Netfilter Hooks

Netfilter is a subsystem in the Linux 2.4 kernel. Netfilter provides an generic and abstract interface to the standard routing code. This is currently used in Linux kernel for packet filtering, mangling, NAT(network address translation) and queuing packets to the userspace.I have been using netfilters in my final year project(in VoIP security) as a packet capture mechanism.Netfilter makes connection tracking possible through the use of various hooks in the kernel’s network code.

These hooks are places that kernel code, either statically built or in the form of a loadable module, can register functions to be called for specific network events. An example of such an event is the reception of a packet.

Linux , since 2.4,  supports hooks for IPv4 and IPv6. Netfilter defines five hooks for IPv4. The declaration of the symbols for these can be found in “linux/netfilter_ipv4.h”. These hooks are displayed in the table below:

Hook	Called at
NF_IP_PRE_ROUTING	After sanity checks, before routing decisions.
NF_IP_LOCAL_IN	After routing decisions if packet is for this host.
NF_IP_FORWARD	If the packet is destined for another interface.
NF_IP_LOCAL_OUT	Packets coming from local processes on their way out.
NF_IP_POST_ROUTING	Just before outbound packets “hit the wire”.

The NF_IP_PRE_ROUTING hook, called as the first hook after a packet has been received, has been used for packet capture in this project. The following diagrams diagrammatically represents where exactly does each of these hooks operate at.

At any of these hooks we can define Callback functions which act as handler routines. These functions are invoked when the corresponding network event occurs. Now the fate of the packet is determined by the return code of the hook function. Various return codes available are:

Return Code	Meaning
NF_DROP	Discard the packet.
NF_ACCEPT	Keep the packet.
NF_STOLEN	Forget about the packet.
NF_QUEUE	Queue packet for userspace.
NF_REPEAT	Call this hook function again.

The NF_DROP return code means that this packet should be dropped completely and any resources allocated for it should be released. NF_ACCEPT tells Netfilter that so far the packet is still acceptable and that it should move to the next stage of the network stack. NF_STOLEN is an interesting one because it tells Netfilter to “forget” about the packet. What this tells Netfilter is that the hook function will take processing of this packet from here and that Netfilter should drop all processing of it. This does not mean, however, that resources for the packet are released. The packet and it’s respective sk_buff structure are still valid, it’s just that the hook function has taken ownership of the packet away from Netfilter. Unfortunately I’m not exactly clear on what NF_QUEUE really does so for now I won’t discuss it. The last return value, NF_REPEAT requests that Netfilter calls the hook function again. Obviously one must be careful using NF_REPEAT so as to avoid an endless loop.

I will try to add more details on the same with sample codes in my future posts.

PS: The post contains adopted contents. Content was actually prepared for the project documentation purpose.

Ubuntu 9.04 – a replacement for Windows???

Finally the much awaited Ubuntu 9.04 has released. Although I didnt yet install and use it, I hearing a lot of noise about it, especially as a total replacement to Windows. One thing I am hearing the most is about the speed, and a faster loading time. I am really dying to compare it with the new Windows 7 RC1. But the rest of the stuff I hear are all based on some new applications that are bundled along with it. Like a new media player that can automatically download the subtitles from “open”subtitles.com and a package manager that can take a backup copy of all the packages and even perform an offline installation similar to apt-get.  But this package manager is still way below the windows counterpart where you install an application with just one button click.

The look and feel thing, from what I have seen, I feel the UI of windows 7 (i have been using the beta for sometime) is far better than that of Ubuntu.. W7 interface makes a lot of things easier to do..like connecting to network directly from the tray and those cool transparency effects. With that default themes of both, I felt like i went straight to the Sahara desert after my vacation in Bahamas.

But one major problem I am gonna have with Ubuntu is the lack of drivers…especially the graphics and sound drivers…I am having an nVidia 8600 GT graphics card and a creative audigy sound card to help play my Altec lansing. Ubuntu disappoints big time. Afterall all the money I saved on replacing windows with Ubuntu is lost counting the money I spent on these hardwares which are now nothing more than just sitting ducks. Thanks my speakers are having a stereo mode for atleast I can hear some sound,though very feeble.

