From owner-freebsd-hackers  Mon Jul  2 15:42:32 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id DA44237B401
	for <freebsd-hackers@freebsd.org>; Mon,  2 Jul 2001 15:42:29 -0700 (PDT)
	(envelope-from billf@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1098)
	id B6D7081D05; Mon,  2 Jul 2001 17:42:19 -0500 (CDT)
Date: Mon, 2 Jul 2001 17:42:19 -0500
From: Bill Fumerola <billf@mu.org>
To: "Eugene L. Vorokov" <vel@bugz.infotecs.ru>
Cc: freebsd-hackers@freebsd.org
Subject: Re: catching ip packets from module
Message-ID: <20010702174219.K47870@elvis.mu.org>
References: <200107021532.f62FWEw87507@bugz.infotecs.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200107021532.f62FWEw87507@bugz.infotecs.ru>; from vel@bugz.infotecs.ru on Mon, Jul 02, 2001 at 07:32:13PM +0400
X-Operating-System: FreeBSD 4.3-FEARSOME-20010617 i386
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Mon, Jul 02, 2001 at 07:32:13PM +0400, Eugene L. Vorokov wrote:
> Hello,
> 
> can please someone enlighten me how can a module catch ip packets before
> they actually enter the stack, the way ipfw or ipf does ? I tried to look
> at the sources, but ipfw seems to do it some very specific way which
> is based on some in-kernel hacks to make it possible (ofcourse correct me
> if I'm wrong), and ipf does so many things at startup so I can't figure
> out which function does what :( I just want to add my handler so that
> all packets would be passed to it before entering the kernel ...

the way ipfw or ipf does? by adding hacks^H^H^H^Hooks into ip_{in,out}put()
search for ip_fw_chk_ptr and fr_checkp, those are the money functions.
everything else is just setup and reaction.

as far as non-hacks that do similar things, as alfred points out netgraph
is probably the most modular way to drop in raw-frame-needing-module-X.

-- 
Bill Fumerola - security yahoo         / Yahoo! inc.
              - fumerola@yahoo-inc.com / billf@FreeBSD.org




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message