From b93b6ff3cd17ba81b844a6c813ca47fd59bb8b98 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Feb 2017 18:30:11 +0800 Subject: [PATCH 1/9] delete unuse file --- .../net/ipv4/netfilter/nf_sw_auth.h | 290 ------------------ 1 file changed, 290 deletions(-) delete mode 100755 linux-net-kernel/net/ipv4/netfilter/nf_sw_auth.h diff --git a/linux-net-kernel/net/ipv4/netfilter/nf_sw_auth.h b/linux-net-kernel/net/ipv4/netfilter/nf_sw_auth.h deleted file mode 100755 index e86f2f3..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/nf_sw_auth.h +++ /dev/null @@ -1,290 +0,0 @@ -#ifndef __NF_SW_AUTH_H__ -#define __NF_SW_AUTH_H__ - -#include - - -#define NF_LOCAL_TIME_UTC_SECOND (8*60*60)//8小时 UTC时间,同北京时间差8小时 - -#define NF_SWITCH_HASH_TABLE_SIZE 1024 - -#define NF_SWITCH_TIME_VALIDE 1//满足时间对象要求 -#define NF_SWITCH_TIME_INVALIDE 0//表示时间范围是否有效 - -#define NF_SWITCH_IN_TO_OUT 1 -#define NF_SWITCH_OUT_TO_IN 2 -#define NF_SWITCH_BIDIRECTION 3 - -#define NF_SWITCH_LIMIT_MD_LEN 32 - -/*应用协议编码表数据结构*/ -#define NF_APP_ITEM_REL_TYPE_UNDEFINED 0xff -#define NF_APP_ITEM_REL_TYPE_ANY 0 -#define NF_APP_ITEM_REL_TYPE_EQUAL 1 -#define NF_APP_ITEM_REL_TYPE_LEEQUAL 5 -#define NF_APP_ITEM_REL_TYPE_GEEQUAL 6 -#define NF_APP_ITEM_REL_TYPE_IN 7 -#define NF_APP_ITEM_REL_TYPE_ENUM 9 - -/*列表scope_list所包含的节点的端口范围数据结构如下:*/ -/*如果协议号是TCP:*/ -struct nf_ac_tcp_port_scope{ - unsigned char src_op; /*源端口关系 = <= >= IN 枚举,ANY IN表示区间*/ - unsigned char src_num; /*源端口数量*/ - unsigned char dst_op; /*目的端口关系*/ - unsigned char dst_num; /*目的端口数量*/ - unsigned short port[0]; /*端口数组,数组个数决定于源端口和目的端口的数量之和, - *排列顺序是源端口之后是目的端口 - */ -}; - -/*如果协议号是UDP:*/ -struct nf_ac_udp_port_scope{ - unsigned char src_op; /*源端口关系 = <= >= IN 枚举,ANY*/ - unsigned char src_num; /*源端口数量*/ - unsigned char dst_op; /*目的端口关系*/ - unsigned char dst_num; /*目的端口数量*/ - unsigned short port[0]; /*端口数组,数组个数决定于源端口和目的端口的数量之和, - *排列顺序是源端口之后是目的端口 - */ -}; - -/*如果协议号是ICMP:*/ -struct nf_ac_icmp_scope{ - unsigned char type_op; /*ICMP类型关系 = <= >= IN 枚举,ANY*/ - unsigned char type_num; /*源端口数量*/ - unsigned char code_op; /*代码值的关系*/ - unsigned char code_num; /*代码值的数量*/ - unsigned char array[0]; /*类型和代码数组,数组个数决定于类型和代码的数量 - *排列顺序是类型数组之后是代码数组 - */ -}; - -typedef struct _nf_app_coding_content_scope{ - struct list_head lh; - unsigned char proto;//yang 应用协议的子项子协议类型 - union { - struct nf_ac_tcp_port_scope tcp; - struct nf_ac_udp_port_scope udp; - struct nf_ac_icmp_scope icmp; - }content; -}nf_app_coding_content_scope; - - -#define NF_APP_STATUS_ON 1 -#define NF_APP_STATUS_OFF 0 -typedef struct _nf_app_coding{//这里面存的是一条应用协议 - struct hlist_node hlist;//通过该链表连接到gate_app_coding_kernel_hash_array中 - char sequence[NF_SWITCH_LIMIT_MD_LEN+1];//应用协议索引 index - unsigned int h_seq;//yang 索引值sequence转换为seq 见函数_nf_gate_md5_to_hseq - unsigned char status;/*禁用还是启用 页面上可以启用和禁用该条应用协议 */ - - /* - 罗凯(罗凯) 15:42:37 - /// - TCP = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - UDP = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - ICMP = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - PING = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - HTT - 罗凯(罗凯) 15:42:37 - P = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - SMTP = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - FTP = ApprotocolControlLevelEnum.LevelOne, - /// - /// - /// - POP3 = ApprotocolControlLevelEnum.LevelOne - 罗凯(罗凯) 15:42:37 - /// - /// - /// - LDG = ApprotocolControlLevelEnum.levelThree, - /// - /// - /// - SDG = ApprotocolControlLevelEnum.levelThree, - /// - /// - /// - RTITP = ApprotocolControlLevelEnum.levelThree, - /// - /// - /// - CSMXP = ApprotocolControlLevelEnum.levelThree, - /// - /// - 罗凯(罗凯) 15:42:50 - one,two,three分别对应1,2,3*/ - unsigned char intensity;//对应MCP中XML里面的"CtrlLevel" - unsigned char control_type;////长报文,短报文,实时报文等 参考_gate_show_app_control_type 实际上没什么用 - unsigned int pro_num;//子协议的个数 指的是自协议中TCP UDP和ICMP的个数 加了2个TCP 一个UDP,4个ICMP,则该值为7 - char* name;//协议名 - - // 协议 源端口/类型关系 源端口/值 目的端口/类型关系 目的端口/值 - //里面存的是 TCP = 5555 any - struct list_head app_coding_list;//存放子协议的链表,参考WEB页面 nf_app_coding_content_scope 里面包括应用协议的TCP UDP ICMP -}nf_app_coding; - - -/*===============================================================*/ - -#define NF_ADDR_ITEM_REL_TYPE_ANY 0 -#define NF_ADDR_ITEM_REL_TYPE_EQUAL 1 -#define NF_ADDR_ITEM_REL_TYPE_IN 2 -#define NF_ADDR_ITEM_REL_TYPE_ENUM 3 - -typedef struct _nf_sw_limit_address_item{ - struct list_head lh; - unsigned char type;//网段 区间 枚举 参考WEB - unsigned char count;//如果是区间,并且区间里面有例外,则arry[0]和arry[1]是区间的上下限地址,后面的arry[2],arry[3]等则是例外地址 - unsigned int array[0]; -}nf_sw_limit_addr_item; - -//例:如果地址对象里面填的是1.2.3.3/17,12.3.3.3/17 ,则实际上web是按照发送两次发下来的,也就是_nf_sw_limit_address_item为2 -//如果地址对象里面填的是枚举 1.1.1.1,2.2.2.2,3.3.3.3,则是一次发送过来的,item还是为1 -//如果地址对象里面是区间1.2.3.3-1.3.3.3例外地址:1.2.3.3,1.3.3.2,1.2.5.2 ,则item为1,arry数组存的是1.2.3.3 1.3.3.3 1.2.3.3 1.3.3.2 1.2.5.2 -//如果未任意,则count为0 -typedef struct _nf_sw_limit_addr{ - struct hlist_node hlist; - char sequence[NF_SWITCH_LIMIT_MD_LEN+1];//YANG 地址对象索引index - unsigned int h_seq;//通过_nf_gate_md5_to_hseq把上面的地址对象index转换为seq - char* name;//地址对象名 - struct list_head item_list;//_nf_sw_limit_address_item -}nf_sw_limit_addr; - - -#define NF_ITEM_REL_TYPE_ANY 0 -#define NF_ITEM_REL_TYPE_IN 1//表示从某个时间到某个时间,时间是连续的 1日零点到12日两点 -#define NF_ITEM_REL_TYPE_ENUM 2//从某一天到某一天中的几点到几点时间段是不连续的 1日到12日中的零点到两点之间 - -//类型为any的时候,day,start_tm,end_tm无效,当为区间的时候day无效 -typedef struct _nf_sw_limit_time_item{ - struct list_head lh; - unsigned char tm_type;//时间对象类型 任意 区间 枚举 类型为any的时候,day,start_tm,end_tm无效,当为区间的时候day无效 - unsigned char day;//星期 按照位与的关系,从低位到高危一次是 星期天 星期一 。。。。。 _nf_show_sw_limit_time_day - unsigned int start_tm;//起始时间 时间戳 如果为区间的话,如果该值转换后的实际为start_tm:2013-12-1(日期起始时间) 14:55:0(时钟起始时间) 则日期区间其实时间,时间段其实时间 end_tm:2013-12-20 21:57:1类似 - unsigned int end_tm; -}nf_sw_limit_time_item; - -typedef struct _nf_sw_limit_time{ - struct hlist_node hlist;//加到gate_sw_limit_time_kernel_hash_array hash表中 - char sequence[NF_SWITCH_LIMIT_MD_LEN+1];//索引index - unsigned int h_seq;//索引转换后的seq值 - unsigned int effective_area; /*作用域*/ - char* name;//时间对象名字 - struct list_head item_list;//_nf_sw_limit_time_item - struct timer_list timer; - unsigned int tm_flag; -}nf_sw_limit_time; - -/*===============================================================*/ -#define NF_SW_AUTH_SRC_TYPE_ANY 0 -#define NF_SW_AUTH_SRC_TYPE_OBJ 1 -#define NF_SW_AUTH_SRC_TYPE_PREFIX 2 - -#define NF_SW_AUTH_DST_TYPE_ANY 0 -#define NF_SW_AUTH_DST_TYPE_OBJ 1 -#define NF_SW_AUTH_DST_TYPE_PREFIX 2 - -#define NF_SW_AUTH_TIME_TYPE_ANY 0//时间对象 任意 -#define NF_SW_AUTH_TIME_TYPE_OBJ 1//时间对象类型为区间或者枚举,参考WEB网页 - -typedef struct _nf_switch_id_prefix{ - unsigned int id; - unsigned int id_prefix; -}nf_switch_id_prefix; - -typedef struct _nf_switch_app_coding{ - struct list_head lh; - char app_seq[NF_SWITCH_LIMIT_MD_LEN+1];//通过该值获取gate_app_coding_kernel_hash_array键值 -}nf_switch_app_coding; - -#define NF_SW_AUTH_AREA_ALL 0 -#define NF_SW_AUTH_AREA_REGION 1 -#define NF_SW_AUTH_AREA_AGENT 2 - - -//一条交换规则只能添加一个时间对象 一个地址对象 可以多个应用协议 -typedef struct _nf_switch_authority{ - struct hlist_node hlist; - char sequence[NF_SWITCH_LIMIT_MD_LEN+1];//该规则的索引值 - unsigned int h_seq; - unsigned char log_level; /*日志级别 yang 实际上没什么用 */ - char* des; - struct list_head app_coding_list; /*应用协议编码 应用协议直接加到该链表中 nf_switch_app_coding */ - unsigned char dst_type;//添加交换规则的时候,目的地址类型:任意 地址对象 地址/地址前缀 - union{ - unsigned int obj; - nf_switch_id_prefix prefix; - }dst; - char dst_seq[NF_SWITCH_LIMIT_MD_LEN+1];//通过该值作为所有,从而获取gate_sw_limit_addr_kernel_hash_array键值 - unsigned char time_type; - char tm_obj[NF_SWITCH_LIMIT_MD_LEN+1];//时间对象索引 index 时间对象的有效性通过定时器来完成 - unsigned int tm_flag;//时间对象是否有效,只有有效该规则才有用 时间对象为任意类型的时候置1 函数中设置__gate_sw_time_validate_authority -}nf_switch_authority; - - -/********************************************* - -*/ -typedef struct _nf_switch_user_rule_index{//为用户分配的规则 该节点添加到_nf_switch_user_idip的rule_list - struct list_head lh;// - char rule_seq[NF_SWITCH_LIMIT_MD_LEN+1]; -}nf_switch_user_rule_index; - -typedef struct _nf_switch_user_idip{ - struct hlist_node id_hlist; - struct hlist_node ip_hlist; - unsigned int id; - unsigned int ip; - struct list_head rule_list;//nf_switch_user_rule_index - struct list_head dynamic_rule_list; -}nf_switch_user_idip; - -typedef struct _nf_switch_auth_mem_count{ - int app_coding_scp;//应用协议下面的子协议总个数 - int app_coding;//应用协议个数,在web上面添加一条的时候,这里就会加一,删除一条的时候就会减1 - int app_coding_name; - int limit_time_item; - int limit_time; - int limit_time_name; - int limit_addr_item; - int limit_addr; - int limit_addr_name;//地址对象计数 - int pri_des;// - int pri;//交换规则个数,包括用户自定义规则和系统规则 - int pri_app;//应用协议被引用的次数,包括系统规则和用户自定义规则应用的 -} nf_switch_auth_mem_count; - -extern spinlock_t gate_privilege_lock; - -static inline void lock_privilege(void) -{ - spin_lock_bh(&gate_privilege_lock); -} - -static inline void unlock_privilege(void) -{ - spin_unlock_bh(&gate_privilege_lock); -} - -#endif From 