In principle, the pseudo-devices involved with packet filtering are as follows:
- pf is involved in filtering network traffic
- bpf is an interface that captures and accesses raw network traffic.
The pf pseudo-device is implemented using pfil
hooks; bpf is implemented as a tap in all the network drivers.
We'll discuss them briefly from the point of view of their attachment to
the rest of the stack.
Note:
If you're using QNX Neutrino 6.4.1 or earlier,
you should use
ioctl_socket() instead of
ioctl()
in your packet-filtering code.
With the microkernel message-passing architecture,
ioctl() calls
that have pointers embedded in them need to be handled specially.
The
ioctl_socket() function uses
ioctl()
for functionality that doesn't require special handling.
In QNX Neutrino 6.5.0 and later, ioctl() handles embedded
pointers, so you don't have to use ioctl_socket() instead.