finally... (was delay firewall) #Warning: longish

Fri, 24 Sep 1999 05:05:27 -0700 

finally managed to make 1st imaplementation of delaying firewall that
doesn't crash the machine if delay is to both directions.

problem was that outgoing packets seem to be easier to handle than
incoming.

I was bit surprised to notice that ip_route_input(...) and
ip_local_deliver(...) were not exported in netsyms and that is why it
needed to be done with returning packet to ip_rcv(...) function which will
go trough firewall list again 

As of now module works only for 1 packet at a time (old one much have been
sent out when next comes in). I probably have to write some wierd list in
which I can store all skb pointers and absolute times at when function
which sends/receives them ought to be called.


Any chance of getting timeouts in linux kernel in addition of timers
(perhaps such could be written as module) ;)

for outgoing it was enough to make
--
void test_out(unsigned long ptr)
{
        struct our_cb_data *pkt = (struct our_cb_data*) ptr;
        struct sk_buff *packet=pkt->skb_packet;
        packet->dst->output(packet);
}
--

as for incoming packets I had to return packets to ip_rcv() function and
check in my module if that packet had alreay been handled by it.
eg.
--------
if(my_stamp.tv_sec == skb->stamp.tv_sec && my_stamp.tv_usec == skb->stamp.tv_usec)
  {
    MY_DEBUG(1,("we already handled this package\n"));
    return FW_ACCEPT;
  }
else
  {
    MY_DEBUG(1,("new package to worry about\n"));
    my_stamp.tv_sec = skb->stamp.tv_sec;
    my_stamp.tv_usec = skb->stamp.tv_usec;
  }

-------
before I passed it on to function which I added in timer.
--
void test_in(unsigned long ptr)
{
  struct our_cb_data *pkt = (struct our_cb_data*) ptr;
  struct sk_buff *packet=pkt->skb_packet;

  if(packet)
    {
      MY_DEBUG(1,("packet exists\n"));
      if(packet->dst == NULL)
      {
        if (ip_rcv(packet, pkt->dev, 0))
                MY_DEBUG(1,("something\n"));
        else
                MY_DEBUG(1,("zero\n"));
        return 0;
      }
    }
  else
    MY_DEBUG(1,("packet has disappeared\n"));
}
--


-- 
Janne P�nk�l�         (linuxhackerwannabe)
When removing the impossible (machine crashes) what ever remains no matter
how improbable must be the truth (machine stays up)


-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to