tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Global ingress filter for ip



On Fri, Mar 28, 2008 at 02:36:30AM +0100, Rodolphe De Saint Leger wrote:
> Hi,
> 
> I was wondering about adding a global ingress filter functionnality to NetBSD.
> I've began to work on it and I wanted to have some advices.
> 
> The functionnality is aimed to be used by encap subsystems like gif
> and stf. also a sysctl can trigger the filter globally.
> Flags are added in the pkthdr struct to keep track of the ingress check.

What does this do that cannot be done by a standard packet filter (e.g.
ipf or pf) using the existing ip_input filter hook?

Thor


Home | Main Index | Thread Index | Old Index