tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Global ingress filter for ip


I was wondering about adding a global ingress filter functionnality to NetBSD.
I've began to work on it and I wanted to have some advices.

The functionnality is aimed to be used by encap subsystems like gif
and stf. also a sysctl can trigger the filter globally.
Flags are added in the pkthdr struct to keep track of the ingress check.

Actually, I've just implemented the ip_input() side. Are things done
the right way ?
The benefits would be to have a single ingress check by packet
(actually, If a did a good check, the ingress filter is applied for
each configured tunnel). The implementation allows a subsystem to
force the filter for a given packet, and a subsystem can ask for the
packet's ingress status (by using

Here is my current code

int main(int c,char**v){int b,e=(c>>24)+6,g=c==1?1:e>>4;
*d){if((e&=15)>7)putchar((b>>(e-=8))&255); d++;main(((e|
32)<<24)|(b&4095),&d);}return g<2&&c>2?main(--c,v):1;}

Home | Main Index | Thread Index | Old Index