Firewall lab
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Firewall Lab PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Firewall Lab. Zutao Zhu 02/05/2010. Outline. Preliminaries getopt LKM /proc filesystem Netfilter. Manual Page Package. apt-get install manpages-dev manpages-posix manpages-posix-dev. Header Files. /usr/include/linux /usr/src/linux-headers- 2.6.xx-yy/include/linux

Download Presentation

Firewall Lab

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Firewall lab

Firewall Lab

Zutao Zhu




  • Preliminaries

  • getopt

  • LKM

  • /proc filesystem

  • Netfilter

Manual page package

Manual Page Package

  • apt-get install manpages-dev manpages-posix manpages-posix-dev

Header files

Header Files

  • /usr/include/linux

  • /usr/src/linux-headers-2.6.xx-yy/include/linux

  • ip.h, icmp.h, tcp.h, skbuff.h, …

  • Find out the header files for a function by using man

Byte order

Byte Order


  • Different kinds of computers use different conventions for the ordering of bytes within a word. Some computers put the most significant byte within a word first (this is called “big-endian” order), and others put it last (“little-endian” order).

Byte order1

Byte Order

  • The Internet protocols specify a canonical byte order convention for data transmitted over the network. This is known as network byte order.



  • htonl – unsigned integerfrom host byte order to network byte order

  • htons – unsigned short from host byte order to network byte order

  • ntohl – unsigned integer from network byte order to host byte order

  • ntohs - unsigned short from network byte order to host byte order

Vim hints

Vim hints

  • Use telnet or ssh to login to your ubuntu

  • Before paste, run command :set nocindent




  • header file <unistd.h>

  • int getopt (int argc, char **argv, const char *options)

  • c = getopt (argc, argv, "abc:"))

    • An option character in this string can be followed by a colon (‘:’) to indicate that it takes a required argument.



  • optarg - point at the value of the option argument

  • Get long options

    • struct option long_options[]

    • c = getopt_long (argc, argv, "abc:d:f:", long_options, &option_index);

Firewall lab


  • many elements of the kernel use /proc both to report information and to enable dynamic runtime configuration

  • A virtual file can present information from the kernel to the user and also serve as a means of sending information from the user to the kernel.

  • We can read from or write to a virtual file.

Proc virtual filesystem

/proc virtual filesystem

  • Use “cat” to read, use “echo” to write, or by calling read()/write()

  • struct proc_dir_entry

    • proc_entry->read_proc = fortune_read;

    • proc_entry->write_proc = fortune_write;

  • create_proc_entry()

  • copy_from_user ()

  • remove_proc_entry()

Loadable kernel modules

Loadable Kernel Modules

  • LKMs (when loaded) are very much part of the kernel.

  • How to insert: insmod

  • How to remove: rmmod

  • How to list: lsmod

  • How to check: modinfo

  • How to display output: dmesg

How lkm works

How LKM works?

  • insmod makes an init_module system call to load the LKM into kernel memory.

  • In init_module(), you can create device file or proc virtual file, setup the read or write function for the proc virtual file.

  • rmmodmakes an cleanup_module system call to do the cleanup work.

  • /usr/src/linux-2.6.31/kernel/module.c

How to write a lkm

How to write a LKM?


Lkm example

LKM example

  • Hello world in lab pdf


  • The following slides are modified based on

Our module s organization

Our module’s organization


The module’s ‘payload’



The module’s two required

administrative functions


The get info callback

The ‘get_info()’ callback

  • When an application-program (like ‘mycat’) tries to read our pseudo-file, the kernel will call our ‘get_info()’ function, passing it four function arguments -- and will expect it to return an integer value:

    int get_info( char *buf, char **start, off_t off, int count, int *eof, void *data );

pointer to a kernel buffer

pointer (optional) to module’ own buffer

current file-pointer offset

size of space available in the kernel’s buffer

function should return the number of bytes it has written into its buffer

The sprintf function

The ‘sprintf()’ function

  • The kernel provides a function you module can call to print formatted text into a buffer

  • It resembles a standard C library-function:

    int sprintf( char *dstn, const char *fmt, <arguments> );

pointer to destination

formatting specification string

list of the argument-values to format

will return the number of characters that were printed to the destination-buffer

int len = sprintf( buf, “count = %d \n”, count );


Register unregister


  • Your module-initialization function should ‘register’ the module’s ‘get_info()’ function:

    create_proc_info_entry( modname, 0, NULL);

  • Your cleanup should do an ‘unregister’:

    remove_proc_entry( modname, NULL );

the name for your proc file

the file-access attributes (0=default)

directory where file will reside (NULL=default)

function-pointer to your module’s ‘callback’ routine


file’s name

Makefile for lkm

Makefile for LKM

  • obj-m += fortune.oall:       make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modulesclean:       make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

Utilities for lkm

Utilities for LKM

  • modinfo simple-lkm.ko

  • dmesg | tail -10

    • Check the output of the module







  • NF_IP_LOCAL_IN [2]





When to hook

When to hook?

Netfilter does

Netfilter does

  • NF_ACCEPT: continue traversal as normal.

  • NF_DROP: drop the packet; don't continue traversal.

  • NF_STOLEN: I've taken over the packet; don't continue traversal.

  • NF_QUEUE: queue the packet (usually for userspace handling).

  • NF_REPEAT: call this hook again.



  • struct sk_buff in skbuff.h

  • struct nf_hook_ops in netfilter.h

  • typedef unsigned int nf_hookfn(

    unsigned int hooknum,

    struct sk_buff *skb,

    const struct net_device *in,

    const struct net_device *out,

    int (*okfn)(struct sk_buff *));




Firewall lab


  • Install kernel-source

    • apt-get install kernel-source

  • Extract kernel-source

    • tar -jxvf filename.tar.bz2

  • make oldconfig && make prepare && make modules_prepare

  • apt-get install build-essential linux-headers-`uname -r`













  • Login