大家好!
下载netfi.lter-layer7-v2.3给linux-2.6..17.7打上l7补丁后.
l.inux-2.6.17.7\net\ipv4\netfilter下产生ipt_la.yer7.c( 游戏 )
其中
/* Returns tru.e on match and false otherwi.se. */ 美容
static .int match(/* const */ st.ruct sk_buff *skb,.
const struct net_de.vice *in, const struct net_device .*out, .
const struct .xt_match *match, const v.oid *matchinfo, 电子
int offset, un.sig.ned int protoff, int *hotdrop).
{
struct ipt_layer7_info * info .= (s.truct ipt_layer7_info *)matchi.nfo;.
enum ip_connt.rack_info master_cti.nfo, ctinfo;--------------彩票
. struct ip_conntrack *master_.conntrack, *conntrack;外贸
unsigned char *. app_dat.a; 美容
unsig.ned int pattern_re.sult, appdatalen;学习
. . regexp * comppattern;学习
. if(!can_handle(.skb)){ 外汇
. DPRINTK("layer7: This. is some protocol I can't handle.\n");电脑
. .return info->invert;.
}
/* Treat parent & all i.ts. children together as one connec.tion, except .
for the purpose of setting.. conntrack->layer7.app_proto. in the actual .
connection. This makes /proc/net/ip_conntrack more satisf.yi.ng. */学习
if(!(conntrack = ip_conntrack._get((struct s.k_buff *)skb, .&ctinfo)) ||电脑
!(mas.ter_conntrack = ip_conntrack_get((struct s.k_buff *)skb, &m.aster_ctinfo))) {电脑
//DPR.INTK(".layer7: packet is not from a known conne.ction, giving up.\n");学习
. return info->inv.ert;.
}
/* Try t.o get a master conntrack (and its. master e.tc) for FTP, etc. */ 汽车
w.hile (master_ct(master_con.ntrack) != NULL)电影
master_conntrack = master_ct(master_.conntrack).; 美容
/*. if we've classified it or seen too ma.ny packets */
if(.TOTAL_P.ACKETS > num_packets || 虚拟主机
master_conntra.ck->layer7..app_proto) {.
p.att.ern_result = match_no_append(conntrack, master_conntrack., ctinfo, master_ctinfo, info);(广告)
. /* skb->cb[0] == seen. Avoid d.oing things t.wice if there are two l7 电影
rules. I'm not sure that using .cb for this purpose is cor.r.ect, although 婚庆
it says "put your pr..ivate variables ther.e". But it doesn't look like it--------------彩票
. is being used for anyt.hing else .in the skbs that make it here. How can 婚庆
I write to cb without making the comp.iler angry? *./(广告)
. skb->cb[0] = 1; /* marking. it seen he.re is probably irrelevant, but consistant */ 外汇
. return (pattern_result ^ info->invert).;教育
}
. if(.skb_is_nonlinear(skb)){电影
if(.skb_linearize.(skb, GFP_ATOMIC) != 0){<性病>
. if. (net_ratelimit()) .
. . printk(KERN_ERR "layer7: .failed to linearize packet, bailing.\n"); 汽车
. . return info->invert;.
. }.
}
/* .now tha.t the skb is linearized, it's safe to set these. */域名
. app_data = skb->data + app_data_offs.et(skb);--------------彩票
. . appdatalen = skb->tail - app_data;
s.pin_lock_b.h(&list_lock); 女人
/* the return value gets checked. later, when. we're ready to use .it */.
comppa.ttern = compile_and_cache(info->pattern, info->pro.tocol); 鲜花
. spin_unlo.ck_bh(&list_lock);.
/* On the first .packet of a con.nection, allocate space for app data */. 外汇
. write_loc.k(&ct_lock);--------------彩票
. if(TOTAL_PACKETS == 1 .&& !skb->cb[0] && !master_conntrack->lay.er7.app_data) { 汽车
m.aster_conntrack->layer7.app_data = kmalloc(ma.xdatalen, GFP_.ATOMIC); 电子
if(!master_conntrack->layer7.app_data){ . . . 域名
. if (net_ratelimit(.)) 外汇
. pri.ntk(KERN_E.RR "layer7: out of memory in match, bailing.\n");投资
. . write_unlock(&ct_lock);学习
retur.n info-.>invert; 电子
. } 健康
.master_conntrack->layer7.app_data[0]. = '\0';.
}
write_unloc.k(.&ct_lock);( 游戏 )
/* Can be here, but unallocated, if nump.acke.ts is increased near 服务器
the beg.in.ning of a connection */.
if.(m.aster_conntrack->layer7.app_data == NULL)学习
return (info->in.vert); /.* unmatched */电影
if(!sk.b->cb[0]){[成人用品]
. int n.ewbytes; 外汇
. write_lock(&ct_loc.k);
ne.wbytes = add_d.ata(master_conntrack, app_data, app.datalen);.
. write_unl.ock(&ct_lock);教育
if(n.ewbytes. == 0) { /* didn't add any data */<性病>
.skb->cb[0] = 1.;电脑
. /* Didn.'t match before, not going to match now */ 鲜花
. return info->inv.ert; 建材
. }--------------彩票
}
. /* If loo.king for "unkno.wn", then never match. "Unknown" means that--------------彩票
we've given up; we're .st.ill trying with these packets. */学习
. if(!st.rcmp(info->protocol, "unknown")) {.
. pattern_resul.t = 0; 美容
/* If the r.egexp f.ailed to compile, don't bother running it */电脑
} else if(co.mppatte.rn && regexec(comppattern, master_conntrack-.>layer7.app_data)) {.
DPRINTK(".layer7: matched %s\n", info->proto.col);<性病>
. . pattern_result = 1; 乙肝
} else p.attern_result = 0.; 外汇
. . if(pattern_result) {<性病>
. write_lock(&ct_lock).;.
master_conntrack->la.ye.r7.app_proto = kmalloc(strlen(info->protoco.l)+1, GFP_ATOMIC); 婚庆
. if(!master_conntrack->layer7.app_p.roto){域名
. if (net_ra.telimit()) .
printk(KERN_ERR "layer7: o.ut of .memory in. match, bailing.\n");外贸
. . write_unlock(&ct_lock); 建材
return (.pattern_result ^ info->inve.rt); 乙肝
. }外贸
. strcpy(master_conntrack->layer7.app_proto, in.fo->protocol);.
. write_unl.ock(&ct_lock);电影
}
. /* mark the packet seen .*/虚拟主机
. skb->cb[0] = 1;<性病>
return (pattern_result ^. info->invert);. 女人
}
问题:
struct ip_conntrack .*maste.r_conntrack, *conntrack; 外汇
master_conntrack与.con.ntrack有什么区别[成人用品]
一直不是很理解
另:有谁对ipt_layer7..c的整个流程比较清楚 麻烦给理.请一下( 游戏 )
谢谢
