Re: checkentry function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 5, 2010 at 1:32 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote:
> On Tuesday 2010-10-05 13:16, Nicola Padovano wrote:
>>>
>>> Could you read source code of _current_ existing modules , and use
>>> copy/paste ?
>>>
>>> static int hashlimit_mt_check(const struct xt_mtchk_param *par)
>>> {
>>> ...
>>> }
>>
>>as i've written in a previously mail this is the checkentry function
>>that i use in my source code to check if the iptables command line is
>>a right line.
>>
>>[CHECK_ENTRY_CODE]
>>static bool xt_tarpit_check(const char *tablename, const void *entry,
>>                           const struct xt_target *target, void *targinfo,
>>                           unsigned int hook_mask)
>>
>>i don't know what "static int hashlimit_mt_check(const struct
>>xt_mtchk_param *par)" is...
>
> It's the proper function header.
>

this is the whole code:

[WHOLE_CODE]
static void function_target(const struct sk_buff *oskb,
		       struct rtable *ort)
{
...
}


/*
 * target function, called everyone the rule is satisfied
 * standard behaviour: NF_DROP
 */
static unsigned int xt_tar_target(struct sk_buff *skb,
                                  const struct net_device *in,
                                  const struct net_device *out,
                                  unsigned int hooknum,
                                  const struct xt_target *target,
                                  const void *targinfo)
{
  struct rtable *rt         = (void *)skb->_skb_refdst;
  function_target(skb,rt);
  return NF_DROP;
}

/*
 * xt_tarpit_check, it allows only:
 * 1. raw table & PRE_ROUTING hook or
 * 2. filter table & (LOCAL_IN or FORWARD) hook
 */
static bool xt_function_check(const char *tablename, const void *entry,
                            const struct xt_target *target, void *targinfo,
                            unsigned int hook_mask)
{

  if (strcmp(tablename, "filter"))
  {
    printk(KERN_INFO "!=filter %s\n",tablename);
    return false;
  }

  return true;
}


static struct xt_target xt_tar_reg = {
  .name       = "FUN",               /* target name */
  .family     = AF_INET,             /* level 3 protocol */
  .proto      = IPPROTO_TCP,         /* we recognize only tcp protocol */
  .target     = xt_tar_target,       /* pointer to target function */
  .checkentry = xt_function_check,     /* pointer to check-entry function */
  .me         = THIS_MODULE,
};

/*
 * initing module function
 */
static int __init xt_tar_init(void)
{
  return xt_register_target(&xt_tar_reg);
}

/*
 * delete module
 */
static void __exit xt_tar_exit(void)
{
  xt_unregister_target(&xt_tar_reg);
  printk(KERN_INFO "TARPIT> !!!exit!!! \n");
}

module_init(xt_tar_init);
module_exit(xt_tar_exit);

/* information about the module and its author */
MODULE_DESCRIPTION("TARPIT target, info: http://npadovano.altervista.org";);
MODULE_AUTHOR("Nicola Padovano <nicola.padovano@xxxxxxxxx>");
MODULE_LICENSE("GPL");
MODULE_ALIAS("xt_TAR");

[/WHOLE_CODE]

-- 
Nicola Padovano
e-mail: nicola.padovano@xxxxxxxxx
web: http://npadovano.altervista.org

"My only ambition is not be anything at all; it seems the most
sensible thing" (C. Bukowski)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux