#include
#include
#include
#include /*PF_INET*/
#include /*NF_IP_PRE_FIRST*/
#include
#include
#include /*in_aton()*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
MODULE_LICENSE("GPL");
MODULE_AUTHOR("limeng");
struct nf_hook_ops nfho;
unsigned int sample(unsigned int hooknum,
struct sk_buff *__skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = __skb;
struct iphdr *iph = ip_hdr(skb);
if(skb == NULL) return NF_ACCEPT;
if(iph == NULL) return NF_ACCEPT;
if(iph->protocol == IPPROTO_TCP)
{
struct tcphdr *tcph = tcp_hdr(skb);
if((ntohs(tcph->source) == 80) || (ntohs(tcph->dest) == 80))
{
struct ts_state state;
struct ts_config *ts_conf;
int flags = TS_IGNORECASE;
int index = UINT_MAX;
ts_conf = textsearch_prepare("kmp", "ipqos", 5, GFP_KERNEL, flags);
if(IS_ERR(ts_conf))return NF_ACCEPT;
memset(&state, 0, sizeof(struct ts_state));
index = skb_find_text(skb, 0, 65535, ts_conf, &state);
textsearch_destroy(ts_conf);
if(UINT_MAX != index)
{
enum ip_conntrack_info ctinfo;
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
int i;
printk("index=%d\n", index);
for(i = 0; i< skb->tail - skb->data ;i++)
printk("%02x", skb->data[i]);
if((ct && nf_nat_mangle_tcp_packet(skb, ct,
ctinfo, iph->ihl*4, index, 5, "limen", 5)) != true)printk("limeng,
add string err\n");
}
}
}
return NF_ACCEPT;
}
static int __init filter_init(void)
{
int err = 0;
nfho.hook = sample;
nfho.pf = AF_INET;
nfho.hooknum = NF_INET_PRE_ROUTING;
nfho.priority = NF_IP_PRI_FILTER;
err = nf_register_hook(&nfho);
if(err)
{
printk("limeng, register err\n");
return err;
}
return 0;
}
static void filter_fini(void)
{
nf_unregister_hook(&nfho);
}
module_init(filter_init);
module_exit(filter_fini);
阅读(1124) | 评论(0) | 转发(0) |
