Date: Wed, 14 Jan 2009 20:42:20 +0100 From: Max Laier <max@love2party.net> To: freebsd-hackers@freebsd.org Cc: Biks N <freebsd.dev@gmail.com> Subject: Re: how ipfw firewall is implemented in the kernel Message-ID: <200901142042.20449.max@love2party.net> In-Reply-To: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com> References: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 14 January 2009 18:32:07 Biks N wrote:
> Hi,
>
> Can anyone please help me understand how the IPFW firewall is
> implemented in the kernel.
>
> I have created new ACTIONS in ipfw. I have already implemented in the
> userland.
>
> Now i need to check the IPFW rule list (in ip_input.c and in
> ip_output.c) and call a custom routine if there is a match to those
> rules.
>
> I would really appreciate if anyone could point me to right
> direction/reference.
ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for=20
calls to pfil_run_hooks() in the respective files).
=46rom there the call path goes on to the ipfw_check_* functions defined in=
=20
netinet/ip_fw_pfil.c
=46inally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and=
=20
where you should add your required processing.
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901142042.20449.max>