- 论坛徽章:
- 7
|
如下代码中,打印hooknum发现,其值是一个很大的值,为什么会跑到我的注册函数中?这个值为什么不是我注册的几个值中的一个呢?
- #include <linux/module.h>
- #include <linux/kernel.h>
- #include <linux/init.h>
- #include <linux/netfilter.h>
- #include <linux/skbuff.h>
- #include <linux/ip.h>
- #include <linux/netdevice.h>
- #include <linux/if_ether.h>
- #include <linux/if_packet.h>
- #include <net/tcp.h>
- #include <net/udp.h>
- #include <net/icmp.h>
- #include <linux/netfilter_ipv4.h>
- #define MAC_FMT "%02x:%02x:%02x:%02x:%02x:%02x"
- #define MAC_ARG(x) (((u8*)(x))[0],((u8*)(x))[1],((u8*)(x))[2],((u8*)(x))[3],((u8*)(x))[4],((u8*)(x))[5])
- MODULE_LICENSE("GPL");
- MODULE_AUTHOR("kenthy@163.com");
- const char *hooks[] = {
- "NF_INET_PRE_ROUTING",
- "NF_INET_LOCAL_IN",
- "NF_INET_FORWARD",
- "NF_INET_LOCAL_OUT",
- "NF_INET_POST_ROUTING",
- };
- void print_ipproto(int proto) {
- switch(proto) {
- case IPPROTO_ICMP:
- printk("%s\n", "IPPROTO_ICMP");
- break;
- case IPPROTO_TCP:
- printk("%s\n", "IPPROTO_TCP");
- break;
- case IPPROTO_UDP:
- printk("%s\n", "IPPROTO_UDP");
- break;
- default:
- printk("%s\n", "other IPPROTO");
- break;
- }
- }
- void print_mac(struct ethhdr *eth) {
- if (NULL == eth)
- return;
- if (eth->h_source != NULL)
- printk("SOURCE:"MAC_FMT"\n", MAC_ARG(eth->h_source));
- if (eth->h_dest != NULL)
- printk("SOURCE:"MAC_FMT"\n", MAC_ARG(eth->h_dest));
- }
- unsigned int
- mac (unsigned int hooknum,
- struct sk_buff* skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff*))
- {
- struct sk_buff *nskb;
- struct iphdr *iph = NULL;
- struct ethhdr *eth;
-
- nskb = skb;
- if (nskb == NULL) {
- printk("%s\n", "*skb is NULL");
- return NF_ACCEPT;
- }
-
- if (nskb->len < sizeof(struct iphdr)+sizeof(struct ethhdr)) {
- printk("not valid ip\n");
- return NF_ACCEPT;
- }
- iph = ip_hdr(nskb);
- if (iph == NULL) {
- printk("%s\n", "*iph is NULL");
- return NF_ACCEPT;
- }
-
- if(hooknum > 4) {
- printk("hooknum=%u\n", hooknum);
- printk("hooknum=%u, %u\n", ntohl(hooknum), htonl(hooknum));
- return NF_ACCEPT;
- }
- printk("hooknum %u\n", hooknum);
- printk("-------begin %s -------\n", hooks[hooknum]);
- print_ipproto(iph->protocol);
- printk("len is %d, data len is %d\n", nskb->len, nskb->data_len);
- if (nskb->mac_len > 0) {
- eth = (struct ethhdr *)skb_mac_header(skb);
- print_mac(eth);
- }
- else {
- printk("%s", "mac is NULL");
- }
-
- printk("-------end %s -------\n", hooks[hooknum]);
- return NF_ACCEPT;
- }
- static struct nf_hook_ops mac_ops[] = {
- {
- .hook = mac,
- .owner = THIS_MODULE,
- .pf = PF_INET,
- .hooknum = NF_INET_PRE_ROUTING,
- .priority = NF_IP_PRI_FIRST,
- },
- {
- .hook = mac,
- .owner = THIS_MODULE,
- .pf = PF_INET,
- .hooknum = NF_INET_LOCAL_IN,
- .priority = NF_IP_PRI_FIRST,
- },
- {
- .hook = mac,
- .owner = THIS_MODULE,
- .pf = PF_INET,
- .hooknum = NF_INET_FORWARD,
- .priority = NF_IP_PRI_FIRST,
- },
- {
- .hook = mac,
- .owner = THIS_MODULE,
- .pf = PF_INET,
- .hooknum = NF_INET_LOCAL_OUT,
- .priority = NF_IP_PRI_FIRST,
- },
- {
- .hook = mac,
- .owner = THIS_MODULE,
- .pf = PF_INET,
- .hooknum = NF_INET_POST_ROUTING,
- .priority = NF_IP_PRI_FIRST,
