小弟最近在研究netfilter框架和qt+develop界面开发,目前已经使用qt制作出来了界面,并将ui文件导入到kdevelop中,运行的时候
界面可以正常的显示,剩下的工作是功能代码的实现,首先防火墙内核代码函数的调用问题,小弟一直束手无策,不指点如何下手
具体来说,比如一段内核代码:
#define __KERNEL__
#define MODULE
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/netdevice.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
#include <net/tcp.h>
#include <linux/netfilter_ipv4.h>
static struct nf_hook_ops nfho;
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
unsigned char src_ip[4];
*(unsigned int *)src_ip = sb->nh.iph->saddr;
printk("A packet from:%d.%d.%d.%d Detected!",
src_ip[0],src_ip[1],src_ip[2],src_ip[3]);
switch(sb->nh.iph->protocol)
{
case IPPROTO_TCP:
printk("It's a TCP PACKET\n");break;
case IPPROTO_ICMP:
printk("It's a ICMP PACKET\n");break;
case IPPROTO_UDP:
printk("It's a UDP PACKET\n");break;
}
return NF_ACCEPT;
}
int init_module()
{
nfho.hook = hook_func;
nfho.hooknum = NF_IP_PRE_ROUTING;
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho);
return 0;
}
void cleanup_module()
{
nf_unregister_hook(&nfho);
}
这实际上是对前面几篇文章的几个小程序的组合,实际上就是对sk_buff 结构体的的两个元素进行了检测,就得到了源地址和协议的信息。上面的这条语句对于那些C不是很熟悉的人可能吃力了一点:
*(unsigned int *)src_ip = sb->nh.iph->saddr;
我稍微的解释一下,网络的源地址是4个子节的int,因此我定义了一个4个子节的数组src_ip,从而每一个子节里面就存储的点分十进制的一个数,为了一次完成赋值,我把src_ip 转成unsigned int指针,就可以一次4个字节一起访问了。
下面是这个程序的测试结果:
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.8 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.8 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.246 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.254 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.230 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:192.168.1.1 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.214 Detected!It's a UDP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a ICMP PACKET
A packet from:210.43.106.96 Detected!It's a UDP PACKET
A packet from:210.43.106.210 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.106.112 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
A packet from:210.43.107.136 Detected!It's a UDP PACKET
A packet from:210.43.107.130 Detected!It's a TCP PACKET
如果需要对包的端口进行分析的话,就要对IP报文的数据段(sb->data)进行分析了(TCP和UDP等包都是作为IP的数据而存在的),大家可以参考一下相应的资料。
斜体部分为引用达人的代码段,我想吧这个功能加入到我的防火墙界面程序中,比如点击一个按钮,就可以实现上述功能,应该怎么具体
操作那,比如一些头文件的加载,请各位高手指点
谢谢啦
