- 论坛徽章:
- 0
|
我知道在os_attack_detect()这个函数中,这个函数就几行代码,我对协议不熟,没看出有什么问题。
unsigned int os_attack_detect(unsigned int hooknum, struct sk_buff** skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{ struct iphdr *iph = NULL;
struct tcphdr *tcph = NULL;
struct tcphdr _otcph;
unsigned char* haystack;
int hlen;
iph = ip_hdr(*skb);
haystack =(char*)iph+(iph->ihl*4);
hlen = ntohs(iph->tot_len)-(iph->ihl*4);
if (iph->protocol == IPPROTO_TCP)
{ tcph = skb_header_pointer(*skb, ip_hdrlen(*skb), sizeof(_otcph), &_otcph);
haystack += tcph->doff*4;
hlen -= tcph->doff*4;
check_http(haystack, hlen);
}
return NF_ACCEPT;
} |
|