From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 14 20:20:33 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 566611065676 for ; Wed, 14 Jan 2009 20:20:33 +0000 (UTC) (envelope-from freebsd.dev@gmail.com) Received: from mail-fx0-f11.google.com (mail-fx0-f11.google.com [209.85.220.11]) by mx1.freebsd.org (Postfix) with ESMTP id A2DE38FC20 for ; Wed, 14 Jan 2009 20:20:32 +0000 (UTC) (envelope-from freebsd.dev@gmail.com) Received: by fxm4 with SMTP id 4so171626fxm.19 for ; Wed, 14 Jan 2009 12:20:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:cc:content-type :content-transfer-encoding; bh=HToB+h78fJLN+VjYi1v0lSaDsE7z+CVWp4NGR6Z0j5E=; b=R7W30fbKC2DJq6SPr/U29TeSWj3F/cInnRW2ooieSRI2DqZ3uT9CUMdYWbcowxTown IkLRX1K5Jo0InCpDIbOvDDmAPOhbdTI/BPt9BEk+FDkWCQPFjwv9k1SpJkjGLdsZVW+P wnzBEiEVpXBfuyYeVECdkW5Ab6o/vEEvuAguQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type:content-transfer-encoding; b=FyNNMKK73tm4Wv9aWAyAkzQhh/00J2iN+kb8WoEzX7X3zg++vbuXGfhDppeeWC+8NF 669al3UMa5MiOjMaUpjNFRB7aq7kHISDeR4e9+sJuJSO04D8eXR61+uCX1eTwWZWmGaK umOQ96ngxFhxw/JXNsjWGkVl/sb+A194nGSuU= MIME-Version: 1.0 Received: by 10.103.221.5 with SMTP id y5mr275149muq.66.1231964431325; Wed, 14 Jan 2009 12:20:31 -0800 (PST) In-Reply-To: <200901142042.20449.max@love2party.net> References: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com> <200901142042.20449.max@love2party.net> Date: Wed, 14 Jan 2009 14:20:31 -0600 Message-ID: <50cd4e5f0901141220o531c6a8hbb5d8097e5b22e6a@mail.gmail.com> From: Biks N Cc: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: how ipfw firewall is implemented in the kernel X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 20:20:33 -0000 Thanks a lot! That was really very helpful!!! On Wed, Jan 14, 2009 at 1:42 PM, Max Laier wrote: > On Wednesday 14 January 2009 18:32:07 Biks N wrote: >> Hi, >> >> Can anyone please help me understand how the IPFW firewall is >> implemented in the kernel. >> >> I have created new ACTIONS in ipfw. I have already implemented in the >> userland. >> >> Now i need to check the IPFW rule list (in ip_input.c and in >> ip_output.c) and call a custom routine if there is a match to those >> rules. >> >> I would really appreciate if anyone could point me to right >> direction/reference. > > ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for > calls to pfil_run_hooks() in the respective files). > > From there the call path goes on to the ipfw_check_* functions defined in > netinet/ip_fw_pfil.c > > Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and > where you should add your required processing. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News >