注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

gmd20的个人空间

// 编程和生活

 
 
 

日志

 
 

netfilter hook模块的例子和 skb 结构的操作  

2009-04-04 22:15:53|  分类: linux相关 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

http://lxr.linux.no/ 去查看内核源代码的

linux/net/ipv4/netfilter/iptable_mangle.c

linux/net/ipv4/netfilter/nf_nat_proto_tcp.c

节选

120static unsigned int
121ipt_local_hook(unsigned int hook,
122                   struct sk_buff *skb,
123                   const struct net_device *in,
124                   const struct net_device *out,
125                   int (*okfn)(struct sk_buff *))
126{
127        unsigned int ret;
128        const struct iphdr *iph;
129        u_int8_t tos;
130        __be32 saddr, daddr;
131        u_int32_t mark;
132
133        /* root is playing with raw sockets. */
134        if (skb->len < sizeof(struct iphdr)
135            || ip_hdrlen(skb) < sizeof(struct iphdr))
136                return NF_ACCEPT;
137
138        /* Save things which could affect route */
139        mark = skb->mark;
140        iph = ip_hdr(skb);
141        saddr = iph->saddr;
142        daddr = iph->daddr;
143        tos = iph->tos;
144
145        ret = ipt_do_table(skb, hook, in, out,
146                           dev_net(out)->ipv4.iptable_mangle);
147        /* Reroute for ANY change. */
148        if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
149                iph = ip_hdr(skb);
150
151                if (iph->saddr != saddr ||
152                    iph->daddr != daddr ||
153                    skb->mark != mark ||
154                    iph->tos != tos)
155                        if (ip_route_me_harder(skb, RTN_UNSPEC))
156                                ret = NF_DROP;
157        }
158
159        return ret;
160}
161

33static bool
34tcp_manip_pkt(struct sk_buff *skb,
35              unsigned int iphdroff,
36              const struct nf_conntrack_tuple *tuple,
37              enum nf_nat_manip_type maniptype)
38{
39        const struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
40        struct tcphdr *hdr;
41        unsigned int hdroff = iphdroff + iph->ihl*4;
42        __be32 oldip, newip;
43        __be16 *portptr, newport, oldport;
44        int hdrsize = 8; /* TCP connection tracking guarantees this much */
45
46        /* this could be a inner header returned in icmp packet; in such
47           cases we cannot update the checksum field since it is outside of
48           the 8 bytes of transport layer headers we are guaranteed */
49        if (skb->len >= hdroff + sizeof(struct tcphdr))
50                hdrsize = sizeof(struct tcphdr);
51
52        if (!skb_make_writable(skb, hdroff + hdrsize))
53                return false;
54
55        iph = (struct iphdr *)(skb->data + iphdroff);
56        hdr = (struct tcphdr *)(skb->data + hdroff);
57
58        if (maniptype == IP_NAT_MANIP_SRC) {
59                /* Get rid of src ip and src pt */
60                oldip = iph->saddr;
61                newip = tuple->src.u3.ip;
62                newport = tuple->src.u.tcp.port;
63                portptr = &hdr->source;
64        } else {
65                /* Get rid of dst ip and dst pt */
66                oldip = iph->daddr;
67                newip = tuple->dst.u3.ip;
68                newport = tuple->dst.u.tcp.port;
69                portptr = &hdr->dest;
70        }
71
72        oldport = *portptr;
73        *portptr = newport;
74
75        if (hdrsize < sizeof(*hdr))
76                return true;
77
78        inet_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
79        inet_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0);
80        return true;
81}

  评论这张
 
阅读(976)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017