¡¾ÇóÖú¡¿¼±£¡linuxÐÂÊÖÏò´ó¼ÒÇó½Ì ÏÈлÁË£¡
<HR style="COLOR: #000000" SIZE=1><!-- / icon and title --><!-- message -->ÎÒ×î½üÔÚ×ö±ÏÒµÉè¼Æ£¬ÌâÄ¿ÊÇ»ùÓÚnetfilterµÄip°ü¹ýÂË£¬ÎÒÏÈдÁËÈçÏÂÒ»¸ö¼òµ¥µÄÄÚºËÄ£¿é£¬Íê³ÉµÄ¹¦ÄÜÊǶªÆúËùÓнÓÊܵ½µÄicmp°ü£¬µ«ÊÇÒ»±àÒë¾Í³öÏֺܶàÐдíÎó£¬ÎÒ¿´²»¶®´íÔÚÄÄÀËùÒÔ·¢Ìû×ÓÇóÖú£¬Çë°ïÎÒ¿´¿´ºÃÂ𣿳ÌÐò²»³¤£¬²»»áÕ¼ÓÃÄãÌ«¶àʱ¼äµÄ¡£Ð»Ð»ÁË£¡ÎÒÓà gcc -c ÎļþÃû ±àÒëµÄ¡£
#ifndef __KERNEL__
#define __KERNEL__
#endif
#ifndef MODULE
#define MODULE
#endif
#include "linux/module.h"
#include "linux/kernel.h"
#include "linux/init.h"
#include "linux/types.h"
#include "linux/netdevice.h"
#include "linux/skbuff.h"
#include "linux/netfilter_ipv4.h"
#include "linux/inet.h"
#include "linux/in.h"
#include "linux/ip.h"
#include "asm/semaphore.h"
#include "linux/netfilter.h"
static unsigned int dropicmp(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *iph = (*pskb)->nh.iph;
if(iph->protocol == IPPROTO_ICMP)
{
printk("Drop ICMP Packet!\n");
return NF_DROP;
}
else return NF_ACCEPT;
}
static struct nf_hook_ops myhook
= {{NULL ,NULL},dropicmp, PF_INET,NF_IP_PRE_ROUTING,NF_IP_PRI_FILTER-1};
static int init_module(void)
{
return nf_register_hook(&myhook);
}
static void cleanup_module(void)
{
nf_unregister_hook(&myhook);
}
<!-- / message --> [QUOTE]Íê³ÉµÄ¹¦ÄÜÊǶªÆúËùÓнÓÊܵ½µÄicmp°ü[/QUOTE]
ÉèÖÃÒ»ÏÂÄں˾ͿÉÒÔÁË,²»±Ø±à³ÌÐò. ÒªÊÇÄÚºËÈÃÄãÕâÑù¸Ä,ÄÇ»¹ÊÇÄÚºËô?
:p
ÄãµÄ±ÏÒµÉè¼ÆÊÇʲôѽ,Õâô¸ßÉîĪ²â? ÎҵıÏÒµÉè¼ÆÌâÄ¿ÊÇlinuxÏ»ùÓÚnetfilterµÄip°ü¹ýÂË£¬ÏÖÔÚÉÏÃæµÄÎÊÌâÒѾ½â¾öÁË£¬Ð»Ð»´ó¼ÒµÄ¹Ø×¢¡£
Ï£ÍûÒÔºó»¹Äܵõ½ÄãÃǵİïÖú£¡
Ò³:
[1]