Date: Fri, 31 Mar 2006 00:52:06 +0100 From: Bruce M Simpson <bms@spc.org> To: Mikhail Teterin <mi+mx@aldan.algebra.com> Cc: rizzo@icir.org, net@freebsd.org, ugen@worldbank.org, archie@dellroad.org, ugen@netvision.net.il Subject: Re: Is there an API for ipfw? Message-ID: <20060330235206.GC80492@spc.org> In-Reply-To: <200603301657.43218.mi%2Bmx@aldan.algebra.com> References: <200603301657.43218.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 30, 2006 at 04:57:42PM -0500, Mikhail Teterin wrote:
> Is there any way to create/alter such a pipe from a C-program without using
> system("ipfw ....")?
XORP has a module for IPFW2 which micro-assembles IPFW2 instruction
sequences on the fly from a relatively simple filtering rule representation
which is internal to the XORP FEA.
This is however written in C++ but it might give you some ideas about how
to go about doing what you need to do -- particularly the code comments.
See: http://xorpc.icir.org/cgi-bin/cvsweb.cgi/xorp/fea/pa_backend_ipfw2.cc?rev=1.8&content-type=text/x-cvsweb-markup
...particularly PaIpfw2Backend::transcribe_rule4().
Regards,
BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060330235206.GC80492>