Date: Wed, 14 Jan 2009 14:20:31 -0600 From: Biks N <freebsd.dev@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: how ipfw firewall is implemented in the kernel Message-ID: <50cd4e5f0901141220o531c6a8hbb5d8097e5b22e6a@mail.gmail.com> In-Reply-To: <200901142042.20449.max@love2party.net> References: <50cd4e5f0901140932x5ed9fd09p7ef4fb35095a59a2@mail.gmail.com> <200901142042.20449.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks a lot!
That was really very helpful!!!
On Wed, Jan 14, 2009 at 1:42 PM, Max Laier <max@love2party.net> wrote:
> On Wednesday 14 January 2009 18:32:07 Biks N wrote:
>> Hi,
>>
>> Can anyone please help me understand how the IPFW firewall is
>> implemented in the kernel.
>>
>> I have created new ACTIONS in ipfw. I have already implemented in the
>> userland.
>>
>> Now i need to check the IPFW rule list (in ip_input.c and in
>> ip_output.c) and call a custom routine if there is a match to those
>> rules.
>>
>> I would really appreciate if anyone could point me to right
>> direction/reference.
>
> ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for
> calls to pfil_run_hooks() in the respective files).
>
> From there the call path goes on to the ipfw_check_* functions defined in
> netinet/ip_fw_pfil.c
>
> Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and
> where you should add your required processing.
>
> --
> /"\ Best regards, | mlaier@freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier@EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50cd4e5f0901141220o531c6a8hbb5d8097e5b22e6a>