free hit counter
You can write your own C code or Tcl scripts to serve as an action for a rule. Such routines are referred to as extensions.

A rule calls an extension written in C as follows:

ip any any -> any any ( ) c-ext:limit:1.0:1:limit test;

The c-ext construct specfies that the action is implemented by the function limit. Whenever the condition of the rule is met, the function limit is invoked. The string following the colon, 1.0:1:limit test is passed directly to the called function.

The C calling interface is as follows:

int action (Evl_Manager_t *, Pkt_ProcessPkt_t *, void **mystate, void *argument )

The called function gets a pointer to the rule manager (a structure which encapsulates the rules), a pointer to a structure encapsulating the packet, a pointer to a void *, which is initialized to NULL, and can be used by the called function to register persistent state, and an argument, which is the string, e.g., 1.0:1:limit test for the example above.

The function is to return 0, just in case the packet is not to be dropped; a nonzero return code is used to indicate the packet should be dropped.

Axinix includes with the following C extensions:

A rule calls an extension written in Tcl as follows:

ip any any -> any any ( ) tcl-ext:uscript_1;

The tcl-ext construct specfies that the action is implemented by the Tcl proc uscript_1. Whenever the condition of the rule is met, the proc uscript_1 is invoked.

The Tcl interface is as follows:

proc uscript_1 { mgr pkt }

The manager and the packet are passed to the proc; there is no returned value.

Axinix includes the following Tcl plugins: