From owner-freebsd-net@FreeBSD.ORG Thu Mar 30 23:52:11 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C72016A41F for ; Thu, 30 Mar 2006 23:52:11 +0000 (UTC) (envelope-from bms@spc.org) Received: from mindfull.spc.org (mindfull.spc.org [83.167.185.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id E765743D45 for ; Thu, 30 Mar 2006 23:52:10 +0000 (GMT) (envelope-from bms@spc.org) Received: from arginine.spc.org ([83.167.185.2]) by mindfull.spc.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1FP6vq-0001AS-Nr; Fri, 31 Mar 2006 00:52:02 +0100 Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 85CA265499; Fri, 31 Mar 2006 00:52:07 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 77056-04-2; Fri, 31 Mar 2006 00:52:06 +0100 (BST) Received: by arginine.spc.org (Postfix, from userid 1078) id 68151653F9; Fri, 31 Mar 2006 00:52:06 +0100 (BST) Date: Fri, 31 Mar 2006 00:52:06 +0100 From: Bruce M Simpson To: Mikhail Teterin Message-ID: <20060330235206.GC80492@spc.org> References: <200603301657.43218.mi+mx@aldan.algebra.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603301657.43218.mi+mx@aldan.algebra.com> User-Agent: Mutt/1.4.1i Organization: Incunabulum X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mindfull.spc.org X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - spc.org X-Source: X-Source-Args: X-Source-Dir: Cc: rizzo@icir.org, net@freebsd.org, ugen@worldbank.org, archie@dellroad.org, ugen@netvision.net.il Subject: Re: Is there an API for ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 23:52:11 -0000 On Thu, Mar 30, 2006 at 04:57:42PM -0500, Mikhail Teterin wrote: > Is there any way to create/alter such a pipe from a C-program without using > system("ipfw ....")? XORP has a module for IPFW2 which micro-assembles IPFW2 instruction sequences on the fly from a relatively simple filtering rule representation which is internal to the XORP FEA. This is however written in C++ but it might give you some ideas about how to go about doing what you need to do -- particularly the code comments. See: http://xorpc.icir.org/cgi-bin/cvsweb.cgi/xorp/fea/pa_backend_ipfw2.cc?rev=1.8&content-type=text/x-cvsweb-markup ...particularly PaIpfw2Backend::transcribe_rule4(). Regards, BMS