[buug] Theorizing data structures behind unix utilities

Bob Read unixjavabob at yahoo.com
Fri Jun 7 12:11:55 PDT 2002


> >    I propose we continue along this vein...by
> > theorizing the data structures behind "ipchains".

OK...here's my guess:

1)  IPChains nas 3 types of rules.  We need a place to
hold the rules and a fast way to find out which rules
are applicable:

name: input chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable input chain
rules

name: forward chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable forward
chain rules

name: output chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable output
chain rules

2)  We need a place to store the rules

name: rules linked list
type: linked list
holds: struct {rule_number, chain_name, chain_order,
rule}
purpose: holds all rules for all chains

3)  We need fast ways of converting IPs for
"masquerade":

name: outbound masqueraded IPs
type: hashtable 
holds: IP inbound -> IP outbound
purpose: lookup outbound masqueraded IP Addresses

name: inbound masqueraded IPs
type: hashtable
holds: IP outbound -> IP inbound
purpose: lookup inbound masqueraded IP Addresses

4)  We need a fast way to make the "decision to
forward or route locally", which is based on a routing
table

name: routing table
type: hashtable
holds: Network Number -> routing decision
purpose: decide to forward or "route local"










=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




More information about the buug mailing list