So, what is this then?
The idea of FIPRA came to life after using first ipfwadm and then later ipchains to account the traffic flowing through
Obbit Skynet AB's linux routers. The first try with ipfwadm gave me shivers after noting that the routers clock slowed
more than an hour a day due to the load of the accounting. After switching to ipchains it got a bit better, but as the
number of C netblocks increased it too showed signs of excessive load. Thus I started toying with the idea of making a crude
but fast hack into the kernel. The idea was that a packet should only need to pass a very few lines of code, and only a fixed
set of data was of interest, namely the bytes to and from ipnumbers in a fixed range.
I told a couple of friends about this, and then after maybe half a year Peter Hellman nudged me enough to really try to do a kernel hack. So, after a few weeks of posting patches between us, it is actually up and running in a beta version.
The typical thing also happened.. After getting the code working a lot of time went before the documentation and everything else was fixed to a release state.
The basic idea is that we handle all ip numbering in 4 blocks of 8 bits. We then create a table structure, and to then log a packet requires at most 4 lookups (note: all references to ip is for IPv4). In this implementation we do three lookups in tables, and then a straight indexing into the fourth and a write. only one if-statement, and that one is to see if logging is activated, due to the fact the logging is done inside the forwarding layer.
This is the main structure of the fipra logging tables which are accessed for every packet that passes the forwarding layer.
The extra tables to the side are default tables, which does away with the need for conditional checks at every step.
The actual code (v 2000-03-16):
//Roger Abrahamsson & Peter Hellman
