Packet Filtering
QNX OS uses the FreeBSD implementation of packet filtering (PF). See the FreeBSD documentation for information about the following io-sock packet filtering components:
- pf (https://man.freebsd.org/cgi/man.cgi?query=pf&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- pf.conf (https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- pflog (https://www.freebsd.org/cgi/man.cgi?query=pflog&sektion=4&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- pfctl (https://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- ALTQ (https://man.freebsd.org/cgi/man.cgi?query=altq&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- Berkeley Packet Filter API (https://www.freebsd.org/cgi/man.cgi?query=bpf&sektion=9&manpath=FreeBSD+13.3-RELEASE+and+Ports)
- bpf (https://www.freebsd.org/cgi/man.cgi?query=bpf&sektion=4&manpath=FreeBSD+13.3-RELEASE+and+Ports)
Instructions that provide general information about FreeBSD packet filtering also apply to using the feature with io-sock, with some exceptions. For example, the following documentation is available:
QNX has extended bpf to support multi-packet writes. For more information,
go to the bpf
entry in the Utilities
Reference.
Loading PF
Some operating systems that use FreeBSD PF require you to load the PF kernel module to make the feature available. On QNX OS systems, this is not necessary or supported because the PF module is automatically loaded when you start io-sock.
You use pfctl (https://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&manpath=FreeBSD+13.3-RELEASE+and+Ports) to enable and disable PF. For more information, see the pfctl documentation.
Startup configuration and configuration file
QNX OS does not use the /etc/rc.conf file that FreeBSD provides to configure PF.
Instead, you use pfctl with -f file to specify the configuration file (by default, /etc/pf.conf). A sample file is provided at /usr/share/examples/pf/pf.conf. For more information, see https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&manpath=FreeBSD+13.3-RELEASE+and+Ports.
Because io-sock starts PF, the io-sock PF configuration file does not need or support the pf_enable entry.
The sysrc utility that FreeBSD provides to edit /etc/rc.conf and other files is not provided or needed for io-sock PF.
Protocol name database
Some packet filtering utilities require a protocol name database on the target. For more
information, go to the /etc/protocls
entry in the
Utilities Reference.