Linux2.6.18.8内核中netfilter分析
来源:互联网 发布:greendao查询所有数据 编辑:程序博客网 时间:2024/04/30 14:22
参考:http://bbs.driverdevelop.com/read.php?tid-101363.html
在2.6.16内核的netfilter中,netfilter一个重大修正思想就是将netfilter作为一个协议无关的框架,表现在内核结构树中单独建立net/netfilter目录,而在以前netfilter是附着在各个协议目录之下的,如在net/ipv4, net/ipv6等目录下。
内核2.6.18.8 的 linux/netfilter/x_tables.h 中定义了 struct xt_match :
1: struct xt_match
2: { 3: struct list_head list;
4: 5: const char name[XT_FUNCTION_MAXNAMELEN-1];
6: 7: /* Return true or false: return FALSE and set *hotdrop = 1 to
8: force immediate packet drop. */
9: /* Arguments changed since 2.6.9, as this must now handle
10: non-linear skb, using skb_header_pointer and
11: skb_ip_make_writable. */
12: int (*match)(const struct sk_buff *skb,
13: const struct net_device *in,
14: const struct net_device *out,
15: const struct xt_match *match,
16: const void *matchinfo,
17: int offset,
18: unsigned int protoff,
19: int *hotdrop);
20: 21: /* Called when user tries to insert an entry of this type. */
22: /* Should return true or false. */
23: int (*checkentry)(const char *tablename,
24: const void *ip,
25: const struct xt_match *match,
26: void *matchinfo,
27: unsigned int matchinfosize,
28: unsigned int hook_mask);
29: 30: /* Called when entry of this type deleted. */
31: void (*destroy)(const struct xt_match *match, void *matchinfo,
32: unsigned int matchinfosize);
33: 34: /* Called when userspace align differs from kernel space one */
35: int (*compat)(void *match, void **dstptr, int *size, int convert);
36: 37: /* Set this to THIS_MODULE if you are a module, otherwise NULL */
38: struct module *me;
39: 40: char *table;
41: unsigned int matchsize;
42: unsigned int hooks;
43: unsigned short proto;
44: 45: unsigned short family;
46: u_int8_t revision; 47: };
在进行实际匹配目标查找时会进行名字、协议族、表名、挂接点、协议等的比较,如匹配的检查:
(在使用iptables命令时,许多返回的错误类型可从这里看到。)
1: int xt_check_match(const struct xt_match *match, unsigned short family,
2: unsigned int size, const char *table, unsigned int hook_mask,
3: unsigned short proto, int inv_proto)
4: { 5: if (XT_ALIGN(match->matchsize) != size) {
6: printk("%s_tables: %s match: invalid size %Zu != %u/n",
7: xt_prefix[family], match->name, 8: XT_ALIGN(match->matchsize), size); 9: return -EINVAL;
10: } 11: if (match->table && strcmp(match->table, table)) {
12: printk("%s_tables: %s match: only valid in %s table, not %s/n",
13: xt_prefix[family], match->name, match->table, table); 14: return -EINVAL;
15: } 16: if (match->hooks && (hook_mask & ~match->hooks) != 0) {
17: printk("%s_tables: %s match: bad hook_mask %u/n",
18: xt_prefix[family], match->name, hook_mask); 19: return -EINVAL;
20: } 21: if (match->proto && (match->proto != proto || inv_proto)) {
22: printk("%s_tables: %s match: only valid for protocol %u/n",
23: xt_prefix[family], match->name, match->proto); 24: return -EINVAL;
25: } 26: return 0;
27: }- Linux2.6.18.8内核中netfilter分析
- linux2.6.30 内核netfilter部分IPV4发包流程分析
- Linux2.6内核Netfilter的简单例子、七(netMonitor)
- Linux2.6内核Netfilter的简单例子、八(simpNat)
- linux2.6内核ppp分析
- linux2.6内核ppp分析
- linux2.6内核ppp分析
- Linux2.6内核启动分析
- Linux内核分析 - 网络[七]:NetFilter
- Linux内核分析 - 网络[七]:NetFilter
- Linux2.6内核进程创建过程分析
- linux2.6内核 list_head结构分析
- linux2.6内核网桥分析
- linux2.6内核 list_head结构分析
- linux2.6.29内核 进程调度分析
- linux2.6.xx内核代码分析
- Linux2.6.39内核sk_buff的结构分析
- 关于linux2.6.32-2内核源码分析
- MFC CListCtrl 取消选中
- FFmpeg的C++封装:FFmpegWrapper
- Windows下FFmpeg快速入门
- 如何用ftok来产生相关的key_t值
- sqlite用法
- Linux2.6.18.8内核中netfilter分析
- Apache2 httpd.conf 中文版
- 阿里巴巴陷入欺诈危机 CEO卫哲引咎辞职
- MTK Video FAq 3
- css div 样式
- 在T-SQL中使用临时表的注意事项
- 积分啊~
- 分享一个验证页面文本框输入长度的jquery方法
- C# 让ListBox可编辑
