Re: how ipfw firewall is implemented in the kernel
Thanks a lot!
That was really very helpful!!!
On Wed, Jan 14, 2009 at 1:42 PM, Max Laier wrote:
> On Wednesday 14 January 2009 18:32:07 Biks N wrote:
>> Hi,
>>
>> Can anyone please help me understand how the IPFW firewall is
>> implemented in the kernel.
>>
>> I have created new ACTIONS in ipfw. I have already implemented in the
>> userland.
>>
>> Now i need to check the IPFW rule list (in ip_input.c and in
>> ip_output.c) and call a custom routine if there is a match to those
>> rules.
>>
>> I would really appreciate if anyone could point me to right
>> direction/reference.
>
> ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for
> calls to pfil_run_hooks() in the respective files).
>
> From there the call path goes on to the ipfw_check_* functions defined in
> netinet/ip_fw_pfil.c
>
> Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and
> where you should add your required processing.
>
> --
> /"\ Best regards, | mla...@freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mla...@efnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
how ipfw firewall is implemented in the kernel
Hi, Can anyone please help me understand how the IPFW firewall is implemented in the kernel. I have created new ACTIONS in ipfw. I have already implemented in the userland. Now i need to check the IPFW rule list (in ip_input.c and in ip_output.c) and call a custom routine if there is a match to those rules. I would really appreciate if anyone could point me to right direction/reference. thanks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Need to optimize cutstom kernel hacks
Hi, To get started with FreeBSD kernel, I have been working on IP Packet compression. After numerous crashes and failures now everything looks good and stable. I am using kernel zlib routines to compress payload. However I think my implementation is not efficient at all. Here are the steps I am doing for compression: 1. copy Payload to empty buffer using m_copydata() function 2. call deflateInit2 () for deflate initialization 3. call deflate() for actual compression 4. copy the compressed data in buffer back to Payload I have to go through all above 4 steps for each packet! I think it will be lot faster and efficient if: * Somehow get away with deflateinit2() each time for each packet. * I can get to Payload pointer without using m_copydata() so that I don't need to copy data back and forth. Looking for your valuable suggestions and tips :) Bikrant ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
Please ignore my previous post.
I was having problem because I didn't allocate memory to my_data_copy.
Also, the correct usage is:
m_copydata( m, 0, m->m_pkthdr.len , (caddr_t) my_data_copy);
thanks
On Tue, Feb 12, 2008 at 12:05 PM, Biks N <[EMAIL PROTECTED]> wrote:
> Hi, thanks to everyone for providing me with different ideas.
>
> First I am trying to use m_copydata() method because I think it will
> be easy for me to copy data back and forth (using m_copydataback() ).
>
> But right now I am having problem using m_copydata() function.
>
> I want to copy data in all mbufs (only payload but no tcp/ip header)
> except the first Mbuf in chain.
> If payload is small enough to fit within 1st mbuf then I don't need that
> either.
>
> I am getting kernel panic ( please see below).
> I can see custom message "Starting m_copydata()" in log file.
> So I assume the problem is due to incorrect parameter in m_copydata().
>
>
> here is the sample of code I am trying to use:
>
> //
>caddr_t my_data_copy = NULL;
>
>
> /* check if m_len < m_pkthdr.len */
>
> if ( m->m_len < m->m_pkthdr.len ) {
>
> /* copy data if there are more than 1 Mbufs in Chain */
> log (LOG_DEBUG,"Starting m_copydata() \n");
>
> m_copydata( m, m->m_len , m->m_pkthdr.len - m->m_len , my_data_copy);
>
> log (LOG_DEBUG,"%d Byte of Data copied\n", m->m_pkthdr.len -
> m->m_len);
>
>}
>else {
> /* skip if there is only 1 MBUF */
> //log (LOG_DEBUG,"There must Only 1 MBUF in chain\n");
>}
> //
>
>
> Kernel Panic:
>
> Feb 12 11:36:09 bsd1 /kernel: Fatal trap 12: page fault while in kernel mode
> Feb 12 11:36:09 bsd1 /kernel: fault virtual address = 0x0
> Feb 12 11:36:09 bsd1 /kernel: fault code= supervisor
> write, page not present
> Feb 12 11:36:09 bsd1 /kernel: instruction pointer = 0x8:0xc024efc2
> Feb 12 11:36:09 bsd1 /kernel: stack pointer = 0x10:0xd15e8d08
> Feb 12 11:36:09 bsd1 /kernel: frame pointer = 0x10:0xd15e8d2c
> Feb 12 11:36:09 bsd1 /kernel: code segment = base 0x0,
> limit 0xf, type 0x1b
> Feb 12 11:36:09 bsd1 /kernel: = DPL 0, pres 1, def32 1, gran 1
> Feb 12 11:36:09 bsd1 /kernel: processor eflags = interrupt enabled,
> resume, IOPL = 0
> Feb 12 11:36:09 bsd1 /kernel: current process = 154 (ping)
> Feb 12 11:36:09 bsd1 /kernel: interrupt mask=
> Feb 12 11:36:09 bsd1 /kernel:
>
>
> I am using "ping -s 1200 host" to send larger packets so that system
> creates at least 2 mbufs.
>
>
>
> On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote:
> >
>
> > Biks N wrote:
> > > Hi,
> > >
> > > I am new to FreeBSD kernel programming.
> > >
> > > Currently I am trying to work on mbuf data manupulation.
> > >
> > > >From my understanding: data (payload) is stored into one or more mufs
> > > which are chained together through m_next pointer.
> > >
> > > Now, I need to retrive all data in mbuf chain ( mbufs linked by
> > > m_next). I am working ip_output() in netinet/ip_output.c
> > >
> > > Does there exist inbuilt function/macro to retrive all the data in mbuf
> > > chain?
