Presentation is loading. Please wait.

Presentation is loading. Please wait.

FSU CIS 5930 Internet Protocols

Published byDewi Gunardi Modified over 6 years ago

Similar presentations

Presentation on theme: "FSU CIS 5930 Internet Protocols"— Presentation transcript:

1 FSU CIS 5930 Internet Protocols
NETFILTER Reading: Chapter 19 Fall 2004 FSU CIS 5930 Internet Protocols

2 FSU CIS 5930 Internet Protocols
NETFILTER NF_IP_LOCAL_IN (iptables: INPUT) CRC Check Consistency check Routing NF_IP_FORWARD (iptables: FORWARD) Higher layers Local processes NF_IP_LOCAL_OUT (iptables: OUTPUT) Forwarded packets Incoming packets Outgoing packets Device driver (input) Device driver (output) NF_IP_PRE_ROUTING NF_IP_POST_ROUTING Fall 2004 FSU CIS 5930 Internet Protocols

3 FSU CIS 5930 Internet Protocols
NETFILTER hooks A means to insert packet filter code at well-defined locations NF_IP_PRE_ROUTING NF_IP_LOCAL_IN NF_IP_FORWARD NF_IP_LOCAL_OUT NF_IP_POST_ROUTING Fall 2004 FSU CIS 5930 Internet Protocols

4 FSU CIS 5930 Internet Protocols
NF_HOOK() #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (list_empty(&nf_hooks[(pf)][(hook)]) ? (okfn)(skb) : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn))) One example: return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, output_maybe_reroute); Fall 2004 FSU CIS 5930 Internet Protocols

5 Register/unregister hook functions
Template of hook functions nf_register_hook() nf_unregister_hook() typedef unsigned int nf_hookfn(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)); Fall 2004 FSU CIS 5930 Internet Protocols

6 FSU CIS 5930 Internet Protocols
struct nf_hook_ops Struct nf_hook_ops { struct list_head list; nf_hookfn *hook; int pf; int hooknum; int priority; }; Fall 2004 FSU CIS 5930 Internet Protocols

Download ppt "FSU CIS 5930 Internet Protocols"

Similar presentations

COMS W6998 Spring 2010 Erich Nahum

COMS W6998 Spring 2010 Erich Nahum
For(int i = 1; i

For(int i = 1; i
. STL: C++ Standard Library (continued). STL Iterators u Iterators are allow to traverse sequences u Methods  operator*  operator->  operator++, and.

. STL: C++ Standard Library (continued). STL Iterators u Iterators are allow to traverse sequences u Methods  operator*  operator->  operator++, and.
Chapter 6 Structures By C. Shing ITEC Dept Radford University.

Chapter 6 Structures By C. Shing ITEC Dept Radford University.
The Journey of a Packet Through the Linux Network Stack

The Journey of a Packet Through the Linux Network Stack
Module R2 Overview. Process queues As processes enter the system and transition from state to state, they are stored queues. There may be many different.

Module R2 Overview. Process queues As processes enter the system and transition from state to state, they are stored queues. There may be many different.
Lecture 1.2: Linux and networking Roei Ben-Harush 2015.

Lecture 1.2: Linux and networking Roei Ben-Harush 2015.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
WOW NETWORK SIMULATOR Duke Lee, Mustafa Ergen, Jeff Ko WOW WOW UC Berkeley UC Berkeley.

WOW NETWORK SIMULATOR Duke Lee, Mustafa Ergen, Jeff Ko WOW WOW UC Berkeley UC Berkeley.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 TCP/IP Stack Introduction: Looking Under the Hood! Shiv Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 TCP/IP Stack Introduction: Looking Under the Hood! Shiv Kalyanaraman Rensselaer Polytechnic Institute.
Linux Netfilter Code Trace Part1: Iptable 周世中嚴長青.

Linux Netfilter Code Trace Part1: Iptable 周世中嚴長青.
Modular Protocol Architecture Link Layer Protocol Interface Specification Ruchira Datta UC Berkeley WOW Group.

Modular Protocol Architecture Link Layer Protocol Interface Specification Ruchira Datta UC Berkeley WOW Group.
ITINERANT: TCP Socket Migration Titus Winters Dan Berger CS 202: Spring ‘03.

ITINERANT: TCP Socket Migration Titus Winters Dan Berger CS 202: Spring ‘03.
1 I.S. 4123 Introduction to Telecommunication in Business Chapter 6 Network Hardware Components Dr. Jan Clark FALL, 2002.

1 I.S Introduction to Telecommunication in Business Chapter 6 Network Hardware Components Dr. Jan Clark FALL, 2002.
Packet Mangling for Fun & Profit A Brief Intro to Netfilter, User Mode Linux, and the Linux TCP/IP Stack.

Packet Mangling for Fun & Profit A Brief Intro to Netfilter, User Mode Linux, and the Linux TCP/IP Stack.
Firewall Lab Zutao Zhu 02/05/2010. Outline Preliminaries getopt LKM /proc filesystem Netfilter.

Firewall Lab Zutao Zhu 02/05/2010. Outline Preliminaries getopt LKM /proc filesystem Netfilter.
1 Netfilter in Linux Bing Qi Department of Computer Science and Engineering Auburn university.

1 Netfilter in Linux Bing Qi Department of Computer Science and Engineering Auburn university.
Small Form Computing A bump in the wire. The questions ● What can we do with an inexpensive small computer? ● Can we make it a part of a seamless wireless.

Small Form Computing A bump in the wire. The questions ● What can we do with an inexpensive small computer? ● Can we make it a part of a seamless wireless.
Objective 2.01 Test Review Name: Class Period:.

Objective 2.01 Test Review Name: Class Period:.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

Similar presentations

Ads by Google