xref: /netbsd-src/share/man/man9/pfil.9 (revision c41a4eebefede43f6950f838a387dc18c6a431bf) 
1.\"	$NetBSD: pfil.9,v 1.7 1997/11/11 10:07:18 mrg Exp $
2.\"
3.\" Copyright (c) 1996 Matthew R. Green
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. The name of the author may not be used to endorse or promote products
15.\"    derived from this software without specific prior written permission.
16.\"
17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
22.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27.\" SUCH DAMAGE.
28.\"
29.Dd August 4, 1996
30.Dt PFIL 9
31.Os NetBSD
32.Sh NAME
33.Nm pfil ,
34.Nm pfil_hook_get ,
35.Nm pfil_add_hook ,
36.Nm pfil_remove_hook
37.Nd packet filter interface
38.Sh SYNOPSIS
39.Fd #include <sys/param.h>
40.Fd #include <netinet/ip.h>
41.Ft struct packet_filter_hook *
42.Fn pfil_hook_get int
43.Ft void
44.Fn pfil_add_hook "int (*func)()" "int flags"
45.Ft void
46.Fn pfil_remove_hook "int (*func)()" "int flags"
47.\"(void *, int, struct ifnet *, int, struct mbuf **)
48.Sh DESCRIPTION
49The
50.Nm
51interface allows a function to be called on every incoming or outgoing
52packets.  The hooks for these are embedded in the
53.Fn ip_input
54and
55.Fn ip_output
56routines.  The
57.Fn pfil_hook_get
58function returns the first member of a particular hook, either the in or out
59list.  The
60.Fn pfil_add_hook
61function takes a function of the form below as it's first argument, and the
62flags for which lists to add the function to.  The possible values for these
63flags are some combination of PFIL_IN and PFIL_OUT.  The
64.Fn pfil_remove_hook
65removes a hook from the specified lists.
66.Pp
67The
68.Va func
69argument is a function with the following prototype.
70.Pp
71.Fn func "void *data" "int hlen" "struct ifnet *net" "int dir" "struct mbuf **m"
72.Pp
73The
74.Va data
75describes the packet.  Currently, this may only be a pointer to a ip structure.  The
76.Va net
77and
78.Va m
79arguments describe the network interface and the mbuf holding data for this
80packet.  The
81.Va dir
82is the direction; 0 for incoming packets and 1 for outgoing packets.  if the function
83returns non-zero, this signals an error and no further processing of this packet is
84performed.  The function should set errno to indicate the nature of the error.
85It is the hook's responsibiliy to free the chain if the packet is being dropped.
86.Pp
87The
88.Nm
89interface is enabled in the kernel via the
90.Sy PFIL_HOOKS
91option.
92.Sh RETURN VALUES
93If successful
94.Fn pfil_hook_get
95returns the first member of the packet filter list,
96.Fn pfil_add_hook
97and
98.Fn pfil_remove_hook
99are expected to always succeed.
100.Sh HISTORY
101The
102.Nm
103interface first appeared in
104.Nx 1.3
105.Sh BUGS
106The current
107.Nm
108implementation will need changes to suit a threaded kernel model.
109.Sh SEE ALSO
110.Xr bpf 4 .
111