From owner-freebsd-hackers@FreeBSD.ORG  Tue Nov 26 00:31:45 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C4F7A838
 for <freebsd-hackers@freebsd.org>; Tue, 26 Nov 2013 00:31:45 +0000 (UTC)
Received: from mail.rlwinm.de (mail.rlwinm.de [46.4.89.243])
 by mx1.freebsd.org (Postfix) with ESMTP id 8929B2522
 for <freebsd-hackers@freebsd.org>; Tue, 26 Nov 2013 00:31:45 +0000 (UTC)
Received: from hexe.rlwinm.de (p57A7C0C7.dip0.t-ipconnect.de [87.167.192.199])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.rlwinm.de (Postfix) with ESMTPSA id 10CB95AE7
 for <freebsd-hackers@freebsd.org>; Tue, 26 Nov 2013 00:31:44 +0000 (UTC)
Message-ID: <5293EBEF.5040605@rlwinm.de>
Date: Tue, 26 Nov 2013 01:31:43 +0100
From: Jan Bramkamp <crest@rlwinm.de>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
Subject: Re: Do pfil(9) hooks receive TCP retransmissions?
References: <20131125181232.GB6275@kiwi.coupleofllamas.com>
In-Reply-To: <20131125181232.GB6275@kiwi.coupleofllamas.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 00:31:45 -0000

On 25.11.2013 19:12, R. Tyler Croy wrote:
> 
> I'm looking at the pfil(9) interface to accomplish some packet inspection
> tasks, but the man page leaves some ambiguity in this case.
> 
> If the hooks are not invoked multiple times for retransmissions then I can
> imagine it being relatively "simple" to implement a basic firewall with these
> hooks without implementing loads of state tracking for packets.
> 
> 
> I would appreciate any guidance the list can offer on using pfil(9) :)
> 

Why do you want to reinvent the wheel? What requires you to start from
scratch with pfil(9)?