108 lines
2.5 KiB
C
108 lines
2.5 KiB
C
|
|
|||
|
|
#ifndef LKH_HOOK_H
|
|||
|
|
#define LKH_HOOK_H
|
|||
|
|
|
|||
|
|
static DEFINE_MUTEX(lkh_hook_mutex);
|
|||
|
|
|
|||
|
|
#define MAX_HOOK_COUNT 1024
|
|||
|
|
|
|||
|
|
/* 多核信息同步处理 */
|
|||
|
|
#define lkh_entry_dereference(e) rcu_dereference_protected(e, lockdep_is_held(&lkh_hook_mutex))
|
|||
|
|
|
|||
|
|
/* 执行HOOK处理后的返回值 */
|
|||
|
|
#define LKH_DROP 0
|
|||
|
|
#define LKH_ACCEPT 1
|
|||
|
|
#define LKH_STOLEN 2
|
|||
|
|
#define LKH_QUEUE 3
|
|||
|
|
#define LKH_REPEAT 4
|
|||
|
|
#define LKH_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
|
|||
|
|
|
|||
|
|
/* 钩子函数调用位置 */
|
|||
|
|
enum lkh_inet_hooks
|
|||
|
|
{
|
|||
|
|
LKH_INET_PRE_FORWARD,
|
|||
|
|
LKH_INET_NUMHOOKS
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
|
|||
|
|
/* 支持的协议类型 */
|
|||
|
|
enum
|
|||
|
|
{
|
|||
|
|
LKH_PROTO_UNSPEC = 0,
|
|||
|
|
LKH_PROTO_IPV4 = 1,
|
|||
|
|
LKH_PROTO_IPV6 = 2,
|
|||
|
|
LKH_PROTO_NUMPROTO,
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
struct lkh_hook_entries_rcu_head
|
|||
|
|
{
|
|||
|
|
struct rcu_head head;
|
|||
|
|
void *allocation;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
struct lkh_hook_state
|
|||
|
|
{
|
|||
|
|
unsigned int hook_stage;
|
|||
|
|
u_int8_t pf;
|
|||
|
|
struct net_device *in;
|
|||
|
|
struct net_device *out;
|
|||
|
|
struct sock *sk;
|
|||
|
|
struct net *net;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
typedef unsigned int lkh_hookfn(void *priv, struct sk_buff *skb, const struct lkh_hook_state *state);
|
|||
|
|
|
|||
|
|
struct lkh_hook_ops
|
|||
|
|
{
|
|||
|
|
/* User fills in from here down. */
|
|||
|
|
lkh_hookfn *hook; /* 钩子函数 */
|
|||
|
|
void *priv;
|
|||
|
|
u_int8_t pf; /* 协议类型 IPv4、IPv6、brigde等 */
|
|||
|
|
unsigned int hook_stage; /* 阶段ID,比如PRE_FORWARD等*/
|
|||
|
|
int priority; /* 优先级 */
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
struct lkh_hook_entry
|
|||
|
|
{
|
|||
|
|
lkh_hookfn *hook;
|
|||
|
|
void *priv;
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
/* 一种协议类型的hook集合,包括多个处理阶段 */
|
|||
|
|
struct lkh_hook_entries
|
|||
|
|
{
|
|||
|
|
u_int8_t num_hook_entries;
|
|||
|
|
struct lkh_hook_entry hooks[];
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
struct lkh_hook
|
|||
|
|
{
|
|||
|
|
struct list_head list;
|
|||
|
|
void * net_ptr; /* 记录struct net 结构指针,用来查找对应的hook */
|
|||
|
|
struct lkh_hook_entries __rcu *hooks_ipv4[LKH_INET_NUMHOOKS];
|
|||
|
|
struct lkh_hook_entries __rcu *hooks_ipv6[LKH_INET_NUMHOOKS];
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
|
|||
|
|
/* 句柄 */
|
|||
|
|
struct lkh_hook_handle
|
|||
|
|
{
|
|||
|
|
struct list_head list;
|
|||
|
|
unsigned int net_num; /* 网络命名空间数量 */
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
extern struct lkh_hook_handle g_lkh_hook_handle;
|
|||
|
|
extern void lkh_hash_struct_show(void);
|
|||
|
|
extern int lkh_register_net_hooks(struct net *net, const struct lkh_hook_ops *reg, unsigned int hookcount);
|
|||
|
|
extern void lkh_unregister_net_hooks(struct net *net, const struct lkh_hook_ops *reg, unsigned int hookcount);
|
|||
|
|
extern int lkh_hook(u_int8_t pf,
|
|||
|
|
unsigned int hook_stage,
|
|||
|
|
struct net *net,
|
|||
|
|
struct sock *sk,
|
|||
|
|
struct sk_buff *skb,
|
|||
|
|
struct net_device *indev,
|
|||
|
|
struct net_device *outdev);
|
|||
|
|
|
|||
|
|
#endif
|
|||
|
|
|