NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev,NULL, br_nf_pre_routing_finish);returnNF_STOLEN; } 开发者ID:tidatida,项目名称:lagopus,代码行数:62,代码来源:br_netfilter.c 示例6: br_nf_pre_routing ▲点赞 1▼ /* Direct IPv6 traffic to br_nf_pre_routing_ipv6. * Replica...
.hook = ipv4_conntrack_setdst, .owner = THIS_MODULE, .pf = NFPROTO_IPV4, .hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init test_info_init(void) { int err; err = nf_register_hooks(ipv4_conn_dst_info, ARRAY_SIZE(ipv4_conn_dst_in...
}/* Remove any debris in the socket control block */memset(IPCB(skb),0,sizeof(struct inet_skb_parm));/* Must drop socket now because of tproxy. */skb_orphan(skb);returnNF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev,NULL, ip_rcv_finish); inhdr_error: IP_INC_STATS_BH(dev_ne...
.hook = ipv4_conntrack_getdst, .owner = THIS_MODULE, .pf = NFPROTO_IPV4, .hooknum = NF_INET_LOCAL_IN, .priority = NF_IP_PRI_CONNTRACK + 1, }, { .hook = ipv4_conntrack_setdst, .owner = THIS_MODULE, .pf = NFPROTO_IPV4, .hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP...
.pf = NFPROTO_IPV4, .hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init cache_dst_and_sock_demo_init(void) { int ret; ret = nf_register_hooks(ipv4_conn_cache_ops, ARRAY_SIZE(ipv4_conn_cache_ops)); ...
.pf = NFPROTO_IPV4, .hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init test_info_init(void) { int err; err = nf_register_hooks(ipv4_conn_dst_info, ARRAY_SIZE(ipv4_conn_dst_info)); ...
通过kprobe的pre_handler来HOOK函数ipv4_confirm中调用nf_conntrack_confirm的具体指令跳过后续的nf_conntrack_confirm执行逻辑理论上是可行的,但毕竟要修改IP寄存器,有较大的稳定性风险。所以不考虑这种方法。 退而求其次,既然nf_conntrack_confirm无法HOOK, 可以考虑HOOK更外层的ipv4_confirm函数。nf_conntrack_confirm调用...
1.首先指出,NF_HOOK系列宏的outdev参数的传递方式(直接传递一个net_device结构体指针)是不正确的正确的方式要么是不传递,要么是传递指针的地址,即地址的地址。...因为OUTPUT处在路由之后,如果其中的mangle表改变了skb的mark,那么会reroute,不幸的是,reroute并无法改
NFPROTO_IPV4=2; NFPROTO_ARP=3; NFPROTO_IPV6=10; 也就是说在一个协议上,最多能注册10个钩子函数: nf_hook_entry_head net->nf.hooks[reg->pf]+reg->hooknum pf倒是清楚,hooknum是啥咧?是: 46enumnf_inet_hooks {47NF_INET_PRE_ROUTING,48NF_INET_LOCAL_IN,49NF_INET_FORWARD,50NF_INET_LOC...
static bool nf_nat_inet_in_range(const struct nf_conntrack_tuple *t, const struct nf_nat_range2 *range) { if (t->src.l3num == NFPROTO_IPV4) return ntohl(t->src.u3.ip) >= ntohl(range->min_addr.ip) && ntohl(t->src.u3.ip) <= ntohl(range->max_addr.ip);...