Solved Which directory is the PF daemon located in?

Hello everyone,

Which directory is the PF daemon located in? Why use ps -ax to view only show [pf purge], what does this mean?

Thanks.
 
PF resides mostly in the kernel and won't see much of it as user space processes, only a few of those kernel threads that run in the userspace but are controlled by the kernel. The actual packet filtering happens in the interrupt handlers that you won't see in the process list.
 
As Kpa said, there is no daemon. The [pf purge] you see is not a daemon, but a kernel thread.
This is a housekeeping thread for pf, where it cleans up expired states, rules, fragments, ...

It runs entirely in the kernel. The only user-space bit of pf is pfctl.

The source code for pf lives in /usr/src/sys/netpfil/pf. These are the bits that run in the kernel. They're usually loaded as a kernel module, which would typically be installed in /boot/kernel/pf.ko.
 
  • Thanks
Reactions: sdf
Ťhanks you very much. However, nothing can be seen in OpenBSD, except for pflogd.
 
OpenBSD run the purge code differently. They still have a background task in the kernel that runs from time to time, but it won't get listed in the process list. It's a subtle and mostly irrelevant distinction.
 
  • Thanks
Reactions: sdf
Back
Top