Sunday, November 12, 2006

Learning Networking, OpenBSD style

I have only been learning OpenBSD for the past couple of weeks, so I am still eagerly learning how the Networking side of things works.
Until today I have never looked much into pf. I have used IPFW2 and IPF many times, and iptables a bit, but never pf. I started out with the information in the OpenBSD FAQ. I always find that this is a good place to start. Then the man pages available on the subject

Reading: I started out with the OpenBSD FAQ Networking section:
As well as investigating the following pages:
The loop interface is a software loopback mechanism which may be used for performance analysis, software testing, and/or local communication.
The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be monitored in real time by invoking tcpdump(8) on the pflog interface, or stored to disk using pflogd(8).
The sl interface allows serial lines to be used as network interfaces using the slip protocol
The ppp interface allows serial lines to be used as network interfaces using the Point-to-Point Protocol (PPP).
The tun driver provides a network interface pseudo-device. Packets sent to this interface can be read by a userland process and processed as desired.
The enc interface is a software loopback mechanism that allows hosts or firewalls to filter ipsec(4) traffic using pf(4).
The bridge device creates a logical link between two or more Ethernet interfaces or encapsulation interfaces
The vlan Ethernet interface allows construction of virtual LANs when used in conjunction with IEEE 802.1Q-compliant Ethernet devices.
The gre network interface allows tunnel construction using the Cisco GRE or the Mobile-IP (RFC 2004) encapsulation protocols.
The gif interface is a generic tunnelling pseudo-device for IPv4 and IPv6.
The carp interface is a pseudo-device which implements and controls the CARP protocol. carp allows multiple hosts on the same local network to share a set of IP addresses.
tcpdump prints out the headers of packets on a network interface that match the boolean expression.
pflogd is a background daemon which reads packets logged by pf(4) to a pflog(4) interface, normally pflog0, and writes the packets to a logfile (normally /var/log/pflog) in tcpdump(8) binary format.
Packet filtering takes place in the kernel. A pseudo-device, /dev/pf, allows userland processes to control the behaviour of the packet filter through an ioctl(2) interface.
The ioctl() function manipulates the underlying device parameters of special files. In particular, many operating characteristics of character special files (e.g., terminals) may be controlled with ioctl() requests.
The pf(4) packet filter modifies, drops or passes packets according to rules or definitions specified in pf.conf.
altq - kernel interfaces for manipulating output queues on network interfaces


DrMorbius said...

Hey this is really useful. Thank you very much, I find myself really close minded to you :D