[buug] Theorizing data structures behind unix utilities
Bob Read
unixjavabob at yahoo.com
Fri Jun 7 12:11:55 PDT 2002
> > I propose we continue along this vein...by
> > theorizing the data structures behind "ipchains".
OK...here's my guess:
1) IPChains nas 3 types of rules. We need a place to
hold the rules and a fast way to find out which rules
are applicable:
name: input chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable input chain
rules
name: forward chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable forward
chain rules
name: output chains
type: hashtable
holds: Network Number -> rule number
purpose: matches incoming IP to applicable output
chain rules
2) We need a place to store the rules
name: rules linked list
type: linked list
holds: struct {rule_number, chain_name, chain_order,
rule}
purpose: holds all rules for all chains
3) We need fast ways of converting IPs for
"masquerade":
name: outbound masqueraded IPs
type: hashtable
holds: IP inbound -> IP outbound
purpose: lookup outbound masqueraded IP Addresses
name: inbound masqueraded IPs
type: hashtable
holds: IP outbound -> IP inbound
purpose: lookup inbound masqueraded IP Addresses
4) We need a fast way to make the "decision to
forward or route locally", which is based on a routing
table
name: routing table
type: hashtable
holds: Network Number -> routing decision
purpose: decide to forward or "route local"
=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
More information about the buug
mailing list