[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How can pf intercept packet?



On Thu, Apr 10, 2003 at 08:46:00AM +0900, dreamer wrote:
> Where is the position of pf? 
> ---------   -----------   ----------   ----------   -------------
> | DEVICE |--| DATA LINK|--|   IP   |--|  tcp/UDP |--| application|> ---------   -----------   ----------   ----------   -------------
                              |^
                              v|                              pf
About there. The IP layer passes the packets to pf before dispatching
them to the protocol (TCP, UDP, ICMP) layer (for incoming packets),
or before passing them to the ethernet layer (for outgoing packets).
There are additional hooks to pf on ethernet layer in case of a bridge
and some more to handle encapsulated packets (IPsec, tunnels).
If you want to find the hooks in the kernel source, grep for "pf_test(".
Daniel