Linux Firewall program Design

Source: Internet
Author: User
Tags function prototype firewall linux

Famous commercial websites such as Yahoo, EBay, CNN.com, Amazon, Buy.com and E*trade have been attacked continuously by hackers, causing a loss of 1 billion of billions of dollars, and once again sounded the alarm that the network is unsafe. As a mechanism of enforcing access control between network and system, firewall is an important means to ensure network security. At present, a variety of commercial products in the community firewall is very much, the function is mostly very strong. We do not care about the price of these firewall products, because they focus on the development of the design process is the universality of the product, compatibility, consider more market and profit, so for some special application is not necessarily appropriate. If the user can according to their actual needs, the firewall design of the general theory and methods with their own system of concrete practice, design some small and fine, fine and strong firewall program, it can often play a more than a large price to buy a common type of firewall better role.

Because of the limitation of space, this paper is impossible to discuss the general theory and structure of the firewall, so the design method of firewall program is illustrated by the example of Linux system.

First, the Linux network from the point of view of programming

Writing a firewall program does not necessarily require a deep understanding of the Linux network kernel, just need to understand in the network kernel has such a mechanism, that is, the kernel can automatically invoke the user to write a firewall program, and according to the results of the firewall program returned to determine the network to send and receive datagram processing strategies.

Ii. How to register your own firewall program in the kernel

We already know that the kernel automatically invokes user-written firewall programs in the network layer. However, one prerequisite is that the user must correctly register the firewall program they have written to the kernel.

The kernel provides a registry and uninstall function for the firewall, Register_firewall and Unregister_firewall, respectively, see FIREWALL.C.

1, Register_firewall

The function prototype is as follows:

int register_firewall (int pf,struct firewall_ops *FW)

Return Value: 0 represents success, less than 0 indicates unsuccessful.

Parameters:

* The agreement Mark PF, the main value and its representative agreement as follows:

2 represents the Ipv4 protocol, 4 represents the IPX protocol, and 10 represents the Ipv6 protocol.

* The parameter structure FW is defined as follows:

struct firewall_ops{

struct Firewall_ops *next;

Int (*fw_forward) (struct firewall_ops *this, int pf,

struct device *dev, void *phdr, void *arg, struct sk_buff);

Int (*fw_input) (struct firewall_ops *this, int pf,

struct device *dev, void *phdr, void *arg, struct sk_buff);

Int (*fw_output) (struct firewall_ops *this, int pf,

struct device *dev, void *phdr, void *arg, struct sk_buff);



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.