From owner-freebsd-hackers@FreeBSD.ORG  Wed Jan 14 19:42:22 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABBFC1065670
	for <freebsd-hackers@freebsd.org>; Wed, 14 Jan 2009 19:42:22 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])
	by mx1.freebsd.org (Postfix) with ESMTP id 3EB098FC1A
	for <freebsd-hackers@freebsd.org>; Wed, 14 Jan 2009 19:42:22 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from vampire.homelinux.org (dslb-088-066-024-080.pools.arcor-ip.net
	[88.66.24.80])
	by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis)
	id 0MKwtQ-1LNBd701ni-0005AF; Wed, 14 Jan 2009 20:42:21 +0100
Received: (qmail 40104 invoked from network); 14 Jan 2009 19:42:20 -0000
Received: from fbsd8.laiers.local (192.168.4.151)
	by laiers.local with SMTP; 14 Jan 2009 19:42:20 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-hackers@freebsd.org
Date: Wed, 14 Jan 2009 20:42:20 +0100
User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; )
References: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com>
In-Reply-To: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200901142042.20449.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX19h1xXgJzrAFlNM19/j22/pMfw1Vth0k2rrqYq
	JeiTOrcPcs07eu+Q0WqLdM++BnidmeXlDYk3zEo8S4q1gnA8Bp
	kLzxU6y5REtO71q4gUV9Q==
Cc: Biks N <freebsd.dev@gmail.com>
Subject: Re: how ipfw firewall is implemented in the kernel
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2009 19:42:23 -0000

On Wednesday 14 January 2009 18:32:07 Biks N wrote:
> Hi,
>
> Can anyone please help me understand how the IPFW firewall is
> implemented in the kernel.
>
> I have created new ACTIONS in ipfw. I have already implemented in the
> userland.
>
> Now i need to check the IPFW rule list (in ip_input.c and in
> ip_output.c) and call a custom routine if there is a match to those
> rules.
>
> I would really appreciate if anyone could point me to right
> direction/reference.

ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for=20
calls to pfil_run_hooks() in the respective files).

=46rom there the call path goes on to the ipfw_check_* functions defined in=
=20
netinet/ip_fw_pfil.c

=46inally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and=
=20
where you should add your required processing.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News