Post on 14-Apr-2017
SEAN
Network Device Development
PART 5 – Firewall 104: Packet Splitter
Sean
• Developer
• erinus.startup@gmail.com
• https://www.facebook.com/erinus
GitHub
https://github.com/erinus/NetworkDeviceDevelopment
Read Me
It is a series of training. If you have no experience on kernel module development, you must view
other presentations.
1. Network Device Development - Part 1: Switchhttp://www.slideshare.net/erinus/network-device-development-part-1-switch
2. Network Device Development - Part 2: Firewall 101http://www.slideshare.net/erinus/network-device-development-part-2-firewall-101
3. Network Device Development - Part 3: Firewall 102 ~ IP Filterhttp://www.slideshare.net/erinus/network-device-development-part-3-firewall-102-ip-filter
4. Network Device Development - Part 4: Firewall 103 ~ Protocol Filter & Payload Filter & Payload Modifierhttp://www.slideshare.net/erinus/network-device-development-part-4-firewall-103-protocol-filter-payload-filter-payload-modifier
First Packet Splitter
IP Fragmentation
IP Header
TCP Header
TCP Payload
IP Fragmentation
IP Header
TCP Header
TCP Payload
IP Header
TCP Header
TCP Payload
IP Header
TCP Payload
IP Fragmentation
IP Header
TCP Header
TCP Payload
IP Header
TCP Header
TCP Payload
IP Header
TCP PayloadIP_MF
IP_DF
IP Fragmentation
IP Header
TCP Header
TCP Payload
IP Header
TCP Header
TCP Payload
IP Header
TCP Payload
re-calculate checksum re-calculate checksum
Modify main.c
Modify main.c
Modify main.c
Install
$ make
$ make install
$ dmesg
Test your Firewall
Create HTTP Server on CLIENT of VMnet3
$ sudo python server.py
Test on CLIENT of VMnet2
Open Web Browser and connect:
1. http://192.168.103.128/ Success
2. http://192.168.103.128/test Success
3. http://192.168.103.128/song Success
Module Disabled
Module Disabled
Module Enabled
Module Enabled
Module Enabled
Module Enabled
Module Enabled
Next Part
Firewall 201