活动

天翼云最新优惠活动,涵盖免费试用,产品折扣等,助您降本增效!
热门活动
免费活动
  • 活动
  • 智算服务
  • 产品
  • 解决方案
  • 应用商城
  • 合作伙伴
  • 开发者
  • 支持与服务
  • 了解天翼云
searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

iptables自定义target模块

网络
2023-05-23 06:30:29
91
0

kernel modules:

#include <linux/types.h>

#include <linux/module.h>

#include <linux/skbuff.h>

#include <linux/netfilter.h>

#include <linux/netfilter/x_tables.h>

 

#define DRV_VERSION     "1.0"

MODULE_LICENSE("GPL");

MODULE_VERSION(DRV_VERSION);

MODULE_DESCRIPTION("Xtables: TARGET print");

 

struct id {

unsigned char id;

};

 

static int target_check(const struct xt_tgchk_param *par)

{

const struct id *mr = par->targinfo;

if (mr->id == 0) {

pr_info("%s: id must not be 0\n",

par->target->name);

return -EINVAL;

}

 

return 0;

}

 

static unsigned int

target_tg(struct sk_buff *skb, const struct xt_action_param *par)

{

const struct id *mr = par->targinfo;

 

printk("just test target id: %u, hooknum %u\n", mr->id, par->hooknum);

 

return XT_CONTINUE;

 

}

 

static struct xt_target target_reg __read_mostly = {

.name           = "TARGET",

.family         = NFPROTO_IPV4,

.target         = target_tg,

.targetsize     = sizeof(struct id),

//.table          = "mangle",

.hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN),

.checkentry     = target_check,

.me             = THIS_MODULE,

};

 

static int __init target_target_init(void)

{

return xt_register_target(&target_reg);

}

 

static void __exit target_target_exit(void)

{

xt_unregister_target(&target_reg);

}

 

module_init(target_target_init);

module_exit(target_target_exit);

 

 

userspace so:

 

#include <stdio.h>

#include <netdb.h>

#include <string.h>

#include <stdlib.h>

#include <xtables.h>

#include <linux/netfilter_ipv4/ip_tables.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

 

enum {

FROM_TARGET = 0,

};

 

#define MAX 64

struct id {

unsigned char id;

};

 

struct ipt_targetinfo

{

struct xt_entry_target t;

struct id mr;

};

 

static void TARGET_help(void)

{

printf(

"TARGET target options:\n"

" --set-id id <id 1-255>\\n");

}

 

static const struct xt_option_entry TARGET_opts[] = {

{

.name = "set-id",

.id = FROM_TARGET,

.type = XTTYPE_UINT8,

.flags = XTOPT_MAND,

.min = 1

},

XTOPT_TABLEEND,

};

 

static void TARGET_parse(struct xt_option_call *cb)

{

struct ipt_targetinfo *info = (void *)(*cb->target);

 

xtables_option_parse(cb);

switch (cb->entry->id) {

case FROM_TARGET: {

info->mr.id = cb->val.u8;

break;

}

}

}

 

static void TARGET_save(const void *ip, const struct xt_entry_target *target)

{

const struct ipt_targetinfo *info = (const void *)target;

unsigned int i = 0;

 

printf(" --set-id %u\n", info->mr.id);

}

 

static struct xtables_target target_tg_reg = {

.name           = "TARGET",

.version        = XTABLES_VERSION,

.family         = NFPROTO_IPV4,

.size           = XT_ALIGN(sizeof(struct id)),

.userspacesize  = XT_ALIGN(sizeof(struct id)),

.help           = TARGET_help,

.x6_parse       = TARGET_parse,

.save           = TARGET_save,

.x6_options     = TARGET_opts,

};

 

void _init(void)

{

xtables_register_target(&target_tg_reg);

}

 

Makefile:

CC=gcc

 

PWD = $(shell pwd)

IPTABLES_SRC = $(PWD)/iptables-1.4.21

INCLUDE = -I$(IPTABLES_SRC)/include

KERNEL_SRC = /lib/modules/`uname -r`/build

obj-m = ipt_TARGET.o

 

all: ipt_TARGET.ko ibipt_TARGET.so

ipt_TARGET.ko:  ipt_TARGET.c

$(MAKE) -C $(KERNEL_SRC) SUBDIRS=$(PWD) modules

libipt_TARGET.so: libipt_TARGET.c

$(CC)  $(INCLUDE) -fPIC -c libipt_TARGET.c

ld -shared -o libipt_TARGET.so libipt_TARGET.o

 

usage:

iptables -t mangle -A PREROUTING -s x.x.x.x/24 -j TARGET --set-id 100

 

版权声明:本文内容系天翼云实名用户自发贡献,版权归原作者所有,天翼云开发者社区不拥有其著作权,亦不承担相应法律责任,未经许可,不得转载。

如有疑问或争议,请联系ctyunbbs@chinatelecom.cn删除。

0条评论
作者已关闭评论
l****n
2文章数
0粉丝数
l****n
2 文章 | 0 粉丝
Ta的热门文章查看更多
iptables自定义target模块iptables自定义match模块
l****n
2文章数
0粉丝数
l****n
2 文章 | 0 粉丝
原创

iptables自定义target模块

网络
2023-05-23 06:30:29
91
0

kernel modules:

