Netfilter/Iptables Architecture

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi
Currently I am studying the architecture of netfilter/iptables and 
unfortunately I didnt find much information regarding them. Although 
different articles (such as produced by Russel and other authors) have 
given me the idea to dig more into the Linux firewall.

I have three questions related to the architecture of the 
netfilter/iptables; and if any one can answer it in a little bit 
detailed then I will be very grateful.

1) Through the article "The journey of a packet through the Linux 
2.6.10 network stack" by Harald Welte; I have an idea of how packet has 
been traversed and captured by the different NF hooks. Similarly though 
different papers and a book named Understanding LINUX Network 
INTERNALS; I have found the other part i.e. regarding iptables part 
that how the rules are being saved in a link list and how ipt_do_table 
and other functions have been called and do the operations etc. But I 
didnt find the interconnection between the two architectures. I Meant 
to say that e.g. if NF_HOOK using NP_IP_LOCAL_IN has been called in the 
ip_local_deliver function; <---> ipt_hook (which has been registered 
during initialization)  it will call ipt_do_table. There should be a 
bridge which I have tried to discover but didnt find much.

I am thinking now that either my finding is wrong or there is some 
other function calls or message passing between the two architecture.

2) I have first analyzed the code of iptables which comes with the 
standard kernel; in which I have found the detailed code of iptables 
under ip_tables.c iptables_filter.c etc but when I have downloaded the 
new version of iptables from the website; that one is totally different 
from the one implemented in the Linux Kernel. 

Is the code which is on the website is related to the iptables 
implementation in the user space as I have get this information after 
looking different library files in the package which I have downloaded 
from the website.

3) During the reboot of the system; service iptables has been started 
but I didnt find any service/daemon when I have seen the TOP or ps 
command. 
I want to know that when the init.d started the services so when the 
service iptables started; does the script enable the different hooks 
for the iptables to work.

Thanks for the patience for reading my questions. Although I am not new 
to Linux but to the implementation of it on the Kernel level.

Regards
Karim Asif Sattar
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux