man/man9/pfil.9

.\"	$NetBSD: pfil.9,v 1.4 1997/04/13 13:48:51 mrg Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"        This product includes software developed by Matthew R. Green for
.\"        the NetBSD Project.
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
.\"    contributors may be used to endorse or promote products derived
.\"    from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd August 4, 1996
.Dt PFIL 9
.Os NetBSD
.Sh NAME
.Nm pfil
.Nd packet filter interface
.Sh SYNOPSIS
.Fd #include <sys/param.h>
.Fd #include <netinet/ip.h>
.Ft struct packet_filter_hook *
.Fn pfil_hook_get int
.Ft void
.Fn pfil_add_hook "int (*func)()" "int flags"
.Ft void
.Fn pfil_remove_hook "int (*func)()" "int flags"
.\"(void *, int, struct ifnet *, int, struct mbuf **)
.Sh DESCRIPTION
The
.Nm
interface allows a function to be called on every incoming or outgoing
packets.  The hooks for these are embedded in the
.Fn ip_input
and
.Fn ip_output
routines.  The
.Fn pfil_hook_get
function returns the first member of a particular hook, either the in or out
list.  The
.Fn pfil_add_hook
function takes a function of the form below as it's first argument, and the
flags for which lists to add the function to.  The possible values for these
flags are some combination of PFIL_IN and PFIL_OUT.  The
.Fn pfil_remove_hook
removes a hook from the specified lists.
.Pp
The
.Va func
argument is a function with the following prototype.
.Pp
.Fn func "void *data" "int hlen" "struct ifnet *net" "int dir" "struct mbuf **m"
.Pp
The
.Va data
describes the packet.  Currently, this may only be a pointer to a ip structure.  The
.Va net
and
.Va m
arguments describe the network interface and the mbuf holding data for this
packet.  The
.Va dir
is the direction; 0 for incoming packets and 1 for outgoing packets.  if the function
returns non-zero, this signals an error and no further processing of this packet is
performed.  The function should set errno to indicate the nature of the error.
It is the hook's responsibiliy to free the chain if the packet is being dropped.
.Pp
The
.Nm
interface is enabled in the kernel via the
.Sy PFIL_HOOKS
option.
.Sh RETURN VALUES
If successful
.Fn pfil_hook_get
returns the first member of the packet filter list,
.Fn pfil_add_hook
and
.Fn pfil_remove_hook
are expected to always succeed.
.Sh HISTORY
The
.Nm
interface first appeared in
.Nx 1.3
.Sh BUGS
The current
.Nm
implementation will need changes to suit a threaded kernel model.
.Sh SEE ALSO
.Xr bpf 4 .