- 论坛徽章:
- 0
|
大家好
正在学习网络方面的内容,这二天碰到一个问题,请大家帮忙看看
应用层:
执行 iptables -I FORWARD -p tcp -m webstr --url www.baidu.com -j REJECT --reject-with tcp-reset //url过滤功能 禁止上baidu网
内核层:
把附件中的文件新模块对比其它文件规则如(xt_time.c)或模块加载形式加内核里面,这个.c文件主要功能处理匹配到webstr关键字,在进入get_http_info函数,memcmp(data, "GET ", sizeof("GET ") - 1) 。。。比较数据包是否通过
1. linux-2.6.21\net\netfilter 把附件中的文件.c代码里的 #if 0 开启 变成#if 1, 编译通过使用,功能生效
可以看到LOG:每执行一次进入baidu网时,都会看到类GET http://www.baidu.com/,这样数据包在get_http_info函数应该就这样抛去了,达到可以进行url过滤功能
2.linux-2.6.30\net\netfilter 直接编译通过使用,功能不生效
在这内核版本里,
执行多次进入baidu网时,偶尔看到有GET字,大部分都看不到GET字,原因应该是在get_http_info函数里面让数据包PASS,达不到过滤功能,但不知道为什么会这样
跟踪代码里打印log:
webstr_mt: get_http_info........................111111111111111111111
webstr_mt: get_http_info........................22222222222222222222222222
webstr_mt: get_http_info........................33333333333333333333
webstr_mt: get_http_info........................aaaaaaaaaaaaaaaaaaaaGET http://www.baidu.com/ HTTP/1.1
Host: www.baidu.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hao123.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: BAIDUID=EB40A4E70DF1A16CD7C89FF54BD8AB51:FG=1; Hm_lvt_9f14aaa038bbba8b12ec2a4a3e51d254=1354080372; BDUT=6isoFDB3DB5FB93692DD79FE9F30B533690D13a5265c0e71; H_PS_PSSID=1454_1540_1543_1582
65c0e71; H_PS_PSSID=1454_1540_1543_1582
%AB%7C%C9%EE%DB%DA
get_http_info: get_http_info........................44444444444444444444444
get_http_info: get_http_info........................6405555555555555555555555555555GET http://www.baidu.com/ HTTP/1.1
Host: www.baidu.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hao123.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: BAIDUID=EB40A4E70DF1A16CD7C89FF54BD8AB51:FG=1; Hm_lvt_9f14aaa038bbba8b12ec2a4a3e51d254=1354080372; BDUT=6isoFDB3DB5FB93692DD79FE9F30B533690D13a5265c0e71; H_PS_PSSID=1454_1540_1543_1582
65c0e71; H_PS_PSSID=1454_1540_1543_1582
%AB%7C%C9%EE%DB%DA
get_http_info: get_http_info........................6666666666666666666666666666
find_pattern2: find_pattern2: pattern = 'Host: ', dlen = 640
get_http_info: Host found=1
get_http_info: HOST=www.baidu.com, hostlen=13
find_pattern2: find_pattern2: pattern = ' ', dlen = 637
get_http_info: GET/POST found=1 off=4
get_http_info: URL=www.baidu.comhttp://www.baidu.com/ , urllen=35
webstr_mt: get_http_info........................bbbbbbbbbbbbbbbbbbbbbbwww.baidu.comhttp://www.baidu.com/
webstr_mt: needle.......................ccccccccneedlewww.baidu.com
webstr_mt: keyword=www.baidu.com, nlen=13, hlen=35
search_linear: search_linear: haystack=www.baidu.comhttp://www.baidu.com/ , needle=www.baidu.com
webstr_mt: webstr_mt: Verdict =======> DROP
webstr_mt: get_http_info........................111111111111111111111
webstr_mt: get_http_info........................22222222222222222222222222
webstr_mt: get_http_info........................33333333333333333333
webstr_mt: get_http_info........................aaaaaaaaaaaaaaaaaaaaS
get_http_info: get_http_info........................44444444444444444444444
get_http_info: get_http_info: Not enough length, ignore it!
webstr_mt: get_http_info........................111111111111111111111
webstr_mt: get_http_info........................22222222222222222222222222
webstr_mt: get_http_info........................33333333333333333333
webstr_mt: get_http_info........................aaaaaaaaaaaaaaaaaaaa get_http_info: get_http_info........................44444444444444444444444
get_http_info: get_http_info: Not enough length, ignore it!
webstr_mt: get_http_info........................111111111111111111111
webstr_mt: get_http_info........................22222222222222222222222222
webstr_mt: get_http_info........................33333333333333333333
webstr_mt: get_http_info........................aaaaaaaaaaaaaaaaaaaa get_http_info: get_http_info........................44444444444444444444444
get_http_info: get_http_info: Not enough length, ignore it!
webstr_mt: get_http_info........................111111111111111111111
webstr_mt: get_http_info........................22222222222222222222222222
webstr_mt: get_http_info........................33333333333333333333
webstr_mt: get_http_info........................aaaaaaaaaaaaaaaaaaaa get_http_info: get_http_info........................44444444444444444444444
get_http_info: get_http_info: Not enough length, ignore it!
。。。
|
|