1 / 18

Linux Networking Stack 指導老師 李正帆

8/13 專題報告 許基傑. Linux Networking Stack 指導老師 李正帆. OSI Model. L3. L2. Wire. Wireless. L2 http://www.unixresources.net/linux/clf/linuxK/archive/00/00/14/65/146556.html. Layer 3 ↑ Layer 1 (interrupt). ↑ net_bh () // 處理 queue mark_bh (NET_BH) // mark_bh (NET_BH) 就是激活軟中 net_bh ()

nell
Download Presentation

Linux Networking Stack 指導老師 李正帆

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 8/13 專題報告 許基傑 Linux Networking Stack指導老師李正帆

  2. OSI Model L3 L2 Wire • Wireless

  3. L2http://www.unixresources.net/linux/clf/linuxK/archive/00/00/14/65/146556.htmlL2http://www.unixresources.net/linux/clf/linuxK/archive/00/00/14/65/146556.html Layer 3 ↑ Layer 1 (interrupt) ↑net_bh() //處理queue mark_bh(NET_BH) //mark_bh(NET_BH)就是激活軟中net_bh() ↑backlog (queue) ↑sk_buff netif_rx(skb) ↑sk_buff net_rx(struct device *dev)

  4. L3http://www.lslnet.com/linux/f/docs1/i28/big5226398.htm #include/net/protocol.h ARP #include/net/ipv4/arp.c Structarp_packet_type arp_rcv //receive IP Structip_packet_type ip_rcv //receive inet_add_protocol()#include/net/ipv4/protocol.c structinet_protocol{int (*handler)(structsk_buff *skb, unsigned short len);void (*err_handler)(structsk_buff *skb, unsigned char *dp, intlen);structinet_protocol *next; Layer 2

  5. sk_buffhttp://www.ibm.com/developerworks/linux/library/l-linux-networking-stack/sk_buffhttp://www.ibm.com/developerworks/linux/library/l-linux-networking-stack/ Filter Wireless Packet. Data movement for sockets takes place using a core structure called the socket buffer (sk_buff). An sk_buff contains packet data and also state data that cover multiple layers of the protocol stack. Each packet sent or received is represented with an sk_buff. The sk_buff structure is defined in linux/include/linux/skbuff.h

  6. sk_buff • As shown, multiple sk_buff may be chained together for a given connection. Each sk_buff identifies the device structure (net_device) to which the packet is being sent or from which the packet was received. As each packet is represented with an sk_buff, the packet headers are conveniently located through a set of pointers (th, iph, and mac for the Media Access Control, or MAC, header). Because the sk_buff are central to the socket data management, a number of support functions have been created to manage them. Functions exist for sk_buffcreation and destruction, cloning, and queue management. • Socket buffers are designed to be linked together for a given socket and include a multitude of information, including the links to the protocol headers, a timestamp (when the packet was sent or received), and the device associated with the packet.

  7. The Path of Incoming IP Packets in L3http://fantasymew.pixnet.net/blog/post/25630263 • ip_rcv() 會被呼叫來去處理 封包 • ip_forward() 封包是要轉送 • ip_local_deliver() 處理要送給本機端的封包 • ip_output() 封包要往外傳輸 • Layer 4 TCP • tcp_v4_rcv

  8. Netfilteriptables

  9. Packet filtering • History • Linux kernel 1.1 filtering function from ipfw(BSD) • Linux kernel 2.0 ipfwadm [userspace] • Linux kernel 2.2 ipchains • Linux kernel 2.4 iptables

  10. What difference iptables Userspace Rule Kernel netfilter

  11. Rulehttp://www.netfilter.org/documentation/HOWTO/cn/packet-filtering-HOWTO-7.htmlRulehttp://www.netfilter.org/documentation/HOWTO/cn/packet-filtering-HOWTO-7.html • One rule – One operation • Accept • Drop • Queue (make a copy to userspace) • Return • Maintain • Append (-A) • Delete (-D) • Insert (-I) • Replace (-R) chains

  12. iptables – 5 chainshttp://ms.ntcb.edu.tw/~steven/article/iptables.htm ip_rcv() ip_forward() ip_local_deliver()  ip_output()

  13. iptables – 5 chains • PREROUTING封包進入網路卡介面的時候 • POSTROUTING封包即將離開網路介面的時候 • FORWARD封包在轉送的時候,如(從 A 到 B 網段) • INPUT到達本機的封包 • OUTPUT離開本機的封包

  14. filter table

  15. nat table

  16. mangle table

  17. Objective • Detect P2P Media pattern • Re-routing P2P packet via NAT • Differentiate wire/wireless packet • Differentiate WLAN client

  18. Ref • iptables • http://www.netfilter.org/projects/iptables/index.html

More Related