And the gtalk..I live in Gtalk…whatever complaints they say about the little gadget from Google, I cant live without it..Now the only way continue using gtalk is to use something like Pidgin..but the bird never really talk..there is no voice support. Heard they are gonna pack it soon, but like most other opensource things, the date is still indefinite. I really wanna talk with my friends..especially when its “free”.

As a Computer Science student,graduating in about a week, I love ubuntu as a developers platform. Most of my projects projects including my final year project was done on Ubuntu. And my final project was actually to modify the kernel itself for performance tweaking. The support forum is good and the response come pretty fast. On the contrary for an authentic windows operating system, that support comes as a part of the bundle you ‘purchased’. And forget about the possiblity of me doing my final project on changing the Windows kernel(may be thats why windows is so stable..he he). Hmm..my friend Anirudh is working in Microsoft, may be he can one day tell me how does a windows kernel look like.And not to forget, they have made considerable enhancements to the kernel by Windows 7, finally coming up with the worlds most compact kernel.

Now lemme come back to where we started. Is 9.04 a complete replacement for windows. Honestly in my opinion, NOT YET. Because still if my mom wants to use a pc surfing the net or if my little brother wants to use my laptop for playing some games , then there is no way I am going to recommend an Ubuntu for them.I will buy them a W7 or a Vista. Ubuntu might be the favourite for all the developer folks,that wud include me too, but considering the common people and their needs, I think Ubuntu has a got a long way to go before u can really consider it as a replacement for windows. Not all people will need to see the kernel code before he starts using it. And the number of those common people who use computers are many many times greater than the number of dev guys around. I wonder why these Ubuntu people forget this simple thing. May be this is where the MS pro’s score over the weekend programmers..

PS: I am not against open source or a die hard fan of Microsoft. I have contributed to open source as well. Please dont misunderstand me.

Tech Trivia #3: System beeps and command history

1. System beeps: Sick of those system beeps.Well then tell them to shut up.Here is the command. Type in the command setterm -blength 0 in the terminal.You will no longer hear a beep in that session. If you dont want to type it all the time, then add it to the system startup as mentioned in trivia#2. Have some peace of mind.

2.Command History: As you all know command history is a handy tool when using a terminal. But sometimes you will notice that the command u are looking for is already gone from the history.Well, to avoid it, you better set the size of the history archive by putting the following in the .bashrc file:

HISTSIZE=999

HISTFILESIZE=999

Oh,if that looks like a too big archive to search for a command,then u can always make use of grep. The command will be like:

history | grep -i str

where str is a part of the command u are looking for. So no more forgotten commands in your life.

PS: You can unset the value of HISTSIZE and HISTFILESIZE to permenantly keep a history of all commands ever used, but its not recommended for obvious reasons.

Tech Trivia #2: Linux Startup

Startup files in Linux: You want to add a command to be executed when the linux system boots. Then here is something you should know.

/etc/profile

systemwide defaults, mostly setting the environment (works on all Bourne-type shells)

/etc/bashrc

systemwide functions and aliases for Bash.Changes made will be affecting all the users.

$HOME/.bash_profile

user-specific Bash environmental default settings, found in each user’s home directory .User specific.

$HOME/.bashrc

user-specific Bash init file, found in each user’s home directory (the local counterpart to /etc/bashrc). Only interactive shells and user scripts read this file.

Logout :

Not just login, logout is also a point at which you would like something to happen

$HOME/.bash_logout

user-specific instruction file, found in each user’s home directory. Upon exit from a login (Bash) shell, the commands in this file execute.

PS: This does not apply to csh, tcsh, and other shells not related to or descended from the classic Bourne shell (sh).

Tech Trivia #1: Linux Command Aliases

1. Typing long commands: If you are repeatedly typing long commands, may be with a lot of parameters, then you should seriously consider using an “alias”. You can create an alias by adding alias newalias=’mycommand –option1 –option 2 –option3 –option4′ to the .bashrc (in /etc/ ).

eg:- alias l1=’ls -l -a’

Now if you type inn l1 it will execute the command.If u want to use more parameters u can use it with the alias as well.For example ‘l1 -p’ wil be treated as ‘ls -l -a -p’. View a sample bashrc.

PS: This does not apply to csh, tcsh, and other shells not related to or descended from the classic Bourne shell (sh).