⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 myfirewall.c

📁 linux环境下的firewall程序!用c语言实现!
💻 C
字号:
🔍 
#ifndef __KERNEL__

#  define __KERNEL__		//按内核模块编译

#endif

#ifndef MODULE

#  define MODULE		//按设备驱动程序模块编译

#endif

#include <linux/module.h>	//最基本的内核模块头文件

#include <linux/sched.h> 

#include <linux/kernel.h>	//最基本的内核模块头文件

#include <linux/netdevice.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#include <linux/skbuff.h>

#include <linux/proc_fs.h>

#include <linux/if.h>

#include <linux/in.h>

#include <linux/firewall.h>

#define SOL_ICMP 1

#define PERMIT_PORT 80		//只允许访问TCP的80端口



int zzl_input(struct firewall_ops *this,int pf,struct device *dev,

		void *phdr,void *arg,struct sk_buff **pskb)

{//每当收到一个网络报时,此函数将被内核调用

	struct tcphdr *tcph;		//TCP的头指针 

	struct iphdr *iph;		//IP头指针

	struct sk_buff *skb=*pskb;

	if (skb->protocol==htons(ETH_P_ARP)){

		printk("\nPermit a ARP Packet"); 

		return FW_ACCEPT;//允许地址解析协议报

	}

	if(skb->protocol==htons(ETH_P_RARP)){

		printk("\nPermit a RARP Packet");

		return FW_ACCEPT;//允许反向地址解析协议报

	}

	if(skb->protocol==htons(ETH_P_IP))

	{

		iph=skb->nh.iph;

		if (iph->protocol==SOL_ICMP)

		{

			printk("\nPermit a ICMP Packet");

			return FW_ACCEPT;//允许网络控制报

		}

		if(iph->protocol==SOL_TCP){

			tcph=skb->h.th;

			if(tcph->dest==PERMIT_PORT){

			printk("\nPermit a valid access");

			return FW_ACCEPT;//允许对TCP端口80的访问

			}

		}

	}

	return FW_REJECT;//禁止对本计算机的所有其它访问

}

int zzl_output(struct firewall_ops *this,int pf,struct device *dev,

		void *phdr,void *arg,struct sk_buff **pskb)

{//程序编写方法同zzl_input函数模块

		printk("\nzzl_output is called ");

		return FW_SKIP;

}

int zzl_foreward(struct firewall_ops *this,int pf,struct device *dev,

			void *phdr,void *arg,struct sk_buff **pskb)

{//程序编写方法同zzl_input函数模块

	printk("\nzzl_foreward is called ");

	return FW_SKIP;

}

struct firewall_ops zzl_ops=

{

	NULL,

	zzl_foreward,

	zzl_input,

	zzl_output,

	PF_INET,

	01

};

int init_module(void)

{

	if(register_firewall(PF_INET,&zzl_ops)!=0)

	{

		printk("\nunable register firewall");

		return -1;

	}

	printk("\nzzl_ops=%p",&zzl_ops);

	return 0;

}

void cleanup_module(void)

{

	printk("unload\n");

	unregister_firewall(PF_INET,&zzl_ops);

}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -