1. Linux Networking Stack 指導老師 李正帆
8/13 專題報告 許基傑

2. OSI Model L3 L2
Wire
Wireless

3. L2 http://www. unixresources
Layer 3 ↑ Layer 1 (interrupt)
↑ net_bh() //處理queue
mark_bh(NET_BH) // mark_bh(NET_BH)就是激活軟中net_bh()
↑backlog (queue)
↑sk_buff
netif_rx(skb)
net_rx(struct device *dev)

4. L3 http://www.lslnet.com/linux/f/docs1/i28/big5226398.htm
#include/net/protocol.h
ARP #include/net/ipv4/arp.c
Struct arp_packet_type
arp_rcv //receive IP
Struct ip_packet_type
ip_rcv //receive
inet_add_protocol () #include/net/ipv4/protocol.c
struct inet_protocol  { int (*handler)(struct sk_buff *skb, unsigned short len); void (*err_handler)(struct sk_buff *skb, unsigned char *dp, int len); struct inet_protocol *next;
Layer 2

5. sk_buff http://www. ibm
Filter Wireless Packet.
Data movement for sockets takes place using a core structure called the socket buffer (sk_buff). An sk_buff contains packet data and also state data that cover multiple layers of the protocol stack. Each packet sent or received is represented with an sk_buff. The sk_buff structure is defined in linux/include/linux/skbuff.h

6. sk_buff
As shown, multiple sk_buff may be chained together for a given connection. Each sk_buff identifies the device structure (net_device) to which the packet is being sent or from which the packet was received. As each packet is represented with an sk_buff, the packet headers are conveniently located through a set of pointers (th, iph, and mac for the Media Access Control, or MAC, header). Because the sk_buff are central to the socket data management, a number of support functions have been created to manage them. Functions exist for sk_buffcreation and destruction, cloning, and queue management.
Socket buffers are designed to be linked together for a given socket and include a multitude of information, including the links to the protocol headers, a timestamp (when the packet was sent or received), and the device associated with the packet.

7. The Path of Incoming IP Packets in L3 http://fantasymew. pixnet
ip_rcv()   會被呼叫來去處理 封包
ip_forward() 封包是要轉送
ip_local_deliver() 處理要送給本機端的封包
 ip_output() 封包要往外傳輸
Layer TCP
tcp_v4_rcv

8. Netfilter iptables

9. Packet filtering History
Linux kernel 1.1 filtering function from ipfw(BSD)
Linux kernel 2.0 ipfwadm [userspace]
Linux kernel 2.2 ipchains
Linux kernel 2.4 iptables

10. iptables Userspace Kernel netfilter
What difference
iptables
Userspace
Rule
Kernel
netfilter

11. Rule http://www. netfilter
One rule – One operation
Accept
Drop
Queue (make a copy to userspace)
Return
Maintain
Append (-A)
Delete (-D)
Insert (-I)
Replace (-R)
chains

12. iptables – 5 chains http://ms.ntcb.edu.tw/~steven/article/iptables.htm
ip_rcv()  
ip_forward()
ip_local_deliver() 
 ip_output()

13. iptables – 5 chains PREROUTING 封包進入網路卡介面的時候 POSTROUTING 封包即將離開網路介面的時候
FORWARD 封包在轉送的時候，如（從 A 到 B 網段）
INPUT 到達本機的封包
OUTPUT 離開本機的封包

14. filter table

15. nat table

16. mangle table

17. Objective Detect P2P Media pattern Re-routing P2P packet via NAT
Differentiate wire/wireless packet
Differentiate WLAN client

18. Ref
iptables