> > >
> >
> > man 9 mbuf; look for m_copydata.
> >
> >Sam
> >
> >
>
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
Hi, thanks to everyone for providing me with different ideas.
First I am trying to use m_copydata() method because I think it will
be easy for me to copy data back and forth (using m_copydataback() ).
But right now I am having problem using m_copydata() function.
I want to copy data in all mbufs (only payload but no tcp/ip header)
except the first Mbuf in chain.
If payload is small enough to fit within 1st mbuf then I don't need that either.
I am getting kernel panic ( please see below).
I can see custom message "Starting m_copydata()" in log file.
So I assume the problem is due to incorrect parameter in m_copydata().
here is the sample of code I am trying to use:
//
caddr_t my_data_copy = NULL;
/* check if m_len < m_pkthdr.len */
if ( m->m_len < m->m_pkthdr.len ) {
/* copy data if there are more than 1 Mbufs in Chain */
log (LOG_DEBUG,"Starting m_copydata() \n");
m_copydata( m, m->m_len , m->m_pkthdr.len - m->m_len , my_data_copy);
log (LOG_DEBUG,"%d Byte of Data copied\n", m->m_pkthdr.len -
m->m_len);
}
else {
/* skip if there is only 1 MBUF */
//log (LOG_DEBUG,"There must Only 1 MBUF in chain\n");
}
//
Kernel Panic:
Feb 12 11:36:09 bsd1 /kernel: Fatal trap 12: page fault while in kernel mode
Feb 12 11:36:09 bsd1 /kernel: fault virtual address = 0x0
Feb 12 11:36:09 bsd1 /kernel: fault code= supervisor
write, page not present
Feb 12 11:36:09 bsd1 /kernel: instruction pointer = 0x8:0xc024efc2
Feb 12 11:36:09 bsd1 /kernel: stack pointer = 0x10:0xd15e8d08
Feb 12 11:36:09 bsd1 /kernel: frame pointer = 0x10:0xd15e8d2c
Feb 12 11:36:09 bsd1 /kernel: code segment = base 0x0,
limit 0xf, type 0x1b
Feb 12 11:36:09 bsd1 /kernel: = DPL 0, pres 1, def32 1, gran 1
Feb 12 11:36:09 bsd1 /kernel: processor eflags = interrupt enabled,
resume, IOPL = 0
Feb 12 11:36:09 bsd1 /kernel: current process = 154 (ping)
Feb 12 11:36:09 bsd1 /kernel: interrupt mask=
Feb 12 11:36:09 bsd1 /kernel:
I am using "ping -s 1200 host" to send larger packets so that system
creates at least 2 mbufs.
--------
On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote:
>
> Biks N wrote:
> > Hi,
> >
> > I am new to FreeBSD kernel programming.
> >
> > Currently I am trying to work on mbuf data manupulation.
> >
> > >From my understanding: data (payload) is stored into one or more mufs
> > which are chained together through m_next pointer.
> >
> > Now, I need to retrive all data in mbuf chain ( mbufs linked by
> > m_next). I am working ip_output() in netinet/ip_output.c
> >
> > Does there exist inbuilt function/macro to retrive all the data in mbuf
> > chain?
> >
>
> man 9 mbuf; look for m_copydata.
>
>Sam
>
>
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote: > > Biks N wrote: > > Hi, > > > > I am new to FreeBSD kernel programming. > > > > Currently I am trying to work on mbuf data manupulation. > > > > >From my understanding: data (payload) is stored into one or more mufs > > which are chained together through m_next pointer. > > > > Now, I need to retrive all data in mbuf chain ( mbufs linked by > > m_next). I am working ip_output() in netinet/ip_output.c > > > > Does there exist inbuilt function/macro to retrive all the data in mbuf > > chain? > > > > man 9 mbuf; look for m_copydata. m_copydata(mbuf, offset, len, buf) Will it copy data from entire "mbuf chain" or just from the current mbuf ? Thanks for your help > >Sam > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
retrive data from mbuf chain
Hi, I am new to FreeBSD kernel programming. Currently I am trying to work on mbuf data manupulation. >From my understanding: data (payload) is stored into one or more mufs which are chained together through m_next pointer. Now, I need to retrive all data in mbuf chain ( mbufs linked by m_next). I am working ip_output() in netinet/ip_output.c Does there exist inbuilt function/macro to retrive all the data in mbuf chain? thanks in advance :) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Using userland library in Kernel
Thanks to everyone :) On 8/8/07, Craig Boston <[EMAIL PROTECTED]> wrote: > On Wed, Aug 08, 2007 at 11:23:25AM -0500, Biks N wrote: > > I am new to FreeBSD kernel programming and I am trying to use userland > > library (zlib) in FreeBSD kernel. But I am not sure if zlib library is > > linkable from the kernel. > > Normally, no, you can't just link in a library designed for userland > into the kernel. Some porting is required to deal with the kernel > environment -- things such as not having a full C library available, > different memory management, etc. > > In this case however, there is already a zlib implementation in the > kernel. IIRC, geom_uzip and the crypto framework both use it. > > You may want to check out sys/net/zlib.[ch] and see if it can do what > you're after. You'll need to make sure to include a dependency on the > zlib module and/or add it to your kernel configuration. > > Good luck, > Craig > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Using userland library in Kernel
Hi, I am new to FreeBSD kernel programming and I am trying to use userland library (zlib) in FreeBSD kernel. But I am not sure if zlib library is linkable from the kernel. I would really appreciate if someone can point me to right direction. I am using 6.2-RELEASE. thanks Biks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