#include <linux/types.h>

#include <linux/module.h>

#include <linux/skbuff.h>

#include <linux/netfilter.h>

#include <linux/netfilter/x_tables.h>

 

#define DRV_VERSION     "1.0"

MODULE_LICENSE("GPL");

MODULE_VERSION(DRV_VERSION);

MODULE_DESCRIPTION("Xtables: TARGET print");

 

struct id {

unsigned char id;

};

 

static int target_check(const struct xt_tgchk_param *par)

{

const struct id *mr = par->targinfo;

if (mr->id == 0) {

pr_info("%s: id must not be 0\n",

par->target->name);

return -EINVAL;

}

 

return 0;

}

 

static unsigned int

target_tg(struct sk_buff *skb, const struct xt_action_param *par)

{

const struct id *mr = par->targinfo;

 

printk("just test target id: %u, hooknum %u\n", mr->id, par->hooknum);

 

return XT_CONTINUE;

 

}

 

static struct xt_target target_reg __read_mostly = {

.name           = "TARGET",

.family         = NFPROTO_IPV4,

.target         = target_tg,

.targetsize     = sizeof(struct id),

//.table          = "mangle",

.hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN),

.checkentry     = target_check,

.me             = THIS_MODULE,

};

 

static int __init target_target_init(void)

{

return xt_register_target(&target_reg);

}

 

static void __exit target_target_exit(void)

{

xt_unregister_target(&target_reg);

}

 

module_init(target_target_init);

module_exit(target_target_exit);

 

 

userspace so:

 

#include <stdio.h>

#include <netdb.h>

#include <string.h>

#include <stdlib.h>

#include <xtables.h>

#include <linux/netfilter_ipv4/ip_tables.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

 

enum {

FROM_TARGET = 0,

};

 

#define MAX 64

struct id {

unsigned char id;

};

 

struct ipt_targetinfo

{

struct xt_entry_target t;

struct id mr;

};

 

static void TARGET_help(void)

{

printf(

"TARGET target options:\n"

" --set-id id <id 1-255>\\n");

}

 

static const struct xt_option_entry TARGET_opts[] = {

{

.name = "set-id",

.id = FROM_TARGET,

.type = XTTYPE_UINT8,

.flags = XTOPT_MAND,

.min = 1

},

XTOPT_TABLEEND,

};

 

static void TARGET_parse(struct xt_option_call *cb)

{

struct ipt_targetinfo *info = (void *)(*cb->target);

 

xtables_option_parse(cb);

switch (cb->entry->id) {

case FROM_TARGET: {

info->mr.id = cb->val.u8;

break;

}

}

}

 

static void TARGET_save(const void *ip, const struct xt_entry_target *target)

{

const struct ipt_targetinfo *info = (const void *)target;

unsigned int i = 0;

 

printf(" --set-id %u\n", info->mr.id);

}

 

static struct xtables_target target_tg_reg = {

.name           = "TARGET",

.version        = XTABLES_VERSION,

.family         = NFPROTO_IPV4,

.size           = XT_ALIGN(sizeof(struct id)),

.userspacesize  = XT_ALIGN(sizeof(struct id)),

.help           = TARGET_help,

.x6_parse       = TARGET_parse,

.save           = TARGET_save,

.x6_options     = TARGET_opts,

};

 

void _init(void)

{

xtables_register_target(&target_tg_reg);

}

 

Makefile:

CC=gcc

 

PWD = $(shell pwd)

IPTABLES_SRC = $(PWD)/iptables-1.4.21

INCLUDE = -I$(IPTABLES_SRC)/include

KERNEL_SRC = /lib/modules/`uname -r`/build

obj-m = ipt_TARGET.o

 

all: ipt_TARGET.ko ibipt_TARGET.so

ipt_TARGET.ko:  ipt_TARGET.c

$(MAKE) -C $(KERNEL_SRC) SUBDIRS=$(PWD) modules

libipt_TARGET.so: libipt_TARGET.c

$(CC)  $(INCLUDE) -fPIC -c libipt_TARGET.c

ld -shared -o libipt_TARGET.so libipt_TARGET.o

 

usage:

iptables -t mangle -A PREROUTING -s x.x.x.x/24 -j TARGET --set-id 100

 

版权声明:本文内容系天翼云实名用户自发贡献,版权归原作者所有,天翼云开发者社区不拥有其著作权,亦不承担相应法律责任,未经许可,不得转载。

如有疑问或争议,请联系ctyunbbs@chinatelecom.cn删除。

文章来自个人专栏
文章 | 订阅
0条评论
作者已关闭评论
作者已关闭评论
0
0
售前咨询热线
400-810-9889转1
关注天翼云
  • 旗舰店
  • 天翼云APP
  • 天翼云微信公众号
服务与支持
账户管理
快速入口
云网生态
了解天翼云
热门产品
热门推荐
更多推荐
友情链接
©2025 天翼云科技有限公司版权所有 增值电信业务经营许可证A2.B1.B2-20090001
公司地址:北京市东城区青龙胡同甲1号、3号2幢2层205-32室
备案京公网安备11010802043424号京ICP备 2021034386号