¡¾ÇóÖú¡¿Óоä±È½Ï¹ÂƧµÄÓï¾ä¿´²»¶®£¿
static int check_tcp_packet(struct sk_buff *skb){
struct tcphdr *thead;
if (!skb ) return NF_ACCEPT;
if (!(skb->nh.iph)) return NF_ACCEPT;
if (skb->nh.iph->protocol != IPPROTO_TCP) {
return NF_ACCEPT;
}
/****************************************************************/
thead = (struct tcphdr *)(skb->data +
(skb->nh.iph->ihl * 4)); ¾ÍÊÇÕâ¶Î´úÂ룬ÇëÎʾßÌåÒâÒåÊÇʲô£¿
/**********************************************************/
if ((thead->dest) == *(unsigned short *)deny_port) {
return NF_DROP;
}
return NF_ACCEPT;
}
Âé·³´ïÈËÃÇ¿ìµã°ïСµÜ½â´ð°É£¬¼±Óã¡£¡£¡£¡£¡ ×Ô¼º¶¥£¡ÆÚ´ý°ßÖñ³öÏÖ ÔÚIPÊý¾Ý±¨Í·Öж¨Î»tcpµÄ±¨Í· ÎÒÖªµÀÊÇÓÃÀ´¶¨Î»TCPµÄ£¬µ«ÊǶ¨Î»µÄ·½Ê½²»ÊǺܶ®¡£ihlÊDZíʾipÍ·²¿µÄ³¤¶ÈÂð£¿(skb->data +
(skb->nh.iph->ihl * 4))ÊǼÆËã³öÖ¸ÕëµÄÆ«ÒÆÖµÂð£¿
ÂíÉϾÍÒª´ð±çÁË£¬ken£¬ÆÚ´ýÄãµÄ¹âËÙ½â´ð°¡ ûÈËÀ´Â𣿰ßÖñÄØ£¿
Ò³:
[1]