日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 运维知识 > linux >内容正文

linux

基于linux的netfilter处理数据包的过程分析,基于Netfilter的网络数据包分析

發布時間:2023/12/1 linux 30 豆豆
生活随笔 收集整理的這篇文章主要介紹了 基于linux的netfilter处理数据包的过程分析,基于Netfilter的网络数据包分析 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

前面的幾篇文章我已經對Netfilter的大概的機制作了比較詳細的介紹,這篇文章我就說一下如何分析網絡數據包。我剛剛寫了一個程序,程序的功能很簡單,就是提取出網絡數據包的源地址和改包所使用的網絡協議,大家可以看看源代碼:

#define __KERNEL__

#define MODULE

#include #include #include #include #include #include #include #include #include #include

static struct nf_hook_ops nfho;

unsigned int hook_func(unsigned int hooknum,

struct sk_buff **skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

struct sk_buff *sb = *skb;

unsigned char src_ip[4];

*(unsigned int *)src_ip = sb->nh.iph->saddr;

printk("A packet from:%d.%d.%d.%d Detected!",

src_ip[0],src_ip[1],src_ip[2],src_ip[3]);

switch(sb->nh.iph->protocol)

{

case IPPROTO_TCP:

printk("It's a TCP PACKET\n");break;

case IPPROTO_ICMP:

printk("It's a ICMP PACKET\n");break;

case IPPROTO_UDP:

printk("It's a UDP PACKET\n");break;

}

return NF_ACCEPT;

}

int init_module()

{

nfho.hook = hook_func;

nfho.hooknum? = NF_IP_PRE_ROUTING;

nfho.pf?????? = PF_INET;

nfho.priority = NF_IP_PRI_FIRST;

nf_register_hook(&nfho);

return 0;

}

void cleanup_module()

{

nf_unregister_hook(&nfho);

}

這實際上是對前面幾篇文章的幾個小程序的組合,實際上就是對sk_buff 結構體的的兩個元素進行了檢測,就得到了源地址和協議的信息。上面的這條語句對于那些C不是很熟悉的人可能吃力了一點:

*(unsigned int *)src_ip = sb->nh.iph->saddr;

我稍微的解釋一下,網絡的源地址是4個子節的int,因此我定義了一個4個子節的數組src_ip,從而每一個子節里面就存儲的點分十進制的一個數,為了一次完成賦值,我把src_ip 轉成unsigned int指針,就可以一次4個字節一起訪問了。

下面是這個程序的測試結果:

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.8 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.246 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.107.8 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.246 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.246 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.254 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.107.230 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:192.168.1.1 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a ICMP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.214 Detected!It's a UDP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a ICMP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a ICMP PACKET

A packet from:210.43.106.96 Detected!It's a UDP PACKET

A packet from:210.43.106.210 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.106.112 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

A packet from:210.43.107.136 Detected!It's a UDP PACKET

A packet from:210.43.107.130 Detected!It's a TCP PACKET

如果需要對包的端口進行分析的話,就要對IP報文的數據段(sb->data)進行分析了(TCP和UDP等包都是作為IP的數據而存在的),大家可以參考一下相應的資料。

總結

以上是生活随笔為你收集整理的基于linux的netfilter处理数据包的过程分析,基于Netfilter的网络数据包分析的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。