Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Networking Stack 指導老師 李正帆

Similar presentations


Presentation on theme: "Linux Networking Stack 指導老師 李正帆"— Presentation transcript:

1 Linux Networking Stack 指導老師 李正帆
8/13 專題報告 許基傑

2 OSI Model L3 L2 Wire Wireless

3 L2 http://www. unixresources
Layer 3 ↑ Layer 1 (interrupt) ↑ net_bh() //處理queue mark_bh(NET_BH) // mark_bh(NET_BH)就是激活軟中net_bh() ↑backlog (queue) ↑sk_buff netif_rx(skb) net_rx(struct device *dev)

4 L3 http://www.lslnet.com/linux/f/docs1/i28/big5226398.htm
#include/net/protocol.h ARP #include/net/ipv4/arp.c Struct arp_packet_type arp_rcv //receive IP Struct ip_packet_type ip_rcv //receive inet_add_protocol () #include/net/ipv4/protocol.c struct inet_protocol  { int (*handler)(struct sk_buff *skb, unsigned short len); void (*err_handler)(struct sk_buff *skb, unsigned char *dp, int len); struct inet_protocol *next; Layer 2

5 sk_buff http://www. ibm
Filter Wireless Packet. Data movement for sockets takes place using a core structure called the socket buffer (sk_buff). An sk_buff contains packet data and also state data that cover multiple layers of the protocol stack. Each packet sent or received is represented with an sk_buff. The sk_buff structure is defined in linux/include/linux/skbuff.h

6 sk_buff As shown, multiple sk_buff may be chained together for a given connection. Each sk_buff identifies the device structure (net_device) to which the packet is being sent or from which the packet was received. As each packet is represented with an sk_buff, the packet headers are conveniently located through a set of pointers (th, iph, and mac for the Media Access Control, or MAC, header). Because the sk_buff are central to the socket data management, a number of support functions have been created to manage them. Functions exist for sk_buffcreation and destruction, cloning, and queue management. Socket buffers are designed to be linked together for a given socket and include a multitude of information, including the links to the protocol headers, a timestamp (when the packet was sent or received), and the device associated with the packet.

7 The Path of Incoming IP Packets in L3 http://fantasymew. pixnet
ip_rcv()   會被呼叫來去處理 封包 ip_forward() 封包是要轉送 ip_local_deliver() 處理要送給本機端的封包  ip_output() 封包要往外傳輸 Layer TCP tcp_v4_rcv

8 Netfilter iptables

9 Packet filtering History
Linux kernel 1.1 filtering function from ipfw(BSD) Linux kernel 2.0 ipfwadm [userspace] Linux kernel 2.2 ipchains Linux kernel 2.4 iptables

10 iptables Userspace Kernel netfilter
What difference iptables Userspace Rule Kernel netfilter

11 Rule http://www. netfilter
One rule – One operation Accept Drop Queue (make a copy to userspace) Return Maintain Append (-A) Delete (-D) Insert (-I) Replace (-R) chains

12 iptables – 5 chains http://ms.ntcb.edu.tw/~steven/article/iptables.htm
ip_rcv()   ip_forward() ip_local_deliver()   ip_output()

13 iptables – 5 chains PREROUTING 封包進入網路卡介面的時候 POSTROUTING 封包即將離開網路介面的時候
FORWARD 封包在轉送的時候,如(從 A 到 B 網段) INPUT 到達本機的封包 OUTPUT 離開本機的封包

14 filter table

15 nat table

16 mangle table

17 Objective Detect P2P Media pattern Re-routing P2P packet via NAT
Differentiate wire/wireless packet Differentiate WLAN client

18 Ref iptables


Download ppt "Linux Networking Stack 指導老師 李正帆"

Similar presentations


Ads by Google