- 论坛徽章:
- 0
|
- //程序功能是:给没有IP选项的数据报头添加路由记录(RR)IP选项.
- //方法:先只是试验,所以在netfilter框架中,对于经过HOOK的数据包先拷贝一个新的newskb_buff,然后对该新结构进行处理.
- static unsigned int get_icmp(unsigned int hook,
- struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
- {
- struct iphdr *iph=(*pskb)->nh.iph;
- struct sk_buff *oldskb=*pskb;
- struct sk_buff *newskb=skb_copy(oldskb,GFP_ATOMIC); //拷贝一个新的skb_buff
- struct iphdr *niph=newskb->nh.iph;
- unsigned char *iphraw=newskb->nh.raw;
- unsigned char *tp=(unsigned char*)(iphraw+20);
- unsigned char *p=(unsigned char*)(iphraw+21);
- unsigned char *pp=(unsigned char*)(iphraw+22);
- unsigned char *ppp=(unsigned char*)(iphraw+23);
- unsigned char *pc1=(unsigned char*)(iphraw+61);
- unsigned char *pc2=(unsigned char*)(iphraw+62);
-
-
- if(iph->protocol == IPPROTO_ICMP) //针对ICMP协议测试
- {
- int i;
- for(i=0;i<oldskb->tail-oldskb->data;i++)
- if(i!=20){
- if(i==60){printk("(-%x-)|",oldskb->data[i]);}
- else{printk("%x|",oldskb->data[i]);}
- }
- else{printk("(%x)|",oldskb->data[i]);}
- printk("nu=%d\n",i);
- if(iph->ihl>5){
- //printk("OPTIONS:RR->%d,RLEN->%d,RPO->%d,pc1->%d,pc2->%d\n",*
- p,*pp,*ppp,*pc1,*pc2);
- }else{
- if(!pskb_expand_head(newskb,0,41,GFP_ATOMIC)){ //扩展skb->tail与skb->end之间的空间,这两个指针之间的空间应该可以被读写吧?
- memmove((void *)pc2,(const void *)tp,niph->tot_len/8+20);
- memset((void *)tp,0,42);
- *tp=0x1; //--经过分析似乎ip选项和真正报头之间有一个8八位的控制位,不知道看的对不对?
- *p=0x7;
- *pp=0x39;
- *ppp=0x4;
- iph->ihl=15;
- iph->tot_len+=320;
- ip_send_check(iph);
- newskb->len+=41;
- newskb->tail+=41;
- newskb->end+=41;
- int k;
- for(k=0;k<newskb->tail-newskb->data;i++)
- if(i!=20){
- if(i==60){printk("(-%x-)|",newskb->data[i]);}
- else{printk("%x|",newskb->data[i]);}
- }else{printk("(%x)|",newskb->data[i]);}
- printk("nu=%d\n",k);
- kfree(newskb);
- }
- }
- }else{
- kfree(newskb);
- }
- return NF_ACCEPT;
- }
模块载入内核后用ping程序测试,系统崩溃,大虾帮忙看看哪儿有问题,谢谢啦,急啊! |
|
免费注册
发表于 2007-12-20 17:06
