- 论坛徽章:
- 0
|
基于netfilter实现过滤TCP端口的内核模块编程 在加载模块后 电脑出现死机 强制关机也无法相应 代码如下:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/in.h>
#define PERMIT_PORT 80
static struct nf_hook_ops nfho;
//static unsigned char *drop_ip = "\x7f\x00\x00\x01";
//static unsigned char *drop_ip = "\xCA\x6C\x16\x5";
//unsigned char* deny_port = "\x00\x19";
unsigned int hook_fund(unsigned int hooknum,struct sk_buff **skb,const struct net_device *in,const struct net_device *out,int(*okfn)(struct sk_buff*))
{
/*struct sk_buff *sb = *skb;
struct iphdr *iph ;
iph = ip_hdr(sb);
pr_info("Packet from %d.%d.%d.%d\n",NIPQUAD(iph->saddr));
if ( iph->saddr == *(__be32 *) drop_ip)
{
pr_info("Dropped packet from ... %d.%d.%d.%d\n",*drop_ip, *(drop_ip+1), *(drop_ip+2), *(drop_ip+3) );
return NF_DROP;
}else {
return NF_ACCEPT;
}*/
struct tcphdr *tcph;
struct sk_buff *sb = *skb;
struct iphdr *iph;
iph = ip_hdr(sb);
if(iph->protocol == IPPROTO_TCP)
{
// tcph = skb_header_pointer(sb,sb->nh.iph->ihl*4,sizeof(*tcph),tcph)
// tcph = sb->h.th;
tcph = tcp_hdr(sb);
if(tcph->dest == 80)
{
printk("\n web service refused\n");
return NF_DROP;
}
}
return NF_ACCEPT;
/*struct sk_buff *sb = *skb;
struct tcphdr *thead;
if(!skb)
{
return NF_ACCEPT;
}
if(!(skb->nh.iph))
{
return NF_ACCEPT;
}
if(skb->nh.iph->protocol != IPPOTO_TCP)
{
return NF_ACCEPT;
}
thead = (struct tcphdr *)(skb->data+(skb->nh.iph->ihl*4));
if((thead->dest) == *(unsigned short *)deny_port)
{
return NF_DROP;
}
return NF_ACCEPT;*/
}
int init(void)
{
nfho.hook=hook_fund;
nfho.hooknum = 1;
nfho.pf=PF_INET;
nfho.priority = NF_IP_PRI_FIRST - 1;
nf_register_hook(&nfho);
return 0;
}
void exit(void)
{
nf_unregister_hook(&nfho);
}
module_init(init);
module_exit(exit);
MODULE_LICENSE("GPL");
在网络区发帖子没人回我 只好到C++区发帖子询问 网版主手下留情
[ 本帖最后由 wxj120bw 于 2009-3-9 21:08 编辑 ] |
|
免费注册
发表于 2009-03-09 21:07