how ipfw firewall is implemented in the kernel
Max Laier
max at love2party.net
Wed Jan 14 11:42:23 PST 2009
On Wednesday 14 January 2009 18:32:07 Biks N wrote:
> Hi,
>
> Can anyone please help me understand how the IPFW firewall is
> implemented in the kernel.
>
> I have created new ACTIONS in ipfw. I have already implemented in the
> userland.
>
> Now i need to check the IPFW rule list (in ip_input.c and in
> ip_output.c) and call a custom routine if there is a match to those
> rules.
>
> I would really appreciate if anyone could point me to right
> direction/reference.
ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for
calls to pfil_run_hooks() in the respective files).
From there the call path goes on to the ipfw_check_* functions defined in
netinet/ip_fw_pfil.c
Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and
where you should add your required processing.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-hackers
mailing list