- },
- };
- static int __init init(void) {
- int ret;
- ret = nf_register_hooks(mac_ops, ARRAY_SIZE(mac_ops));
- if (ret < 0) {
- printk("http detect: can't register mac_ops detect hook!\n");
- return ret;
- }
-
- printk("insmod mac_ops detect module\n");
- return 0;
- }
- static void __exit fini(void) {
- nf_unregister_hooks(mac_ops, ARRAY_SIZE(mac_ops));
- printk("remove mac_ops detect module.\n");
- }
- module_init(init);
- module_exit(fini);
复制代码
打印出的值为:
[66920.605991] insmod mac_ops detect module
[66923.279828] hooknum=2688819368
[66923.279831] hooknum=2820687008, 2820687008
[66923.279842] hooknum=2688819424
[66923.279843] hooknum=3760211104, 3760211104
[66923.279853] hooknum=2688819200
[66923.279853] hooknum=2114720, 2114720
[66923.279855] hooknum=2688819256
[66923.279855] hooknum=941638816, 941638816
[66923.279903] hooknum=2688819368
[66923.279904] hooknum=2820687008, 2820687008
[66923.279906] hooknum=2688819424
[66923.279907] hooknum=3760211104, 3760211104
[66923.283333] hooknum=2688819200
[66923.283337] hooknum=2114720, 2114720
[66923.283347] hooknum=2688819256
[66923.283348] hooknum=941638816, 941638816
[66923.283409] hooknum=2688819368
[66923.283410] hooknum=2820687008, 2820687008
[66923.283413] hooknum=2688819424
[66923.283443] hooknum=3760211104, 3760211104
[66923.283451] hooknum=2688819200
[66923.283452] hooknum=2114720, 2114720
[66923.283453] hooknum=2688819256
[66923.283454] hooknum=941638816, 941638816
[66923.283987] hooknum=2688819368
[66923.283989] hooknum=2820687008, 2820687008
[66923.283995] hooknum=2688819424
[66923.283996] hooknum=3760211104, 3760211104
[66923.294197] hooknum=2688819200
[66923.294201] hooknum=2114720, 2114720
[66923.294215] hooknum=2688819256
[66923.294216] hooknum=941638816, 941638816
[66923.298107] hooknum=2688819368
[66923.298117] hooknum=2820687008, 2820687008
[66923.298148] hooknum=2688819424
[66923.298149] hooknum=3760211104, 3760211104
[66923.298180] hooknum=2688819200
[66923.298181] hooknum=2114720, 2114720
[66923.298183] hooknum=2688819256
[66923.298184] hooknum=941638816, 941638816
[66923.298354] hooknum=2688819368
[66923.298357] hooknum=2820687008, 2820687008
[66923.298367] hooknum=2688819424
[66923.298367] hooknum=3760211104, 3760211104
[66923.311544] hooknum=2688819200
[66923.311549] hooknum=2114720, 2114720
[66923.311568] hooknum=2688819256
[66923.311569] hooknum=941638816, 941638816
[66923.311655] hooknum=2688819368
[66923.311657] hooknum=2820687008, 2820687008
[66923.311662] hooknum=2688819424
[66923.311663] hooknum=3760211104, 3760211104
[66923.311672] hooknum=2688819200
[66923.311673] hooknum=2114720, 2114720
[66923.311675] hooknum=2688819256
[66923.311676] hooknum=941638816, 941638816
[66924.285636] hooknum=2688819368
[66924.285643] hooknum=2820687008, 2820687008
[66924.285656] hooknum=2688819424
[66924.285657] hooknum=3760211104, 3760211104
[66924.298939] hooknum=2688819200
[66924.298943] hooknum=2114720, 2114720
[66924.298959] hooknum=2688819256
[66924.298961] hooknum=941638816, 941638816
[66927.460909] remove mac_ops detect module.
这个是什么原因导致的呢?
|
|