当前位置: 技术问答>linux和unix
求助:Netfiler的编码问题!
来源: 互联网 发布时间:2015-11-25
本文导语: 以下是一朋友写的利用Linux内核中的NetFilter提供的Hook函数实现FTP地址伪装的代码,自己看不大懂,希望哪为高人能帮忙理解一下,在此高分谢过了! #include ; #include ; #include ; #include ; #include ; #include ; #include ; #include ; ...
以下是一朋友写的利用Linux内核中的NetFilter提供的Hook函数实现FTP地址伪装的代码,自己看不大懂,希望哪为高人能帮忙理解一下,在此高分谢过了!
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
MODULE_AUTHOR("SKY ;");
MODULE_DESCRIPTION("NerFilter Hook Reserch Test");
#ifdef MODULE_LICENSE
MODULE_LICENSE("GPL");
#endif /* MODULE_LICENSE */
static char local_ip[] = { 0xc0, 0xa8, 0x03, 0x78 }; /* 192.168.3.120 */
static char target_ip[] = { 0xc0, 0xa8, 0x03, 0x3c }; /* 192.168.3.60 */
static char foo_ip[] = { 0xc0, 0xa8, 0x03, 0x6f }; /* 192.168.3.111 */
/*
* ip_post_fn
* out packet hook function:
* catch the out ftp packet, change the source IP to foo.
*/
unsigned int
ip_post_fn(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
{
struct sk_buff *sb = *skb;
struct iphdr *ihead = (struct iphdr *)sb->;nh.iph;
struct tcphdr *thead = (struct tcphdr *)((unsigned int *)ihead + ihead->;ihl);
/* is a ftp packet to target host? */
if (ihead->;saddr != *(unsigned int *)local_ip ||
ihead->;daddr != *(unsigned int *)target_ip ||
ihead->;protocol != IPPROTO_TCP || thead->;dest != htons(21)) {
return NF_ACCEPT;
}
/* change it */
ihead->;saddr = *(unsigned int *)foo_ip; /* fooip */
thead->;check = 0;
thead->;check =
tcp_v4_check(thead, sb->;len - ihead->;ihl * 4, ihead->;saddr, ihead->;daddr,
csum_partial((char *)thead, sb->;len - ihead->;ihl * 4, 0));
ihead->;check = 0;
ihead->;check = ip_fast_csum((unsigned char *)ihead, ihead->;ihl);
return NF_ACCEPT;
}
/*
* ip_pre_fn
* in packet hook function:
* catch the in ftp packet, change the dest IP.
*/
unsigned int
ip_pre_fn(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
{
struct sk_buff *sb = *skb;
struct iphdr *ihead = (struct iphdr *)sb->;nh.iph;
struct tcphdr *thead = (struct tcphdr *)((unsigned int *)ihead + ihead->;ihl);
if (ihead->;saddr != *(unsigned int *)target_ip ||
ihead->;daddr != *(unsigned int *)foo_ip ||
ihead->;protocol != IPPROTO_TCP || thead->;source != htons(21)) {
return NF_ACCEPT;
}
ihead->;daddr = *(unsigned int *)local_ip; /* fooip */
thead->;check = 0;
thead->;check =
tcp_v4_check(thead, sb->;len - ihead->;ihl * 4, ihead->;saddr, ihead->;daddr,
csum_partial((char *)thead, sb->;len - ihead->;ihl * 4, 0));
ihead->;check = 0;
ihead->;check = ip_fast_csum((unsigned char *)ihead, ihead->;ihl);
return NF_ACCEPT;
}
static struct nf_hook_ops ip_post_ops =
{ {NULL, NULL}, ip_post_fn, PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_FIRST };
static struct nf_hook_ops ip_pre_ops =
{ {NULL, NULL}, ip_pre_fn, PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_FIRST };
/*
* init_module
* module init function
*/
int
init_module()
{
int ret = 0;
if ((ret = nf_register_hook(&ip_post_ops))
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
#include ;
MODULE_AUTHOR("SKY ;");
MODULE_DESCRIPTION("NerFilter Hook Reserch Test");
#ifdef MODULE_LICENSE
MODULE_LICENSE("GPL");
#endif /* MODULE_LICENSE */
static char local_ip[] = { 0xc0, 0xa8, 0x03, 0x78 }; /* 192.168.3.120 */
static char target_ip[] = { 0xc0, 0xa8, 0x03, 0x3c }; /* 192.168.3.60 */
static char foo_ip[] = { 0xc0, 0xa8, 0x03, 0x6f }; /* 192.168.3.111 */
/*
* ip_post_fn
* out packet hook function:
* catch the out ftp packet, change the source IP to foo.
*/
unsigned int
ip_post_fn(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
{
struct sk_buff *sb = *skb;
struct iphdr *ihead = (struct iphdr *)sb->;nh.iph;
struct tcphdr *thead = (struct tcphdr *)((unsigned int *)ihead + ihead->;ihl);
/* is a ftp packet to target host? */
if (ihead->;saddr != *(unsigned int *)local_ip ||
ihead->;daddr != *(unsigned int *)target_ip ||
ihead->;protocol != IPPROTO_TCP || thead->;dest != htons(21)) {
return NF_ACCEPT;
}
/* change it */
ihead->;saddr = *(unsigned int *)foo_ip; /* fooip */
thead->;check = 0;
thead->;check =
tcp_v4_check(thead, sb->;len - ihead->;ihl * 4, ihead->;saddr, ihead->;daddr,
csum_partial((char *)thead, sb->;len - ihead->;ihl * 4, 0));
ihead->;check = 0;
ihead->;check = ip_fast_csum((unsigned char *)ihead, ihead->;ihl);
return NF_ACCEPT;
}
/*
* ip_pre_fn
* in packet hook function:
* catch the in ftp packet, change the dest IP.
*/
unsigned int
ip_pre_fn(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
{
struct sk_buff *sb = *skb;
struct iphdr *ihead = (struct iphdr *)sb->;nh.iph;
struct tcphdr *thead = (struct tcphdr *)((unsigned int *)ihead + ihead->;ihl);
if (ihead->;saddr != *(unsigned int *)target_ip ||
ihead->;daddr != *(unsigned int *)foo_ip ||
ihead->;protocol != IPPROTO_TCP || thead->;source != htons(21)) {
return NF_ACCEPT;
}
ihead->;daddr = *(unsigned int *)local_ip; /* fooip */
thead->;check = 0;
thead->;check =
tcp_v4_check(thead, sb->;len - ihead->;ihl * 4, ihead->;saddr, ihead->;daddr,
csum_partial((char *)thead, sb->;len - ihead->;ihl * 4, 0));
ihead->;check = 0;
ihead->;check = ip_fast_csum((unsigned char *)ihead, ihead->;ihl);
return NF_ACCEPT;
}
static struct nf_hook_ops ip_post_ops =
{ {NULL, NULL}, ip_post_fn, PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_FIRST };
static struct nf_hook_ops ip_pre_ops =
{ {NULL, NULL}, ip_pre_fn, PF_INET, NF_IP_PRE_ROUTING, NF_IP_PRI_FIRST };
/*
* init_module
* module init function
*/
int
init_module()
{
int ret = 0;
if ((ret = nf_register_hook(&ip_post_ops))
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
站内导航:
特别声明:169IT网站部分信息来自互联网,如果侵犯您的权利,请及时告知,本站将立即删除!