Date: Wed, 15 Oct 2008 03:02:03 +0200 From: Max Laier <max@love2party.net> To: freebsd-hackers@freebsd.org Cc: alan yang <alancyang@gmail.com>, freebsd-questions@freebsd.org Subject: Re: tracing pf code Message-ID: <200810150302.03949.max@love2party.net> In-Reply-To: <290865fd0810141747l39b80e2ao329c8212061a67c1@mail.gmail.com> References: <290865fd0810141747l39b80e2ao329c8212061a67c1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 15 October 2008 02:47:46 alan yang wrote:
> hello,
>
> for pf port on freebsd, i would like to trace the packet flow, looking
> at from ether_input -> etiher_demux -> ip_input -> tcp_input where /
> how pf handles / process the packet.
>
> can people shed some lights where to start. really appreciate.
ps hooks into the pfil(9) hook point in ip[6]_{in,out}put(). Look for calls
to "pfil_run_hooks" in the code. From there the call proceeds to the hook
functions defined in pf_ioctl.c pf_check_{in,out}[6].
The processing inside pf is best understood by looking at the following chart:
http://homepage.mac.com/quension/pf/flow.png
Is this the information you are looking for?
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810150302.03949.max>