Difference between revisions of "GSOC2009Netfilter"

From Nsnam
Jump to: navigation, search
(NF_INET_LOCAL_IN)
(NF_INET_PRE_ROUTING)
Line 12: Line 12:
  
 
<pre>netfilter.ProcessHook ((uint8_t)1, NF_INET_PRE_ROUTING, packet, device, device);</pre>
 
<pre>netfilter.ProcessHook ((uint8_t)1, NF_INET_PRE_ROUTING, packet, device, device);</pre>
 +
 +
The above method belongs to '''Ipv4Netfilter''' class which implement core functionality of the netfilter framework. This method hands over the packet to the netfilter framework. Each of the hooks is actually a callback chain implemented by the class '''NetfilterCallbackChain'''.
  
 
The first argument is the protocol family, which is just 1 right now. Later on, this can be changed to PF_INET and PF_INET6 for IPv4 and IPv6 respectively. The second argument denotes the hook number, third is the packet that should traverse this hook, fourth and fifth arguments indicate the incoming and outgoing NetDevice for this packet. These arguments may be NULL depending on which hook is considered. The last argument is by default a NULL callback that returns an unsigned int and has one argument which is the packet. This is termed as the '''ContinueCallback'''. We will talk about this when callback chains are introduced.
 
The first argument is the protocol family, which is just 1 right now. Later on, this can be changed to PF_INET and PF_INET6 for IPv4 and IPv6 respectively. The second argument denotes the hook number, third is the packet that should traverse this hook, fourth and fifth arguments indicate the incoming and outgoing NetDevice for this packet. These arguments may be NULL depending on which hook is considered. The last argument is by default a NULL callback that returns an unsigned int and has one argument which is the packet. This is termed as the '''ContinueCallback'''. We will talk about this when callback chains are introduced.

Revision as of 20:58, 27 July 2009

Hooks

Hooks are places in the IP stack where a packet is handed over to the netfilter framework. There are five such places.

NF_INET_PRE_ROUTING

When a packet is received by a node, this hook is the first one to receive the packet. As the name implies, an incoming packet is processed by this hook even before a routing decision determines whether or not the packet is destined for the current node.

In case of destination Network Address Translation, the destination IP address should be changed at this hook so that the routing decision can send the packet to the correct interface.

In the ns-3 IP stack, this hook is placed in Ipv4L3Protocol::Receive method.

netfilter.ProcessHook ((uint8_t)1, NF_INET_PRE_ROUTING, packet, device, device);

The above method belongs to Ipv4Netfilter class which implement core functionality of the netfilter framework. This method hands over the packet to the netfilter framework. Each of the hooks is actually a callback chain implemented by the class NetfilterCallbackChain.

The first argument is the protocol family, which is just 1 right now. Later on, this can be changed to PF_INET and PF_INET6 for IPv4 and IPv6 respectively. The second argument denotes the hook number, third is the packet that should traverse this hook, fourth and fifth arguments indicate the incoming and outgoing NetDevice for this packet. These arguments may be NULL depending on which hook is considered. The last argument is by default a NULL callback that returns an unsigned int and has one argument which is the packet. This is termed as the ContinueCallback. We will talk about this when callback chains are introduced.

NF_INET_LOCAL_IN

The incoming packets that have the destination IP address of the node receiving the packet traverse this hook. Typically, this happens after the routing decision determines that the packet is destined for the node. In this case, Ipv4L3Protocol::LocalDeliver is invoked. Therefore, this hook is placed inside this method.

Callback<uint32_t, Ptr<Packet> > ccb = MakeCallback (&Ipv4Netfilter::NetfilterConntrackConfirm, &netfilter);
netfilter.ProcessHook ((uint8_t)1, NF_INET_LOCAL_IN, pkt, device, device, ccb); 

ccb above is the ContinueCallback which will be discussed in detail later on. The next line calls is the actual hook where packet is handed over to the netfilter framework.

NF_INET_FORWARD

This is meant for packets that are destined for nodes other than the one currently receiving the packet. Packets will traverse this hook if the node receiving the packet is acting as a router. Currently, this hook has not been added to the ns-3 IP stack.

NF_INET_LOCAL_OUT

Packets that are created and sent out by a node traverse this hook. This is only meant for outgoing packets. This hook is placed before a routing decision has been made regarding an outgoing packet. ransla

NF_INET_POST_ROUTING

This is the last hook on the outgoing path. Outgoing packets traverse this hook after a routing decision has been made. Source Network Address Translation (SNAT) is performed at this hook.