- 论坛徽章:
- 0
|
是否可以这样:
- /*
- * Main IP Receive routine.
- */
- int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt)
- {
- .........
- {
- nskb = skb_clone(skb);
- 修改nskb的dest ip为localhost;
- ip_rcv_finish(nskb);
-
- }
- return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
- ip_rcv_finish);
- }
复制代码
这样nskb就绕过了netfilter,因为你修改了nskb的dest ip,在route时会选择local
deliver,在ip_local_deliver()处kernel会帮助你的nskb做重组:
- /*
- * Deliver IP Packets to the higher protocol layers.
- */
- int ip_local_deliver(struct sk_buff *skb)
- {
- /*
- * Reassemble IP fragments.
- */
- if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
- skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER);
- if (!skb)
- return 0;
- }
- return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL,
- ip_local_deliver_finish);
- }
复制代码 |
|