Re: how ipfw firewall is implemented in the kernel
Thanks a lot! That was really very helpful!!! On Wed, Jan 14, 2009 at 1:42 PM, Max Laier wrote: > On Wednesday 14 January 2009 18:32:07 Biks N wrote: >> Hi, >> >> Can anyone please help me understand how the IPFW firewall is >> implemented in the kernel. >> >> I have created new ACTIONS in ipfw. I have already implemented in the >> userland. >> >> Now i need to check the IPFW rule list (in ip_input.c and in >> ip_output.c) and call a custom routine if there is a match to those >> rules. >> >> I would really appreciate if anyone could point me to right >> direction/reference. > > ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for > calls to pfil_run_hooks() in the respective files). > > From there the call path goes on to the ipfw_check_* functions defined in > netinet/ip_fw_pfil.c > > Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and > where you should add your required processing. > > -- > /"\ Best regards, | mla...@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mla...@efnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
how ipfw firewall is implemented in the kernel
Hi, Can anyone please help me understand how the IPFW firewall is implemented in the kernel. I have created new ACTIONS in ipfw. I have already implemented in the userland. Now i need to check the IPFW rule list (in ip_input.c and in ip_output.c) and call a custom routine if there is a match to those rules. I would really appreciate if anyone could point me to right direction/reference. thanks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Need to optimize cutstom kernel hacks
Hi, To get started with FreeBSD kernel, I have been working on IP Packet compression. After numerous crashes and failures now everything looks good and stable. I am using kernel zlib routines to compress payload. However I think my implementation is not efficient at all. Here are the steps I am doing for compression: 1. copy Payload to empty buffer using m_copydata() function 2. call deflateInit2 () for deflate initialization 3. call deflate() for actual compression 4. copy the compressed data in buffer back to Payload I have to go through all above 4 steps for each packet! I think it will be lot faster and efficient if: * Somehow get away with deflateinit2() each time for each packet. * I can get to Payload pointer without using m_copydata() so that I don't need to copy data back and forth. Looking for your valuable suggestions and tips :) Bikrant ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
Please ignore my previous post. I was having problem because I didn't allocate memory to my_data_copy. Also, the correct usage is: m_copydata( m, 0, m->m_pkthdr.len , (caddr_t) my_data_copy); thanks On Tue, Feb 12, 2008 at 12:05 PM, Biks N <[EMAIL PROTECTED]> wrote: > Hi, thanks to everyone for providing me with different ideas. > > First I am trying to use m_copydata() method because I think it will > be easy for me to copy data back and forth (using m_copydataback() ). > > But right now I am having problem using m_copydata() function. > > I want to copy data in all mbufs (only payload but no tcp/ip header) > except the first Mbuf in chain. > If payload is small enough to fit within 1st mbuf then I don't need that > either. > > I am getting kernel panic ( please see below). > I can see custom message "Starting m_copydata()" in log file. > So I assume the problem is due to incorrect parameter in m_copydata(). > > > here is the sample of code I am trying to use: > > // >caddr_t my_data_copy = NULL; > > > /* check if m_len < m_pkthdr.len */ > > if ( m->m_len < m->m_pkthdr.len ) { > > /* copy data if there are more than 1 Mbufs in Chain */ > log (LOG_DEBUG,"Starting m_copydata() \n"); > > m_copydata( m, m->m_len , m->m_pkthdr.len - m->m_len , my_data_copy); > > log (LOG_DEBUG,"%d Byte of Data copied\n", m->m_pkthdr.len - > m->m_len); > >} >else { > /* skip if there is only 1 MBUF */ > //log (LOG_DEBUG,"There must Only 1 MBUF in chain\n"); >} > // > > > Kernel Panic: > > Feb 12 11:36:09 bsd1 /kernel: Fatal trap 12: page fault while in kernel mode > Feb 12 11:36:09 bsd1 /kernel: fault virtual address = 0x0 > Feb 12 11:36:09 bsd1 /kernel: fault code= supervisor > write, page not present > Feb 12 11:36:09 bsd1 /kernel: instruction pointer = 0x8:0xc024efc2 > Feb 12 11:36:09 bsd1 /kernel: stack pointer = 0x10:0xd15e8d08 > Feb 12 11:36:09 bsd1 /kernel: frame pointer = 0x10:0xd15e8d2c > Feb 12 11:36:09 bsd1 /kernel: code segment = base 0x0, > limit 0xf, type 0x1b > Feb 12 11:36:09 bsd1 /kernel: = DPL 0, pres 1, def32 1, gran 1 > Feb 12 11:36:09 bsd1 /kernel: processor eflags = interrupt enabled, > resume, IOPL = 0 > Feb 12 11:36:09 bsd1 /kernel: current process = 154 (ping) > Feb 12 11:36:09 bsd1 /kernel: interrupt mask= > Feb 12 11:36:09 bsd1 /kernel: > > > I am using "ping -s 1200 host" to send larger packets so that system > creates at least 2 mbufs. > > > > On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote: > > > > > Biks N wrote: > > > Hi, > > > > > > I am new to FreeBSD kernel programming. > > > > > > Currently I am trying to work on mbuf data manupulation. > > > > > > >From my understanding: data (payload) is stored into one or more mufs > > > which are chained together through m_next pointer. > > > > > > Now, I need to retrive all data in mbuf chain ( mbufs linked by > > > m_next). I am working ip_output() in netinet/ip_output.c > > > > > > Does there exist inbuilt function/macro to retrive all the data in mbuf > > > chain? > > > > > > > man 9 mbuf; look for m_copydata. > > > >Sam > > > > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
