- 论坛徽章:
- 0
|
本帖最后由 flash78910 于 2017-11-08 15:52 编辑
我在LOCAL_OUT点处对TCP数据包的数据段进行扩展,使用skb_put函数扩展16个字节,并插入16字节的数据,同时更新了包的校验和。我在函数里只有一次memcpy动作。为什么抓包显示有多次重复的插入数据出现?以下是这个钩子函数,插入的内容为insert,插入位置为TCP数据开头部分。谢谢各位,请不吝赐教!
- unsigned int hook_func(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
- {
- struct iphdr *iph = NULL;
- unsigned char *tcp_ins = NULL; //tcp插入指针
- struct tcphdr *tcph = NULL; //tcp头
- unsigned int tcp_len = 0; //tcp报文长度
- unsigned int data_len = 0; //tcp数据部分长度
- unsigned char insert[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; //插入数据
- if(skb == NULL)
- return NF_ACCEPT;
- if(is_ign_pkt(skb)==1) //过滤需要修改的数据包,此后都是要修改的数据包
- return NF_ACCEPT;
- if(skb_is_nonlinear(skb)) //线性化skb
- {
- if(skb_linearize(skb) != 0)
- return NF_ACCEPT;
- }
- iph = ip_hdr(skb); //skb的ip头
- if(iph == NULL)
- return NF_ACCEPT;
- if(iph->protocol==TCP)
- {
- if(skb_tailroom(skb)<=16) //判断tailroom空间
- {
- printk("TCP NOT Enough\n");
- }
- else
- {
- printk("TCP tail: 0x%u\n",skb->tail);
- skb_put(skb,16); //数据段空间扩展
- printk("TCP new_tail: 0x%u\n",skb->tail);
- printk("TCP------tailroom: %u------\n",skb_tailroom(skb));
- tcph = tcp_hdr(skb);
- tcp_ins = (unsigned char *)tcph + (tcph->doff*4); //指向数据起始处
- iph->tot_len = htons(ntohs(iph->tot_len)+16);
- tcp_len = ntohs(iph->tot_len) - iph->ihl*4;
- data_len = tcp_len - (tcph->doff*4);
- memmove(tcp_ins+16, tcp_ins, data_len); //原始数据后移留出插入空间
- memcpy(tcp_ins, insert, 16); //拷贝插入数据
- tcph->check = 0;
- skb->csum = 0;
- iph->check = 0;
- skb->csum = skb_checksum(skb, iph->ihl*4,ntohs(iph->tot_len)-iph->ihl*4,0);
- tcph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, tcp_len, iph->protocol, skb->csum);
- iph->check = ip_fast_csum(iph, iph->ihl);
- }
- return NF_ACCEPT;
- }
- return NF_ACCEPT;
- }
复制代码
|
-
Tcp分组截图
|