1.\" $NetBSD: pfil.9,v 1.6 1997/10/10 05:40:12 mrg Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. The name of the author may not be used to endorse or promote products 15.\" derived from this software without specific prior written permission. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 22.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.Dd August 4, 1996 30.Dt PFIL 9 31.Os NetBSD 32.Sh NAME 33.Nm pfil 34.Nd packet filter interface 35.Sh SYNOPSIS 36.Fd #include <sys/param.h> 37.Fd #include <netinet/ip.h> 38.Ft struct packet_filter_hook * 39.Fn pfil_hook_get int 40.Ft void 41.Fn pfil_add_hook "int (*func)()" "int flags" 42.Ft void 43.Fn pfil_remove_hook "int (*func)()" "int flags" 44.\"(void *, int, struct ifnet *, int, struct mbuf **) 45.Sh DESCRIPTION 46The 47.Nm 48interface allows a function to be called on every incoming or outgoing 49packets. The hooks for these are embedded in the 50.Fn ip_input 51and 52.Fn ip_output 53routines. The 54.Fn pfil_hook_get 55function returns the first member of a particular hook, either the in or out 56list. The 57.Fn pfil_add_hook 58function takes a function of the form below as it's first argument, and the 59flags for which lists to add the function to. The possible values for these 60flags are some combination of PFIL_IN and PFIL_OUT. The 61.Fn pfil_remove_hook 62removes a hook from the specified lists. 63.Pp 64The 65.Va func 66argument is a function with the following prototype. 67.Pp 68.Fn func "void *data" "int hlen" "struct ifnet *net" "int dir" "struct mbuf **m" 69.Pp 70The 71.Va data 72describes the packet. Currently, this may only be a pointer to a ip structure. The 73.Va net 74and 75.Va m 76arguments describe the network interface and the mbuf holding data for this 77packet. The 78.Va dir 79is the direction; 0 for incoming packets and 1 for outgoing packets. if the function 80returns non-zero, this signals an error and no further processing of this packet is 81performed. The function should set errno to indicate the nature of the error. 82It is the hook's responsibiliy to free the chain if the packet is being dropped. 83.Pp 84The 85.Nm 86interface is enabled in the kernel via the 87.Sy PFIL_HOOKS 88option. 89.Sh RETURN VALUES 90If successful 91.Fn pfil_hook_get 92returns the first member of the packet filter list, 93.Fn pfil_add_hook 94and 95.Fn pfil_remove_hook 96are expected to always succeed. 97.Sh HISTORY 98The 99.Nm 100interface first appeared in 101.Nx 1.3 102.Sh BUGS 103The current 104.Nm 105implementation will need changes to suit a threaded kernel model. 106.Sh SEE ALSO 107.Xr bpf 4 . 108