WEB开发网
开发学院网络安全防火墙 Linux防火墙程序设计 阅读

Linux防火墙程序设计

 2006-04-03 12:38:29 来源:WEB开发网   
核心提示: #include <linux/sched.h> #include <linux/kernel.h> //最基本的内核模块头文件 #include <linux/netdevice.h> #include <linux/ip.h> #include <linux/t

#include <linux/sched.h>

#include <linux/kernel.h> //最基本的内核模块头文件

#include <linux/netdevice.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#include <linux/skbuff.h>

#include <linux/proc_fs.h>

#include <linux/if.h>

#include <linux/in.h>

#include <linux/firewall.h>

#define SOL_ICMP 1

#define PERMIT_PORT 80 //只允许访问TCP的80端口

int zzl_input(struct firewall_ops *this,int pf,struct device *dev,

void *phdr,void *arg,struct sk_buff **pskb)

{//每当收到一个网络报时,此函数将被内核调用

struct tcphdr *tcph; //TCP的头指针

struct iphdr *iph; //IP头指针

struct sk_buff *skb=*pskb;

if (skb->protocol==htons(ETH_P_ARP)){

printk("\nPermit a ARP Packet");

return FW_ACCEPT;//允许地址解析协议报

}

if(skb->protocol==htons(ETH_P_RARP)){

printk("\nPermit a RARP Packet");

return FW_ACCEPT;//允许反向地址解析协议报

}

if(skb->protocol==htons(ETH_P_IP))

{

iph=skb->nh.iph;

if (iph->protocol==SOL_ICMP)

{

printk("\nPermit a ICMP Packet");

return FW_ACCEPT;//允许网络控制报

}

if(iph->protocol==SOL_TCP){

tcph=skb->h.th;

if(tcph->dest==PERMIT_PORT){

printk("\nPermit a valid access");

return FW_ACCEPT;//允许对TCP端口80的访问

}

}

}

return FW_REJECT;//禁止对本计算机的所有其它访问

}

int zzl_output(struct firewall_ops *this,int pf,struct device *dev,

void *phdr,void *arg,struct sk_buff **pskb)

{//程序编写方法同zzl_input函数模块

printk("\nzzl_output is called ");

return FW_SKIP;

}

int zzl_foreward(struct firewall_ops *this,int pf,struct device *dev,

void *phdr,void *arg,struct sk_buff **pskb)

{//程序编写方法同zzl_input函数模块

printk("\nzzl_foreward is called ");

return FW_SKIP;

}

struct firewall_ops zzl_ops=

{

NULL,

zzl_foreward,

zzl_input,

zzl_output,

PF_INET,

01

};

int init_module(void)

{

if(register_firewall(PF_INET,&zzl_ops)!=0)

{

printk("\nunable register firewall");

return -1;

}

printk("\nzzl_ops=%p",&zzl_ops);

return 0;

}

void cleanup_module(void)

{

printk("unload\n");

unregister_firewall(PF_INET,&zzl_ops);

}

上一页  1 2 3 4 

Tags:Linux 防火墙 程序设计

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接