Hi, thanks to everyone for providing me with different ideas. First I am trying to use m_copydata() method because I think it will be easy for me to copy data back and forth (using m_copydataback() ). But right now I am having problem using m_copydata() function. I want to copy data in all mbufs (only payload but no tcp/ip header) except the first Mbuf in chain. If payload is small enough to fit within 1st mbuf then I don't need that either. I am getting kernel panic ( please see below). I can see custom message "Starting m_copydata()" in log file. So I assume the problem is due to incorrect parameter in m_copydata(). here is the sample of code I am trying to use: // caddr_t my_data_copy = NULL; /* check if m_len < m_pkthdr.len */ if ( m->m_len < m->m_pkthdr.len ) { /* copy data if there are more than 1 Mbufs in Chain */ log (LOG_DEBUG,"Starting m_copydata() \n"); m_copydata( m, m->m_len , m->m_pkthdr.len - m->m_len , my_data_copy); log (LOG_DEBUG,"%d Byte of Data copied\n", m->m_pkthdr.len - m->m_len); } else { /* skip if there is only 1 MBUF */ //log (LOG_DEBUG,"There must Only 1 MBUF in chain\n"); } // Kernel Panic: Feb 12 11:36:09 bsd1 /kernel: Fatal trap 12: page fault while in kernel mode Feb 12 11:36:09 bsd1 /kernel: fault virtual address = 0x0 Feb 12 11:36:09 bsd1 /kernel: fault code= supervisor write, page not present Feb 12 11:36:09 bsd1 /kernel: instruction pointer = 0x8:0xc024efc2 Feb 12 11:36:09 bsd1 /kernel: stack pointer = 0x10:0xd15e8d08 Feb 12 11:36:09 bsd1 /kernel: frame pointer = 0x10:0xd15e8d2c Feb 12 11:36:09 bsd1 /kernel: code segment = base 0x0, limit 0xf, type 0x1b Feb 12 11:36:09 bsd1 /kernel: = DPL 0, pres 1, def32 1, gran 1 Feb 12 11:36:09 bsd1 /kernel: processor eflags = interrupt enabled, resume, IOPL = 0 Feb 12 11:36:09 bsd1 /kernel: current process = 154 (ping) Feb 12 11:36:09 bsd1 /kernel: interrupt mask= Feb 12 11:36:09 bsd1 /kernel: I am using "ping -s 1200 host" to send larger packets so that system creates at least 2 mbufs. -------- On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote: > > Biks N wrote: > > Hi, > > > > I am new to FreeBSD kernel programming. > > > > Currently I am trying to work on mbuf data manupulation. > > > > >From my understanding: data (payload) is stored into one or more mufs > > which are chained together through m_next pointer. > > > > Now, I need to retrive all data in mbuf chain ( mbufs linked by > > m_next). I am working ip_output() in netinet/ip_output.c > > > > Does there exist inbuilt function/macro to retrive all the data in mbuf > > chain? > > > > man 9 mbuf; look for m_copydata. > >Sam > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: retrive data from mbuf chain
On Feb 7, 2008 3:26 PM, Sam Leffler <[EMAIL PROTECTED]> wrote: > > Biks N wrote: > > Hi, > > > > I am new to FreeBSD kernel programming. > > > > Currently I am trying to work on mbuf data manupulation. > > > > >From my understanding: data (payload) is stored into one or more mufs > > which are chained together through m_next pointer. > > > > Now, I need to retrive all data in mbuf chain ( mbufs linked by > > m_next). I am working ip_output() in netinet/ip_output.c > > > > Does there exist inbuilt function/macro to retrive all the data in mbuf > > chain? > > > > man 9 mbuf; look for m_copydata. m_copydata(mbuf, offset, len, buf) Will it copy data from entire "mbuf chain" or just from the current mbuf ? Thanks for your help > >Sam > > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
retrive data from mbuf chain
Hi, I am new to FreeBSD kernel programming. Currently I am trying to work on mbuf data manupulation. >From my understanding: data (payload) is stored into one or more mufs which are chained together through m_next pointer. Now, I need to retrive all data in mbuf chain ( mbufs linked by m_next). I am working ip_output() in netinet/ip_output.c Does there exist inbuilt function/macro to retrive all the data in mbuf chain? thanks in advance :) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Using userland library in Kernel
Thanks to everyone :) On 8/8/07, Craig Boston <[EMAIL PROTECTED]> wrote: > On Wed, Aug 08, 2007 at 11:23:25AM -0500, Biks N wrote: > > I am new to FreeBSD kernel programming and I am trying to use userland > > library (zlib) in FreeBSD kernel. But I am not sure if zlib library is > > linkable from the kernel. > > Normally, no, you can't just link in a library designed for userland > into the kernel. Some porting is required to deal with the kernel > environment -- things such as not having a full C library available, > different memory management, etc. > > In this case however, there is already a zlib implementation in the > kernel. IIRC, geom_uzip and the crypto framework both use it. > > You may want to check out sys/net/zlib.[ch] and see if it can do what > you're after. You'll need to make sure to include a dependency on the > zlib module and/or add it to your kernel configuration. > > Good luck, > Craig > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Using userland library in Kernel
Hi, I am new to FreeBSD kernel programming and I am trying to use userland library (zlib) in FreeBSD kernel. But I am not sure if zlib library is linkable from the kernel. I would really appreciate if someone can point me to right direction. I am using 6.2-RELEASE. thanks Biks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"