Packet Filtering

QNX SDP8.0High-Performance Networking Stack (io-sock) User's GuideAPIArchitecture

QNX OS uses the FreeBSD implementation of packet filtering (PF). See the FreeBSD documentation for information about the following io-sock packet filtering components:

Instructions that provide general information about FreeBSD packet filtering also apply to using the feature with io-sock, with some exceptions. For example, the following documentation is available:

QNX has extended bpf to support multi-packet writes. For more information, go to the bpf entry in the Utilities Reference.

Loading PF

Some operating systems that use FreeBSD PF require you to load the PF kernel module to make the feature available. On QNX OS systems, this is not necessary or supported because the PF module is automatically loaded when you start io-sock.

You use pfctl (https://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&manpath=FreeBSD+13.3-RELEASE+and+Ports) to enable and disable PF. For more information, see the pfctl documentation.

Startup configuration and configuration file

QNX OS does not use the /etc/rc.conf file that FreeBSD provides to configure PF.

Instead, you use pfctl with -f file to specify the configuration file (by default, /etc/pf.conf). A sample file is provided at /usr/share/examples/pf/pf.conf. For more information, see https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&manpath=FreeBSD+13.3-RELEASE+and+Ports.

Because io-sock starts PF, the io-sock PF configuration file does not need or support the pf_enable entry.

The sysrc utility that FreeBSD provides to edit /etc/rc.conf and other files is not provided or needed for io-sock PF.

Protocol name database

Some packet filtering utilities require a protocol name database on the target. For more information, go to the /etc/protocls entry in the Utilities Reference.

Page updated: