The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/modules/netgraph/bpf/ng_bpf.4

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 .\" Copyright (c) 1999 Whistle Communications, Inc.
    2 .\" All rights reserved.
    3 .\" 
    4 .\" Subject to the following obligations and disclaimer of warranty, use and
    5 .\" redistribution of this software, in source or object code forms, with or
    6 .\" without modifications are expressly permitted by Whistle Communications;
    7 .\" provided, however, that:
    8 .\" 1. Any and all reproductions of the source or object code must include the
    9 .\"    copyright notice above and the following disclaimer of warranties; and
   10 .\" 2. No rights are granted, in any manner or form, to use Whistle
   11 .\"    Communications, Inc. trademarks, including the mark "WHISTLE
   12 .\"    COMMUNICATIONS" on advertising, endorsements, or otherwise except as
   13 .\"    such appears in the above copyright notice or in the software.
   14 .\" 
   15 .\" THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
   16 .\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
   17 .\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
   18 .\" INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
   19 .\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
   20 .\" WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
   21 .\" REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
   22 .\" SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
   23 .\" IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
   24 .\" RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
   25 .\" WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
   26 .\" PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
   27 .\" SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
   28 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   29 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   30 .\" THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
   31 .\" OF SUCH DAMAGE.
   32 .\" 
   33 .\" Author: Archie Cobbs <archie@freebsd.org>
   34 .\"
   35 .\" $FreeBSD$
   36 .\" $Whistle: ng_bpf.8,v 1.2 1999/12/03 01:57:12 archie Exp $
   37 .\"
   38 .Dd December 2, 1999
   39 .Dt NG_BPF 4
   40 .Os FreeBSD 4.0
   41 .Sh NAME
   42 .Nm ng_bpf
   43 .Nd Berkeley packet filter netgraph node type
   44 .Sh SYNOPSIS
   45 .Fd #include <net/bpf.h>
   46 .Fd #include <netgraph/ng_bpf.h>
   47 .Sh DESCRIPTION
   48 The
   49 .Nm bpf
   50 node type allows Berkeley Packet Filter (see
   51 .Xr bpf 8 )
   52 filters to be applied to data travelling through a Netgraph network.
   53 Each node allows an arbitrary number of connections to arbitrarily
   54 named hooks.  With each hook is associated a
   55 .Xf bpf 8
   56 filter program which is applied to incoming data only, a destination hook
   57 for matching packets, a destination hook for non-matching packets,
   58 and various statistics counters.
   59 .Pp
   60 A
   61 .Xr bpf 8
   62 program returns an unsigned integer, which is normally interpreted as
   63 the length of the prefix of the packet to return.  In the context of this
   64 node type, returning zero is considered a non-match, in which case the
   65 entire packet is delivered out the non-match destination hook.
   66 Returning a value greater than zero causes the packet to be truncated
   67 to that length and delivered out the match destination hook.
   68 Either or both destination hooks may be the empty string, or may
   69 not exist, in which case the packet is dropped.
   70 .Pp
   71 New hooks are initially configured to drop all packets.
   72 A new filter may be installed using the
   73 .Dv NGM_BPF_SET_FILTER
   74 control message.
   75 .Sh HOOKS
   76 This node type supports any number of hooks having arbitrary names.
   77 .Sh CONTROL MESSAGES
   78 This node type supports the generic control messages, plus the following:
   79 .Bl -tag -width foo
   80 .It Dv NGM_BPF_SET_FILTER
   81 This command sets the filter program that will be applied to incoming
   82 data on a hook.  The following structure must be supplied as an argument:
   83 .Bd -literal -offset 4n
   84 struct ngm_bpf_hookprog {
   85   char            thisHook[NG_HOOKLEN+1];   /* name of hook */
   86   char            ifMatch[NG_HOOKLEN+1];    /* match dest hook */
   87   char            ifNotMatch[NG_HOOKLEN+1]; /* !match dest hook */
   88   int32_t         bpf_prog_len;             /* #isns in program */
   89   struct bpf_insn bpf_prog[0];              /* bpf program */
   90 };
   91 .Ed
   92 .Pp
   93 The hook to be updated is specified in
   94 .Dv thisHook .
   95 The BPF program is the sequence of instructions in the
   96 .Dv bpf_prog
   97 array; there must be
   98 .Dv bpf_prog_len
   99 of them.
  100 Matching and non-matching incoming packets are delivered out the hooks named
  101 .Dv ifMatch
  102 and
  103 .Dv ifNotMatch ,
  104 respectively.  The program must be a valid
  105 .Xr bpf 8
  106 program or else
  107 .Er EINVAL
  108 is returned.
  109 .It Dv NGM_BPF_GET_FILTER
  110 This command takes an ASCII string argument, the hook name, and returns the
  111 corresponding
  112 .Dv "struct ngm_bpf_hookprog"
  113 as shown above.
  114 .It Dv NGM_BPF_GET_STATS
  115 This command takes an ASCII string argument, the hook name, and returns the
  116 statistics associated with the hook as a
  117 .Dv "struct ng_bpf_hookstat" .
  118 .It Dv NGM_BPF_CLR_STATS
  119 This command takes an ASCII string argument, the hook name, and clears the
  120 statistics associated with the hook.
  121 .It Dv NGM_BPF_GETCLR_STATS
  122 This command is identical to
  123 .Dv NGM_BPF_GET_STATS ,
  124 except that the statistics are also atomically cleared.
  125 .El
  126 .Sh SHUTDOWN
  127 This node shuts down upon receipt of a
  128 .Dv NGM_SHUTDOWN
  129 control message, or when all hooks have been disconnected.
  130 .Sh BUGS
  131 When built as a loadable kernel module, this module includes the file
  132 .Dv "net/bpf_filter.c" .
  133 Although loading the module should fail if
  134 .Dv "net/bpf_filter.c"
  135 already exists in the kernel, currently it does not, and the duplicate
  136 copies of the file do not interfere.
  137 However, this may change in the future.
  138 .Sh SEE ALSO
  139 .Xr netgraph 4 ,
  140 .Xr bpf 4 ,
  141 .Xr ngctl 8
  142 .Sh AUTHOR
  143 Archie Cobbs <archie@freebsd.org>

Cache object: 9e41732d4db8720809e25b46d0aff98a

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.