|
Notes
Log
Document
Source
Jeremiah
Porter
Jim
IP Filter
ipf Man Page
|
| April
29, 1999 |
- Continued working on added filtering
- We want to be able to allow or deny a port on a
host. Jim thinks he's got it.
- We'll create a struct that we can use to store
the filter entries.
struct filter_info {
int rule; /* Allow or Deny packet */
struct in_addr host; /* Filter by host */
int protocol; /* What kind of IP packet */
u_short service; /* For TCP */;
struct filter_info *next;
};
|
| April
28, 1999 |
- Got choking working. JJ spend most of today
working on:
- Commented code, improved readability
- Put in structure for calculating bandwidth.
(Timers, accumulators, etc)
- Able to create ICMP_SQUENCH packet and send it.
(It actually shows up in a tcpdump!)
- Jim and Porter spend the day working on
Filtering.
- We want to be able to specify what to filter on
in a configuration file
- Here's the specification of a filter entry:
[allow|deny]
[[host all|<ipaddr>] |
[protocol all|<protocol>
[service all|<service>]
]
]
- Here's an example entry list:
- deny host all
- allow host 159.28.51.2
- allow protocol tcp service telnet
- deny protocol snmp
|
| April
15, 1999 |
- Read over ip_input.c
- Figured out where and how to drop packets and
where our code should go.
- How do we make a ticker/counter?
- How do we make an ICMP packet?
|
| April
14, 1999 |
- Jim and JJ started writing code.
- Added ip_choke sysctl variable in kerel
- Created shell kernel module
|
| April
13, 1999 |
- Researched possible methods for adding kernel
modules
- Discovered robust packet filtering capabilities
already in FreeBSD's 3.1 kernel (can we just add the choking here?)
|
| April
5, 1999 |
- Upgraded Magellan to FreeBSD 3.1
- Included all of the kernel source
|
| April
1, 1999 |
- Porter researched how
existing router hardware handles network overload and saturation.
|
|
|
|