- 论坛徽章:
- 0
|
unsigned int checksum(unsigned int hooknum,
struct sk_buff *__skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb;
struct iphdr *iph;
struct ts_state state;
struct ts_config *ts_conf;
int rst = 0;
int flags = TS_AUTOLOAD;
skb = __skb;
if(skb == NULL) return NF_ACCEPT;
iph = ip_hdr(skb);
if(iph == NULL) return NF_ACCEPT;
ts_conf = textsearch_prepare("kmp", "taobao", 6, GFP_KERNEL, flags);
if(IS_ERR(ts_conf))
{
printk("limeng,conf err\n");
return NF_ACCEPT;
}
memset(&state, 0, sizeof(struct ts_state));
/*
rst = skb_find_text((struct sk_buff *)skb, 0, 65535, ts_conf, &state);
if(UINT_MAX != rst)
{
printk("limeng,skb_find\n");
textsearch_destroy(ts_conf);
return NF_DROP;
}
*/
rst = skb_find_text((struct sk_buff *)skb, 0, 65535, ts_conf, &state);
if(UINT_MAX != rst)
{
if (ip_hdr(skb)->protocol == IPPROTO_TCP)
{
enum ip_conntrack_info ctinfo;
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
struct iphdr *iph = ip_hdr(skb);
if(ct != NULL)
{
int protoff = ip_hdrlen(skb);
int matchoff = rst;
int matchlen = 6;
char *buffer = "limeng";
//rst = (ct && nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, matchoff, matchlen, buffer, strlen(buffer)));
rst = (ct && nf_nat_mangle_tcp_packet(skb, ct, ctinfo, ip_hdrlen(skb), rst, 0, "limeng", 6));
if (rst != 1)
{
printk("limeng,nat err\n");
}
else
{
printk("limeng,nat ok\n");
}
}
else
{
printk("limeng,ct = null\n");
}
}
}
textsearch_destroy(ts_conf);
return NF_ACCEPT;
}
static int __init filter_init(void)
{
int ret;
nfho.hook = checksum;
nfho.pf = AF_INET;
nfho.hooknum = NF_INET_PRE_ROUTING;
nfho.priority = NF_IP_PRI_FILTER;
ret = nf_register_hook(&nfho);
if(ret < 0)
{
printk("%s\n", "can't modify skb hook!");
return ret;
}
return 0;
}
然后 打开 taobao, 主机复位...什么情况.... |
|
免费注册
发表于 2015-02-11 20:35
