From owner-freebsd-questions@FreeBSD.ORG Wed Oct 15 01:14:41 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5ACEA1065698 for ; Wed, 15 Oct 2008 01:14:41 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id DDBDA8FC22 for ; Wed, 15 Oct 2008 01:14:40 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-035-178.pools.arcor-ip.net [88.66.35.178]) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis) id 0MKxQS-1Kpum50N8r-0002Ep; Wed, 15 Oct 2008 03:02:05 +0200 Received: (qmail 6889 invoked from network); 15 Oct 2008 01:02:04 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by laiers.local with SMTP; 15 Oct 2008 01:02:04 -0000 From: Max Laier Organization: FreeBSD To: freebsd-hackers@freebsd.org Date: Wed, 15 Oct 2008 03:02:03 +0200 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <290865fd0810141747l39b80e2ao329c8212061a67c1@mail.gmail.com> In-Reply-To: <290865fd0810141747l39b80e2ao329c8212061a67c1@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810150302.03949.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19AIYS8bD8GmseG8+cVhh9n0Uq+IQC5R3Yk8zs w+wOO38iZkVcNJM0Lr43oz37C992DfjcgOuNnpx83Tir7htIpn JwM32o81aaSPz81tJC3Pw== Cc: alan yang , freebsd-questions@freebsd.org Subject: Re: tracing pf code X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2008 01:14:41 -0000 On Wednesday 15 October 2008 02:47:46 alan yang wrote: > hello, > > for pf port on freebsd, i would like to trace the packet flow, looking > at from ether_input -> etiher_demux -> ip_input -> tcp_input where / > how pf handles / process the packet. > > can people shed some lights where to start. really appreciate. ps hooks into the pfil(9) hook point in ip[6]_{in,out}put(). Look for calls to "pfil_run_hooks" in the code. From there the call proceeds to the hook functions defined in pf_ioctl.c pf_check_{in,out}[6]. The processing inside pf is best understood by looking at the following chart: http://homepage.mac.com/quension/pf/flow.png Is this the information you are looking for? -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News