Linux防火墙程序设计
2006-04-03 12:38:29 来源:WEB开发网#include <linux/sched.h>
#include <linux/kernel.h> //最基本的内核模块头文件
#include <linux/netdevice.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
#include <linux/if.h>
#include <linux/in.h>
#include <linux/firewall.h>
#define SOL_ICMP 1
#define PERMIT_PORT 80 //只允许访问TCP的80端口
int zzl_input(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//每当收到一个网络报时,此函数将被内核调用
struct tcphdr *tcph; //TCP的头指针
struct iphdr *iph; //IP头指针
struct sk_buff *skb=*pskb;
if (skb->protocol==htons(ETH_P_ARP)){
printk("\nPermit a ARP Packet");
return FW_ACCEPT;//允许地址解析协议报
}
if(skb->protocol==htons(ETH_P_RARP)){
printk("\nPermit a RARP Packet");
return FW_ACCEPT;//允许反向地址解析协议报
}
if(skb->protocol==htons(ETH_P_IP))
{
iph=skb->nh.iph;
if (iph->protocol==SOL_ICMP)
{
printk("\nPermit a ICMP Packet");
return FW_ACCEPT;//允许网络控制报
}
if(iph->protocol==SOL_TCP){
tcph=skb->h.th;
if(tcph->dest==PERMIT_PORT){
printk("\nPermit a valid access");
return FW_ACCEPT;//允许对TCP端口80的访问
}
}
}
return FW_REJECT;//禁止对本计算机的所有其它访问
}
int zzl_output(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_output is called ");
return FW_SKIP;
}
int zzl_foreward(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_foreward is called ");
return FW_SKIP;
}
struct firewall_ops zzl_ops=
{
NULL,
zzl_foreward,
zzl_input,
zzl_output,
PF_INET,
01
};
int init_module(void)
{
if(register_firewall(PF_INET,&zzl_ops)!=0)
{
printk("\nunable register firewall");
return -1;
}
printk("\nzzl_ops=%p",&zzl_ops);
return 0;
}
void cleanup_module(void)
{
printk("unload\n");
unregister_firewall(PF_INET,&zzl_ops);
}
更多精彩
赞助商链接