netfilter内核态与用户态 通信 之 sockopt
用户态与内核态交互通信的方法不止一种,sockopt是比较方便的一个,写法也简单.
缺点就是使用 copy_from_user()/copy_to_user()完成内核和用户的通信, 效率其实不高, 多用在传递控制 选项 信息,不适合做大量的数据传输
用户态函数:
发送:int setsockopt ( int sockfd, int proto, int cmd, void *data, int datelen);
接收:int getsockopt(int sockfd, int proto, int cmd, void *data, int datalen)
第一个参数是socket描述符;
第二个参数proto是sock协议,IP RAW的就用SOL_SOCKET/SOL_IP等,TCP/UDP socket的可用SOL_SOCKET/SOL_IP/SOL_TCP/SOL_UDP等,即高层的socket是都可以使用低层socket的命令字 的,IPPROTO_IP;
第三个参数cmd是操作命令字,由自己定义;
第四个参数是数据缓冲区起始位置指针,set操作时是将缓冲区数据写入内核,get的时候是将内核中的数 据读入该缓冲区;
第五个参数数据长度
内核态函数
注册:nf_register_sockopt(struct nf_sockopt_ops *sockops)
解除:nf_unregister_sockopt(struct nf_sockopt_ops *sockops)
结构体 nf_sockopt_ops test_sockops
struct nf_sockopt_ops {
struct list_head list;
u\_int8\_t pf; // 协议族
/\* Non-inclusive ranges: use 0/0/NULL to never get called. \*/
int set\_optmin;// 定义最小set命令字
int set\_optmax;// 定义最大set命令字
int (\*set)(struct sock \*sk, int optval, void \_\_user \*user, unsigned int len);// 定义set处理函数 #ifdef CONFIG_COMPAT
int (*compat_set)(struct sock *sk, int optval,
void __user *user, unsigned int len);
#endif
int get_optmin;// 定义最小get命令字
int get_optmax;// 定义最大get命令字
int (*get)(struct sock *sk, int optval, void __user *user, int *len);// 定义get处理函数
#ifdef CONFIG_COMPAT
int (*compat_get)(struct sock *sk, int optval,
void __user *user, int *len);
#endif
/* Use the module struct to lock set/get code in place */
struct module *owner;
};
其中命令字不能和内核已有的重复,宜大不宜小。命令字很重要,是用来做标识符的。而且用户态和内核态要定义的相同,
系统调用如下:sockt==》sock_common_setsockopt==》sk->sk_prot->setsockopt==》ip_setsockopt(tcp为例)
==>do_ip_setsockopt
==> nf_setsockopt==>nf_sockopt
int ip_setsockopt(struct sock *sk, int level,
int optname, char __user *optval, unsigned int optlen)
{
int err;
if (level != SOL\_IP)
return -ENOPROTOOPT;
err = do\_ip\_setsockopt(sk, level, optname, optval, optlen); #ifdef CONFIG_NETFILTER
/* we need to exclude all possible ENOPROTOOPTs except default case */
if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
optname != IP_IPSEC_POLICY &&
optname != IP_XFRM_POLICY &&
!ip_mroute_opt(optname)) {
lock_sock(sk);
err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
release_sock(sk);
}
#endif
return
err;
}
/* Call get/setsockopt() */
static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
char __user *opt, int *len, int get)
{
struct nf_sockopt_ops *ops;
int ret;
ops = nf\_sockopt\_find(sk, pf, val, get);
if (IS\_ERR(ops))
return PTR\_ERR(ops);
if (get)
ret = ops->get(sk, val, opt, len);
else
ret = ops->set(sk, val, opt, \*len);
module\_put(ops->owner);
return ret; }
int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
unsigned int len)
{
return nf_sockopt(sk, pf, val, opt, &len, 0);
}
#include
#include
#include
#include
#include
#include
#include
#define SOCKET_OPS_BASE 128
#define SOCKET_OPS_SET (SOCKET_OPS_BASE)
#define SOCKET_OPS_GET (SOCKET_OPS_BASE)
#define SOCKET_OPS_MAX (SOCKET_OPS_BASE + 1)
#define KMSG "--------kernel---------"
#define KMSG_LEN sizeof("--------kernel---------")
MODULE_LICENSE("GPL");
MODULE_AUTHOR("SiasJack");/*作者*/
MODULE_DESCRIPTION("sockopt module,simple module");//描述
MODULE_VERSION("1.0");//版本号
static int recv_msg(struct sock *sk, int cmd, void __user *user, unsigned int len)
{
int ret = 0;
printk(KERN_INFO "sockopt: recv_msg()\n");
if (cmd == SOCKET\_OPS\_SET)
{
char umsg\[64\];
int len = sizeof(char)\*64;
memset(umsg, 0, len);
ret = copy\_from\_user(umsg, user, len);
printk("recv\_msg: umsg = %s. ret = %d\\n", umsg, ret);
}
return 0; }
static int send_msg(struct sock *sk, int cmd, void __user *user, int *len)
{
int ret = 0;
printk(KERN_INFO "sockopt: send_msg()\n");
if (cmd == SOCKET_OPS_GET)
{
ret = copy_to_user(user, KMSG, KMSG_LEN);
printk("send_msg: umsg = %s. ret = %d. success\n", KMSG, ret);
}
return 0;
}
static struct nf_sockopt_ops test_sockops =
{
.pf = PF_INET,
.set_optmin = SOCKET_OPS_SET,
.set_optmax = SOCKET_OPS_MAX,
.set = recv_msg,
.get_optmin = SOCKET_OPS_GET,
.get_optmax = SOCKET_OPS_MAX,
.get = send_msg,
.owner = THIS_MODULE,
};
static int __init init_sockopt(void)
{
printk(KERN_INFO "sockopt: init_sockopt()\n");
return nf_register_sockopt(&test_sockops);
}
static void __exit exit_sockopt(void)
{
printk(KERN_INFO "sockopt: fini_sockopt()\n");
nf_unregister_sockopt(&test_sockops);
}
module_init(init_sockopt);
#include
#include
#include
#include
#include
#include
#define SOCKET_OPS_BASE 128
#define SOCKET_OPS_SET (SOCKET_OPS_BASE)
#define SOCKET_OPS_GET (SOCKET_OPS_BASE)
#define SOCKET_OPS_MAX (SOCKET_OPS_BASE + 1)
#define UMSG "----------user------------"
#define UMSG_LEN sizeof("----------user------------")
char kmsg[64];
int main(void)
{
int sockfd;
int len;
int ret;
sockfd = socket(AF\_INET, SOCK\_RAW, IPPROTO\_RAW);
if(sockfd < 0)
{
printf("can not create a socket\\n");
return -1;
}
/\*call function recv\_msg()\*/
ret = setsockopt(sockfd, IPPROTO\_IP, SOCKET\_OPS\_SET, UMSG, UMSG\_LEN);
printf("setsockopt: ret = %d. msg = %s\\n", ret, UMSG);
len = sizeof(char)\*64;
/\*call function send\_msg()\*/
ret = getsockopt(sockfd, IPPROTO\_IP, SOCKET\_OPS\_GET, kmsg, &len);
printf("getsockopt: ret = %d. msg = %s\\n", ret, kmsg);
if (ret != 0)
{
printf("getsockopt error: errno = %d, errstr = %s\\n", errno, strerror(errno));
}
close(sockfd);
return 0; }
手机扫一扫
移动阅读更方便
你可能感兴趣的文章