Topic
  • 2 replies
  • Latest Post - ‏2012-06-18T09:45:25Z by flodstrom
RockTillDie
RockTillDie
3 Posts

Pinned topic AIX STREAMS driver question

‏2011-03-16T03:02:12Z |
Hi all,

I have a AIX kernel STREAMS question need your help,
I need to implement a firewall on AIX and get packet raw data then decide pass or drop it,
I've seen similiar firewall code on HP-UX,
on HP-UX, you have to implement a "dlpi STREAMS driver", and specify it as a "dlpi" driver in metadata,
then you can get the packet in your STREAMS driver's read and write callback function just like below sample driver.

I found following sample code in IBM site,

#include <errno.h>
#include <sys/stream.h>
static int passclose(), passopen
(), passrput(), passwput();
static struct module_info minfo = { 0, "pass", 0, INFPSZ, 2048, 128 };
static struct qinit rinit = { passrput, 0, passopen, passclose, 0, &minfo };
static struct qinit winit = { passwput, 0, 0, 0, 0, &minfo };
struct streamtab passinfo = { &rinit, &winit };
static int
passclose (queue_t *q)
{
return 0;
}
static int
passopen (queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
{
return 0;
}
static int
passrput (queue_t *q, mblk_t *mp)
{
putnext(q, mp);
return 0;
}
static int
passwput (queue_t *q, mblk_t *mp)
{
putnext(q, mp);
return 0;
}

But I have two question
(1) I don't know how to register this sample driver as a dlpi driver on AIX,
Do I have to specify something in struct module_info? But seems there's no module_info declaration on website, where can I get it?
or do I need specify something when call strload?

(2) Writing a dlpi STREAS driver to hook network packet on AIX is a feasible way as a firewall?

Thanks a lot for your information.

Ryan
Updated on 2012-06-18T09:45:25Z at 2012-06-18T09:45:25Z by flodstrom
  • SystemAdmin
    SystemAdmin
    549 Posts

    Re: AIX STREAMS driver question

    ‏2012-06-17T04:00:29Z  
    i have the same problem,How to develop a firewall on aix
  • flodstrom
    flodstrom
    57 Posts

    Re: AIX STREAMS driver question

    ‏2012-06-18T09:45:25Z  
    i have the same problem,How to develop a firewall on aix
    If you want a firewall in AIX why not using IPfilter?

    If you really want to implement your own firewall using STREAMS, have you looked at the strload man page?