编辑:
我编写了以下模块来过滤网站。我能够嗅探用户请求的DNS数据包(问题字段Domain Name
)并与block[]="www.facebook.com"
进行比较。如果匹配,则删除数据包。现在我插入一个读取代码(参见下面的//Read File here
下面的代码)来读取文件中写入的网站列表(而不是硬编码块[] =)并将其与DNS问题进行比较。现在我能够成功编译模块,但无法正确加载它。这是因为make
警告给出了下方和模块代码。(我请你仔细阅读代码,谢谢你的时间。)< / p>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/module.h>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/netfilter.h>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/netfilter_ipv4.h>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/ip.h>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/tcp.h>
#include </usr/src/kernels/2.6.32-573.8.1.el6.x86_64/include/linux/udp.h>
#include <linux/kernel.h>
#include <//linux/init.h>
#include <linux/syscalls.h>
#include <linux/fcntl.h>
#include <asm/uaccess.h>
//#define PUDP_WATCH_PORT 53 /* DNS (UDP) port */
//char block[]="www.facebook.com";
static struct nf_hook_ops nfho;
char domain[100]={'\0'};
int Domain_Index=0;
int fd,n;
char offset=32;
unsigned short int low,mid,high;
char filename[]="/temp/websitelist.txt";
char total_wbste;
char buf[30];
unsigned char temp;
mm_segment_t old_fs;
static unsigned int ptcp_hook_func(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *iph; /* IPv4 header */
struct udphdr *udph; /* UDP header */
unsigned char *user_data; /* TCP data begin pointer */
unsigned char *tail; /* TCP data end pointer */
unsigned char *it; /* TCP data iterator */
if (!skb) // checking for valid IP packet
return NF_ACCEPT;
iph = ip_hdr(skb); // getting IP header
/* if(udph->source!=PUDP_WATCH_PORT ) // Udp and DNS port 53 destinaton/source
return NF_ACCEPT;*/
if (iph->protocol != 17) // for protocol recived IP packet.
return NF_ACCEPT;
udph = udp_hdr(skb); // getting UDP header
user_data = (unsigned char *)((unsigned char *)udph + (21)); // seting pointer to user_data=udp header+[(UDP=8byte)+12bytes DNS_fields)+1]=21
tail = skb_tail_pointer(skb); // setting pointer to end of the payload(data) in the DNS packet
// Print UDP packet data (payload)
Domain_Index=0;
for (it = user_data; it != tail; ++it) {
char c = *(char *)it;
if (c == '\0'){
domain[Domain_Index]=c;
break;
}
if((c>64 && c<91) ||(c>96 && c<123))
domain[Domain_Index]=c; // storing the query received by the packet
else
domain[Domain_Index]='.';
Domain_Index++;
}
printk(KERN_INFO "\n%s",domain); // Domain Name queried
printk(KERN_INFO "The value of Domain index--->\n%d",Domain_Index);
/*
if(strncmp(block,domain,Domain_Index-1)== 0){//compraing with string to be block[](hardCoded as of now)
printk(KERN_INFO "Packet Droped\n");
return NF_DROP;
}*/
//--------------------------------------------------------------------
//Read File here
old_fs = get_fs();
set_fs(KERNEL_DS);
fd = sys_open(filename, O_RDONLY, 0);
if (fd >= 0) { //if fd
printk(KERN_DEBUG);
sys_read(fd, buf, 2);
low = 1;
high = 5;
mid = (low+high)/2;
while (low <= high) { //while loop1
sys_lseek(fd, (mid*offset), SEEK_SET);
sys_read(fd, buf, 30);
temp=strncmp(buf,domain,offset-2); // comaparing read string with Domain Name
if (temp==0){ // 1
printk(KERN_INFO "Packet Droped\n");
sys_close(fd);
set_fs(old_fs);
return NF_DROP;
}// 1
else if (temp>0)
high=mid-1;
else
low=mid+1;
mid = (low+high)/2;
} //while loop1
sys_close(fd);
}//if fd
set_fs(old_fs);
}
//--------------------------------------------------------------------
return NF_ACCEPT; // not any condition met then packet is accepted and let it to pass through network device for futher process
}
static int __init ptcp_init(void)
{
int res;
nfho.hook = (nf_hookfn *)ptcp_hook_func; /* hook function */
// nfho.hooknum = NF_INET_PRE_ROUTING; /* received packets */
nfho.hooknum = NF_INET_POST_ROUTING; /*transmitted packets */
nfho.pf = PF_INET; /* IPv4 */
nfho.priority = NF_IP_PRI_FIRST; /* max hook priority */
res = nf_register_hook(&nfho);
if (res < 0) {
printk(KERN_INFO "print_udp: error in nf_register_hook()\n");
return res;
}
printk(KERN_INFO "module loaded\n");
return 0;
}
static void __exit ptcp_exit(void)
{
nf_unregister_hook(&nfho);
printk(KERN_INFO "module unloaded\n");
}
module_init(ptcp_init);
module_exit(ptcp_exit);
MODULE_AUTHOR("Sam Protsenko");
MODULE_DESCRIPTION("Module for printing TCP packet data");
MODULE_LICENSE("GPL");
但我在insmod
收到错误,错误是
[root@localhost dns_sniffer]# make
make -C /lib/modules/2.6.32-573.8.1.el6.x86_64/build M=/home/praveen/dns_sniffer modules
make[1]: Entering directory `/usr/src/kernels/2.6.32-573.8.1.el6.x86_64'
CC [M] /home/praveen/dns_sniffer/dns_sniff.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: "sys_open" [/home/praveen/dns_sniffer/dns_sniff.ko] undefined!
WARNING: "sys_read" [/home/praveen/dns_sniffer/dns_sniff.ko] undefined!
WARNING: "sys_lseek" [/home/praveen/dns_sniffer/dns_sniff.ko] undefined!
CC /home/praveen/dns_sniffer/dns_sniff.mod.o
LD [M] /home/praveen/dns_sniffer/dns_sniff.ko.unsigned
NO SIGN [M] /home/praveen/dns_sniffer/dns_sniff.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.32-573.8.1.el6.x86_64'
[root@localhost dns_sniffer]#
[root@localhost dns_sniffer]# insmod dns_sniff.ko
insmod: error inserting 'dns_sniff.ko': -1 Unknown symbol in module
另外,我想知道在linux-module中读取文件的安全方法。我经历了一些previous example。 this方式经常安全阅读吗?谢谢你的回复