svn commit: r240561 - head/share/man/man9
Alexander V. Chernikov
melifaro at FreeBSD.org
Sun Sep 16 13:13:02 UTC 2012
Author: melifaro
Date: Sun Sep 16 13:13:02 2012
New Revision: 240561
URL: http://svn.freebsd.org/changeset/base/240561
Log:
Add section describing existing filtering points.
Document byteorder behavior in AF_INET[6] hooks in new section.
MFC after: 2 weeks
Modified:
head/share/man/man9/pfil.9
Modified: head/share/man/man9/pfil.9
==============================================================================
--- head/share/man/man9/pfil.9 Sun Sep 16 12:08:06 2012 (r240560)
+++ head/share/man/man9/pfil.9 Sun Sep 16 13:13:02 2012 (r240561)
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd September 29, 2004
+.Dd September 16, 2012
.Dt PFIL 9
.Os
.Sh NAME
@@ -122,6 +122,18 @@ The filter returns an error (errno) if t
if the processing is to continue.
If the packet processing is to stop, it is the responsibility of the
filter to free the packet.
+.Sh FILTERING POINTS
+Currently, filtering points are implemented for the following link types:
+.Pp
+.Bl -tag -width "AF_INET6" -offset XXX -compact
+.It AF_INET
+.It AF_INET6
+IPv4 and IPv6 packets. Note that packet header is already
+.Cm converted to host format.
+Host format has to be preserved in case of header modifications.
+.It AF_LINK
+Link-layer packets.
+.El
.Sh RETURN VALUES
If successful,
.Fn pfil_head_get
@@ -187,23 +199,6 @@ The
function
is only safe for internal use.
.Pp
-.Fx
-implements only hooks for
-.Dv AF_INET
-and
-.Dv AF_INET6 .
-Packets diverted through these hooks have data in
-host byte order contrary to the above statements.
-.Pp
-The
-.Xr if_bridge 4
-diverts
-.Dv AF_INET
-and
-.Dv AF_INET6
-traffic according to its sysctl settings, but contrary to the above
-statements, the data is provided in host byte order.
-.Pp
When a
.Vt pfil_head
is being modified, no traffic is diverted
More information about the svn-src-head
mailing list