netfilter学习

其他 2018-06-25 12:24:10 阅读次数: 2
//链接跟踪状态信息 enum ip_conntrack_info { IP_CT_ESTABLISHED, IP_CT_RELATED, IP_CT_NEW, IP_CT_IS_REPLY, IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 };
 
net/netfilter/core.c
包含全局数组
struct list_head  nf_hooks[ NPROTO][ NF_MAX_HOOKS]
注册一个钩子函数
int  nf_register_hook(struct nf_hook_ops *reg)
 
由NF_HOOK宏调用,在ip_input.c文件中的ip_rcv中调用NF_HOOK宏,ip_rcv是ip协议的第一个处理函数,当处理完后最后进入netfilter模块
int  nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
         struct net_device *indev,
         struct net_device *outdev,
         int (*okfn)(struct sk_buff *),
         int hook_thresh)
 
static  inline  int dst_input( struct sk_buff  *skb)
{
     int err;

     for (;;) {
         //在此处调用ip_forward 或 ip_local_deliver函数
         //    rth->u.dst.input= ip_local_deliver;
         //ip_mkroute_input-->__mkroute_input-->    rth->u.dst.input = ip_forward;
         //rth->u.dst.output = ip_output;
        err  = skb - >dst - >input(skb);

         if (likely(err  ==  0))
             return err;
         /* Oh, Jamal... Seems, I will not forgive you this mess. :-) */
         if (unlikely(err  != NET_XMIT_BYPASS))
             return err;
    }
}
 
内核2.6.22链接跟踪启动过程

[ 42949379. 480000-- >[net /netfilter /nf_conntrack_standalone.c,nf_conntrack_standalone_init, 408]
[ 42949379. 490000-- >[net /netfilter /nf_conntrack_core.c,nf_conntrack_init, 1933]
[ 42949379. 490000] nf_conntrack version  0. 5. 0 ( 1023 buckets,  8184 max)
[ 42949379. 500000] nf_conntrack_register_cache : features =0x0, name =nf_conntrack :basic, size = 272
[ 42949379. 510000-- >[net /netfilter /nf_conntrack_proto.c,nf_conntrack_proto_init, 339]
[ 42949379. 520000-- >[net /netfilter /nf_conntrack_proto.c,nf_ct_l4proto_register_sysctl, 230]
[ 42949379. 520000-- >[net /netfilter /nf_conntrack_standalone.c,nf_conntrack_standalone_init, 415]
[ 42949379. 530000-- >[net /netfilter /nf_conntrack_standalone.c,nf_conntrack_standalone_init, 421]
[ 42949379. 540000-- >[net /netfilter /nf_conntrack_proto.c,nf_ct_l4proto_register_sysctl, 230]
[ 42949379. 550000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 560000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 570000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 570000] nf_conntrack_register_cache : reusing.
[ 42949379. 580000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 590000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 590000] nf_conntrack_register_cache : reusing.
[ 42949379. 600000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 610000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 610000] nf_conntrack_register_cache : reusing.
[ 42949379. 620000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 630000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 630000] nf_conntrack_register_cache : reusing.
[ 42949379. 640000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 650000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 650000] nf_conntrack_register_cache : reusing.
[ 42949379. 660000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 670000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 670000] nf_conntrack_register_cache : reusing.
[ 42949379. 680000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 690000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 690000] nf_conntrack_register_cache : reusing.
[ 42949379. 700000] nf_conntrack_register_cache : features =0x1, name =nf_conntrack :help, size = 304
[ 42949379. 710000] nf_conntrack_register_cache : already resisterd.
[ 42949379. 710000] nf_conntrack_register_cache : reusing.
[ 42949379. 720000]  create  /proc /behavior /emailbcc SUCCESSFULLY.
[ 42949379. 720000] netfilter smtp init successfully
[ 42949379. 730000] IPv4 over IPv4 tunneling driver
[ 42949379. 730000-- >[net /netfilter /nf_conntrack_proto.c,nf_ct_l4proto_register_sysctl, 230]
[ 42949379. 740000-- >[net /netfilter /nf_conntrack_proto.c,nf_ct_l4proto_register_sysctl, 230]
[ 42949379. 750000-- >[net /netfilter /nf_conntrack_proto.c,nf_ct_l4proto_register_sysctl, 230]
 
