| Netfilter fire wall in Linux have good code structure so it is easy to maintain and extend it .For going down to principle of linux firewall' s realization, and bring net application to success,the paper have carried an internal research of firewall' s code. The analyse has five period, First, obtain the way of kernel get net data, which make analyse of code easier;secondly, analyse principle of firewall hook in ip protocol stack; later, analyse the core module of firewall to get essential structure of firewall;later, analyse the process of rule added into firewall in kernel to obtaininteractive of kernel and user program;final, analyse iptables to obtain rule of organize in kernel and process added into kernel.On the basement of obtain firewall work principle , the paper used a few technology to extended firewall:first, make custom program to bring about custom rules; secondly, added program in user side to handle the data from kernel side; final, make an ip control program in kernel.To make the extend , the paper made full use of the framework in the open source.
|
PDF Full Text Request