo interface. It differs from ipfw0 by DLT type used in bpfattach. This interface is intended to used by ipfw modules to dump packets with additional info attached. Currently pflog format is used. ipfw_bpf_mtap2() function uses second argument to determine which interface use for dumping. If dlen is equal to ETHER_HDR_LEN it uses old ipfw0 interface, if dlen is equal to PFLOG_HDRLEN - ipfwlog0 will be used. Obtained from: Yandex LLC Sponsored by: Yandex LLC
23 lines
555 B
Makefile
23 lines
555 B
Makefile
# $FreeBSD$
|
|
|
|
.PATH: ${.CURDIR}/../../netpfil/ipfw
|
|
|
|
KMOD= ipfw
|
|
SRCS= ip_fw2.c ip_fw_pfil.c ip_fw_bpf.c
|
|
SRCS+= ip_fw_dynamic.c ip_fw_log.c ip_fw_eaction.c
|
|
SRCS+= ip_fw_sockopt.c ip_fw_table.c ip_fw_table_algo.c ip_fw_iface.c
|
|
SRCS+= ip_fw_table_value.c
|
|
SRCS+= opt_inet.h opt_inet6.h opt_ipdivert.h opt_ipfw.h opt_ipsec.h
|
|
|
|
CFLAGS+= -DIPFIREWALL
|
|
#
|
|
#If you want it verbose
|
|
#CFLAGS+= -DIPFIREWALL_VERBOSE
|
|
#CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
|
|
#
|
|
#If you want it to pass all packets by default
|
|
#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
|
|
#
|
|
|
|
.include <bsd.kmod.mk>
|