- 论坛徽章:
- 0
|
回复 11# humjb_1983
if(skb_shinfo(skb)->nr_frags>0)//在一个页里为0{
if (0 != skb_linearize(skb))//对于多个fragment的情况,将其合并
{
//#ifdef DEBUG_MODE
printk(KERN_EMERG"skb_linearize(sb) failed\n");
//#endif
return NF_ACCEPT;
}
}
crypt_ip_data_skb(skb,crypt_type,watch_flag);
/*******************************************************************************************************
*根据sk_buff、加密类型、数据方向进行加密
*******************************************************************************************************/
static void crypt_ip_data_skb(struct sk_buff *skb,unsigned int crypt_type,int watch_flag)
{
unsigned char *data=NULL;
unsigned short data_len=0;
__u8 protocol_type=0;
struct tcphdr *tcphead=NULL;
struct udphdr *udphead=NULL;
int ip_head_len=0;
int tcp_udp_len=0;
#ifdef DEBUG_MODE
printk(KERN_EMERG"crypt_ip_data_skb\tcrypt_type:%d\twatch_flag:%d\n",crypt_type,watch_flag);
#endif
if (!skb )return;
if (!(skb->nh.iph)) return;
protocol_type=skb->nh.iph->protocol;
ip_head_len=(skb->nh.iph->ihl * 4);
switch(protocol_type)
{
case IPPROTO_TCP:
{
tcphead= (struct tcphdr *)(skb->data + ip_head_len);
tcp_udp_len=tcphead->doff*4;
data=(unsigned char *)tcphead+tcp_udp_len;
data_len=ntohs(skb->nh.iph->tot_len)-ip_head_len-tcp_udp_len;
break;
}
case IPPROTO_UDP:
{
udphead= (struct udphdr *)(skb->data + ip_head_len);
data=(unsigned char *)udphead+8;//sizeof(udphdr)=8
data_len=ntohs(udphead->len)-8;
break;
}
default:
{
return ;
}
}
//根据数据方向进行加减密
if(watch_flag==fliter_watch_in)
{
#ifdef DEBUG_MODE
printk(KERN_EMERG"fliter_watch_in\tdata:0x%08x\tskb_data:0x%08x\n",data,skb->data);
#endif
decrypt_data_raw(data,data_len,crypt_type);
}
if(watch_flag==fliter_watch_out)
{
//#ifdef DEBUG_MODE
printk(KERN_EMERG"fliter_watch_out\n");
printk(KERN_EMERG"the skb have fragment counts:%d\n",skb_shinfo(skb)->nr_frags);//测试中skb_shinfo(skb)->nr_frags=0,合并成功
printk(KERN_EMERG"data:0x%08x\n",data);
printk(KERN_EMERG"skb_head:0x%08x\tskb_data:0x%08x\tskb_tail:0x%08x\tskb_end:0x%08x\n",skb->head,skb->data,skb->tail,skb->end);
printk(KERN_EMERG"tcp_udp_len:%d\tdata_len:%d\n",tcp_udp_len,data_len);
printk(KERN_EMERG"skb_len:%d\tskb_data_len:%d\n",skb->len,skb->data_len);
//#endif
print_data_raw(skb->data+ip_head_len+tcp_udp_len,data_len);//输出明文
encrypt_data_raw(skb->data+ip_head_len+tcp_udp_len,data_len,crypt_type);
print_data_raw(skb->data+ip_head_len+tcp_udp_len,data_len);//输出密文
}
return;
}
|
|