 
static int ct_seq_show(struct seq_file *s, void *v);//链接跟踪打印函数
//注意内核中顺序文件的操作
nf_conntrack_standalone.c
static struct seq_operations ct_seq_ops = {
    .start = ct_seq_start,
    .next  = ct_seq_next,
    .stop  = ct_seq_stop,
    .show  = ct_seq_show //注册
};
//链接跟踪钩子点优先级,netfilter_ipv4.h文件中定义

enum nf_ip_hook_priorities {
    NF_IP_PRI_FIRST  = INT_MIN,
    NF_IP_PRI_CONNTRACK_DEFRAG  =  - 400,
    NF_IP_PRI_RAW  =  - 300,
    NF_IP_PRI_SELINUX_FIRST  =  - 225,
    NF_IP_PRI_CONNTRACK  =  - 200,
    NF_IP_PRI_MANGLE  =  - 150,
    NF_IP_PRI_NAT_DST  =  - 100,
    NF_IP_PRI_FILTER  =  0,
    NF_IP_PRI_NAT_SRC  =  100,
    NF_IP_PRI_SELINUX_LAST  =  225,
    NF_IP_PRI_CONNTRACK_HELPER  = INT_MAX  -  2,
    NF_IP_PRI_NAT_SEQ_ADJUST  = INT_MAX  -  1,
    NF_IP_PRI_CONNTRACK_CONFIRM  = INT_MAX,
    NF_IP_PRI_LAST  = INT_MAX,
};
//钩子函数结构体在nf_conntrack_l3proto_ipv4.c文件中定义

/* Connection tracking may drop packets, but never alters them, so
   make it the first hook. */
static  struct nf_hook_ops ipv4_conntrack_ops[]  = {
    {
        .hook         = ipv4_conntrack_defrag,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_PRE_ROUTING,
        .priority     = NF_IP_PRI_CONNTRACK_DEFRAG,
    },
    {
        .hook         = ipv4_conntrack_in,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_PRE_ROUTING,
        .priority     = NF_IP_PRI_CONNTRACK,
    },
    {
        .hook            = ipv4_conntrack_defrag,
        .owner           = THIS_MODULE,
        .pf              = PF_INET,
        .hooknum         = NF_IP_LOCAL_OUT,
        .priority        = NF_IP_PRI_CONNTRACK_DEFRAG,
    },
    {
        .hook         = ipv4_conntrack_local,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_LOCAL_OUT,
        .priority     = NF_IP_PRI_CONNTRACK,
    },
    {
        .hook         = ipv4_conntrack_help,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_POST_ROUTING,
        .priority     = NF_IP_PRI_CONNTRACK_HELPER,
    },
    {
        .hook         = ipv4_conntrack_help,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_LOCAL_IN,
        .priority     = NF_IP_PRI_CONNTRACK_HELPER,
    },
    {
        .hook         = ipv4_confirm,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_POST_ROUTING,
        .priority     = NF_IP_PRI_CONNTRACK_CONFIRM,
    },
    {
        .hook         = ipv4_confirm,
        .owner         = THIS_MODULE,
        .pf         = PF_INET,
        .hooknum     = NF_IP_LOCAL_IN,
        .priority     = NF_IP_PRI_CONNTRACK_CONFIRM,
    },
};

猜你喜欢

转载自blog.csdn.net/dxt1107/article/details/18374099
今日推荐
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
周排行
BPM为企业带来的实际利益
好程序员web前端分享css常用属性缩写
Java文件下载(excel)
css样式的动态添加及显示和隐藏等零碎用法
axios全局配置以及拦截器
使用Logstash来实时同步MySQL和log日志数据到ES
C++获取当前时间(年月日、时分秒、毫秒)
Odoo产品分析 (四) -- 工具板块(11) -- 网站即时聊天(1)
Java环境配置正确,但是java、javac、java -version均返回“不是内部或外部命令,也不是可运行的程序或批处理文件”?
01 官网下载各种CentOS教程(超详细版)
每日归档
更多
2024-05-14(0)
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022