[lug] dumb q....echo 1?

rm at fabula.de rm at fabula.de
Thu Apr 4 04:26:43 MST 2002


On Thu, Apr 04, 2002 at 07:36:01AM +0000, j davis wrote:
> 
> hi,
> 
> so im rebulding my firwall with the help of the best iptables how
> to i have ever read 
> http://www.boingworld.com/workshops/linux/iptables-tutorial (thats quite a 
> few now). Anyway in a example script
> this is used
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> so i think the text "ip_forward" is being written to /proc/sys/net/ipv4..
> what is the "1" for? Also proc is the ram right? could some one explain
> why i have to do this and what is really happening when i do this...not 
> just "uh,
> thats how you start iptables"...like could some one tell me if im loading a 
> module
> into ram...and why i need the "1" after echo.
> 
> thanks for the help and yalls patients,
> jd

Since nobody answered this yet, let me try to:

 /proc isn't really the RAM, under Linux (and Unix) no program has direct
access to the systems RAM, only the kernel (the operating system) has. When-
ever a program (process) needs to access the RAM (or any other system resource,
like the keyboard, mouse, network or soundcard erc.) it needs to ask the kernel
to do so. So it's up to the kernel to provide an interface to programs (often
called 'userspace') that enables them to get their job done. The 'classic' way of
doing this is by means of so-called system calls -- a set of programming
routines that let a program comunicate with the kernel (as an example have a look
at 'man 2 open', a system call (or better, a wrapper arround a system call) to
open a specific file). Now, for some tasks the single function aproach to comuincation
with the kernel would be rather clumsy (esp. when the kernel needs to provide rather
complex and highly strucutred information). For these cases the Linux kernel has the
proc interface which to the user looks like a (pseudo)-filesystem. As a kernel(module)
programmer you can create a set of functions and install a pseudo-file in the proc
system to comunicate with userspace programs. Now, whenever someone reads or writes
to the proc file your created one of your functions get called and you can handle the
request. 

/proc/sys/net/ipv4 :
 Type 'cat /proc/sys/net/ipv4/ip_masq_debug' you'll probably se a '0'. This is a 
 logical flag, indicating that this feature is currently switched off. Once you 
 'echo "1" > /proc/sys/net/ipv4/ip_masq_debug' ip masquerading debugging is switched
 on. This is a much easier interface than having to write a special program that emits
 system calls to change this value.
 So, to answer your question: "1" is just an indication that you want something switched
 on (an old C programming habit: everything that's not '0' is true/on).


Hope this is of any help

   Ralf Mattes  

> 
> 
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list