freebsd-nq/sys/netinet
Luigi Rizzo 4b9840932d Add ipfw hooks to ether_demux() and ether_output_frame().
Ipfw processing of frames at layer 2 can be enabled by the sysctl variable

	net.link.ether.ipfw=1

Consider this feature experimental, because right now, the firewall
is invoked in the places indicated below, and controlled by the
sysctl variables listed on the right.  As a consequence, a packet
can be filtered from 1 to 4 times depending on the path it follows,
which might make a ruleset a bit hard to follow.

I will add an ipfw option to tell if we want a given rule to apply
to ether_demux() and ether_output_frame(), but we have run out of
flags in the struct ip_fw so i need to think a bit on how to implement
this.

		to upper layers
	     |			     |
	     +----------->-----------+
	     ^			     V
	[ip_input]		[ip_output]	net.inet.ip.fw.enable=1
	     |			     |
	     ^			     V
	[ether_demux]      [ether_output_frame]	net.link.ether.ipfw=1
	     |			     |
	     +->- [bdg_forward]-->---+		net.link.ether.bridge_ipfw=1
	     ^			     V
	     |			     |
		 to devices
2002-05-13 10:37:19 +00:00
..
libalias Fixed the bug in transparent TCP proxying with the "encode_ip_hdr" 2001-12-18 16:13:45 +00:00
accf_data.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
accf_http.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
icmp6.h Revised MLD-related definitions 2002-05-06 16:28:25 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2. 2001-10-17 18:07:05 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Move ISO88025 source routing information into sockaddr_dl's sdl_data 2002-05-07 22:14:06 +00:00
if_ether.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c s/demon/daemon/ 2002-05-12 00:22:38 +00:00
igmp.h
in_cksum.c
in_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
in_gif.h Remove __P. 2002-03-19 21:25:46 +00:00
in_pcb.c Change the first argument of prison_xinpcb() to be a thread pointer instead 2002-04-09 20:04:10 +00:00
in_pcb.h Change the first argument of prison_xinpcb() to be a thread pointer instead 2002-04-09 20:04:10 +00:00
in_proto.c Remove __P. 2002-03-19 21:25:46 +00:00
in_rmx.c Remove __P. 2002-03-19 21:25:46 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
in.c Remove the code that masks an EEXIST returned from rtinit() when 2002-04-10 01:42:44 +00:00
in.h Remove some duplicate types that should have been removed as part of 2002-05-11 23:28:51 +00:00
ip6.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_divert.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
ip_dummynet.c Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
ip_dummynet.h Add ipfw hooks to ether_demux() and ether_output_frame(). 2002-05-13 10:37:19 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw.c Remove custom definitions (IP_FW_TCPF_SYN etc.) of TCP header flags 2002-05-13 10:21:13 +00:00
ip_fw.h Remove custom definitions (IP_FW_TCPF_SYN etc.) of TCP header flags 2002-05-13 10:21:13 +00:00
ip_icmp.c Prevent icmp_reflect() from calling ip_output() with a NULL route 2002-03-22 16:45:54 +00:00
ip_icmp.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c s/demon/daemon/ 2002-05-12 00:22:38 +00:00
ip_mroute.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
ip_mroute.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_output.c Cleanup the interface to ip_fw_chk, two of the input arguments 2002-05-09 10:34:57 +00:00
ip_var.h Remove __P. 2002-03-19 21:25:46 +00:00
ip.h o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108) 2001-12-14 19:37:32 +00:00
ipprotosw.h KSE Milestone 2 2001-09-12 08:38:13 +00:00
raw_ip.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
tcp_debug.c Remove a change that snuck in from my private tree. 2001-12-21 05:07:39 +00:00
tcp_debug.h
tcp_fsm.h WARNS=n and lint(1) silencer. Declare an array of (const) strings 2002-02-03 11:57:32 +00:00
tcp_input.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
tcp_output.c Reduce the local network slowstart flightsize from infinity to 4 packets. 2001-12-14 18:26:52 +00:00
tcp_reass.c Redo the sigio locking. 2002-05-01 20:44:46 +00:00
tcp_seq.h Move initialization of snd_recover into tcp_sendseqinit(). 2001-11-21 18:45:51 +00:00
tcp_subr.c Remove some ISN generation code which has been unused since the 2002-04-10 22:12:01 +00:00
tcp_syncache.c Switch vm_zone.h with uma.h. Change over to uma interfaces. 2002-03-20 05:48:55 +00:00
tcp_timer.c o Our currenty userland boot code (due to rc.conf and rc.network) always 2001-12-07 17:01:28 +00:00
tcp_timer.h Remove __P. 2002-03-19 21:25:46 +00:00
tcp_timewait.c Remove some ISN generation code which has been unused since the 2002-04-10 22:12:01 +00:00
tcp_usrreq.c Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
tcp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
tcp.h o Minor style(9)ism to make consistent with -STABLE 2001-01-09 18:26:17 +00:00
tcpip.h Remove struct full_tcpiphdr{}. 2001-02-26 20:10:16 +00:00
udp_usrreq.c Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. 2002-04-30 01:54:54 +00:00
udp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
udp.h