56bbdbe282a3b2b84fadc311fde03fbf04580afd Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Feb 2017 18:33:12 +0800 Subject: [PATCH 2/9] delete unuse file --- linux-net-kernel/net/ipv4/modules.order | 75 ------------------- .../net/ipv4/netfilter/modules.order | 51 ------------- 2 files changed, 126 deletions(-) delete mode 100755 linux-net-kernel/net/ipv4/modules.order delete mode 100755 linux-net-kernel/net/ipv4/netfilter/modules.order diff --git a/linux-net-kernel/net/ipv4/modules.order b/linux-net-kernel/net/ipv4/modules.order deleted file mode 100755 index 8305bab..0000000 --- a/linux-net-kernel/net/ipv4/modules.order +++ /dev/null @@ -1,75 +0,0 @@ -kernel/net/ipv4/netfilter/nf_gate_data.ko -kernel/net/ipv4/netfilter/nf_sfc50_l.ko -kernel/net/ipv4/netfilter/nf_sfc50_l_data.ko -kernel/net/ipv4/netfilter/mtrie.ko -kernel/net/ipv4/netfilter/nf_audit_work.ko -kernel/net/ipv4/netfilter/nf_gate_work.ko -kernel/net/ipv4/netfilter/nf_gate_proc.ko -kernel/net/ipv4/netfilter/nf_gate_counter.ko -kernel/net/ipv4/netfilter/nf_gate_counter_test.ko -kernel/net/ipv4/netfilter/nf_n2n_checkptk.ko -kernel/net/ipv4/netfilter/nf_n2n_sender.ko -kernel/net/ipv4/netfilter/nf_gate_pri.ko -kernel/net/ipv4/netfilter/nf_gate_if.ko -kernel/net/ipv4/netfilter/nf_gate_pri_cache.ko -kernel/net/ipv4/netfilter/nf_gate_nat.ko -kernel/net/ipv4/netfilter/nf_gate_tmp_udp.ko -kernel/net/ipv4/netfilter/nf_gate_ids.ko -kernel/net/ipv4/netfilter/nf_gate_tcp_conntrack.ko -kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat.ko -kernel/net/ipv4/netfilter/nf_defrag_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat_amanda.ko -kernel/net/ipv4/netfilter/nf_nat_ftp.ko -kernel/net/ipv4/netfilter/nf_nat_h323.ko -kernel/net/ipv4/netfilter/nf_nat_irc.ko -kernel/net/ipv4/netfilter/nf_nat_pptp.ko -kernel/net/ipv4/netfilter/nf_nat_sip.ko -kernel/net/ipv4/netfilter/nf_nat_snmp_basic.ko -kernel/net/ipv4/netfilter/nf_nat_tftp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko -kernel/net/ipv4/netfilter/nf_nat_proto_udplite.ko -kernel/net/ipv4/netfilter/nf_nat_proto_sctp.ko -kernel/net/ipv4/netfilter/ip_tables.ko -kernel/net/ipv4/netfilter/iptable_filter.ko -kernel/net/ipv4/netfilter/iptable_mangle.ko -kernel/net/ipv4/netfilter/iptable_nat.ko -kernel/net/ipv4/netfilter/iptable_raw.ko -kernel/net/ipv4/netfilter/iptable_security.ko -kernel/net/ipv4/netfilter/ipt_addrtype.ko -kernel/net/ipv4/netfilter/ipt_ah.ko -kernel/net/ipv4/netfilter/ipt_ecn.ko -kernel/net/ipv4/netfilter/ipt_CLUSTERIP.ko -kernel/net/ipv4/netfilter/ipt_ECN.ko -kernel/net/ipv4/netfilter/ipt_LOG.ko -kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko -kernel/net/ipv4/netfilter/ipt_NETMAP.ko -kernel/net/ipv4/netfilter/ipt_REDIRECT.ko -kernel/net/ipv4/netfilter/ipt_REJECT.ko -kernel/net/ipv4/netfilter/ipt_ULOG.ko -kernel/net/ipv4/netfilter/ip_queue.ko -kernel/net/ipv4/ipip.ko -kernel/net/ipv4/ip_gre.ko -kernel/net/ipv4/ah4.ko -kernel/net/ipv4/esp4.ko -kernel/net/ipv4/ipcomp.ko -kernel/net/ipv4/xfrm4_tunnel.ko -kernel/net/ipv4/xfrm4_mode_beet.ko -kernel/net/ipv4/tunnel4.ko -kernel/net/ipv4/xfrm4_mode_transport.ko -kernel/net/ipv4/xfrm4_mode_tunnel.ko -kernel/net/ipv4/inet_diag.ko -kernel/net/ipv4/tcp_diag.ko -kernel/net/ipv4/tcp_bic.ko -kernel/net/ipv4/tcp_cubic.ko -kernel/net/ipv4/tcp_westwood.ko -kernel/net/ipv4/tcp_highspeed.ko -kernel/net/ipv4/tcp_hybla.ko -kernel/net/ipv4/tcp_htcp.ko -kernel/net/ipv4/tcp_vegas.ko -kernel/net/ipv4/tcp_veno.ko -kernel/net/ipv4/tcp_scalable.ko -kernel/net/ipv4/tcp_lp.ko -kernel/net/ipv4/tcp_yeah.ko -kernel/net/ipv4/tcp_illinois.ko diff --git a/linux-net-kernel/net/ipv4/netfilter/modules.order b/linux-net-kernel/net/ipv4/netfilter/modules.order deleted file mode 100755 index 1a0e6ee..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/modules.order +++ /dev/null @@ -1,51 +0,0 @@ -kernel/net/ipv4/netfilter/nf_gate_data.ko -kernel/net/ipv4/netfilter/nf_sfc50_l.ko -kernel/net/ipv4/netfilter/nf_sfc50_l_data.ko -kernel/net/ipv4/netfilter/mtrie.ko -kernel/net/ipv4/netfilter/nf_audit_work.ko -kernel/net/ipv4/netfilter/nf_gate_work.ko -kernel/net/ipv4/netfilter/nf_gate_proc.ko -kernel/net/ipv4/netfilter/nf_gate_counter.ko -kernel/net/ipv4/netfilter/nf_gate_counter_test.ko -kernel/net/ipv4/netfilter/nf_n2n_checkptk.ko -kernel/net/ipv4/netfilter/nf_n2n_sender.ko -kernel/net/ipv4/netfilter/nf_gate_pri.ko -kernel/net/ipv4/netfilter/nf_gate_if.ko -kernel/net/ipv4/netfilter/nf_gate_pri_cache.ko -kernel/net/ipv4/netfilter/nf_gate_nat.ko -kernel/net/ipv4/netfilter/nf_gate_tmp_udp.ko -kernel/net/ipv4/netfilter/nf_gate_ids.ko -kernel/net/ipv4/netfilter/nf_gate_tcp_conntrack.ko -kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat.ko -kernel/net/ipv4/netfilter/nf_defrag_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat_amanda.ko -kernel/net/ipv4/netfilter/nf_nat_ftp.ko -kernel/net/ipv4/netfilter/nf_nat_h323.ko -kernel/net/ipv4/netfilter/nf_nat_irc.ko -kernel/net/ipv4/netfilter/nf_nat_pptp.ko -kernel/net/ipv4/netfilter/nf_nat_sip.ko -kernel/net/ipv4/netfilter/nf_nat_snmp_basic.ko -kernel/net/ipv4/netfilter/nf_nat_tftp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko -kernel/net/ipv4/netfilter/nf_nat_proto_udplite.ko -kernel/net/ipv4/netfilter/nf_nat_proto_sctp.ko -kernel/net/ipv4/netfilter/ip_tables.ko -kernel/net/ipv4/netfilter/iptable_filter.ko -kernel/net/ipv4/netfilter/iptable_mangle.ko -kernel/net/ipv4/netfilter/iptable_nat.ko -kernel/net/ipv4/netfilter/iptable_raw.ko -kernel/net/ipv4/netfilter/iptable_security.ko -kernel/net/ipv4/netfilter/ipt_addrtype.ko -kernel/net/ipv4/netfilter/ipt_ah.ko -kernel/net/ipv4/netfilter/ipt_ecn.ko -kernel/net/ipv4/netfilter/ipt_CLUSTERIP.ko -kernel/net/ipv4/netfilter/ipt_ECN.ko -kernel/net/ipv4/netfilter/ipt_LOG.ko -kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko -kernel/net/ipv4/netfilter/ipt_NETMAP.ko -kernel/net/ipv4/netfilter/ipt_REDIRECT.ko -kernel/net/ipv4/netfilter/ipt_REJECT.ko -kernel/net/ipv4/netfilter/ipt_ULOG.ko -kernel/net/ipv4/netfilter/ip_queue.ko From 0d9d5288d576f4524372a0d96a5b32a7a41b8965 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Feb 2017 18:36:14 +0800 Subject: [PATCH 3/9] rm unuse file --- linux-net-kernel/net/ipv4/netfilter/Makefile | 77 -- .../net/ipv4/netfilter/nf_sfc50_l.c | 445 ------- .../net/ipv4/netfilter/nf_sfc50_l_data.c | 1179 ----------------- .../net/ipv4/netfilter/nf_sfc50_l_data.h | 99 -- linux-net-kernel/net/modules.order | 200 --- 5 files changed, 2000 deletions(-) delete mode 100755 linux-net-kernel/net/ipv4/netfilter/Makefile delete mode 100755 linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l.c delete mode 100755 linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.c delete mode 100755 linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.h delete mode 100755 linux-net-kernel/net/modules.order diff --git a/linux-net-kernel/net/ipv4/netfilter/Makefile b/linux-net-kernel/net/ipv4/netfilter/Makefile deleted file mode 100755 index 550f51a..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -# -# Makefile for the netfilter modules on top of IPv4. -# -obj-y := decode.o -obj-m := nf_gate_data.o nf_sfc50_l.o nf_sfc50_l_data.o mtrie.o nf_audit_work.o nf_gate_work.o nf_gate_proc.o nf_gate_counter.o \ - nf_gate_counter_test.o nf_n2n_checkptk.o nf_n2n_sender.o nf_gate_pri.o nf_gate_if.o nf_gate_pri_cache.o nf_gate_nat.o \ - nf_gate_tmp_udp.o nf_gate_ids.o nf_gate_tcp_conntrack.o - -# objects for l3 independent conntrack -nf_conntrack_ipv4-objs := nf_conntrack_l3proto_ipv4.o nf_conntrack_proto_icmp.o -ifeq ($(CONFIG_NF_CONNTRACK_PROC_COMPAT),y) -ifeq ($(CONFIG_PROC_FS),y) -nf_conntrack_ipv4-objs += nf_conntrack_l3proto_ipv4_compat.o -endif -endif - -nf_nat-objs := nf_nat_core.o nf_nat_helper.o nf_nat_proto_unknown.o nf_nat_proto_common.o nf_nat_proto_tcp.o nf_nat_proto_udp.o nf_nat_proto_icmp.o -iptable_nat-objs := nf_nat_rule.o nf_nat_standalone.o - -# connection tracking -obj-$(CONFIG_NF_CONNTRACK_IPV4) += nf_conntrack_ipv4.o - -obj-$(CONFIG_NF_NAT) += nf_nat.o - -# defrag -obj-$(CONFIG_NF_DEFRAG_IPV4) += nf_defrag_ipv4.o - -# NAT helpers (nf_conntrack) -obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o -obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o -obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o -obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o -obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o -obj-$(CONFIG_NF_NAT_SIP) += nf_nat_sip.o -obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o -obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o - -# NAT protocols (nf_nat) -obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o -obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o -obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o -obj-$(CONFIG_NF_NAT_PROTO_SCTP) += nf_nat_proto_sctp.o - -# generic IP tables -obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o - -# the three instances of ip_tables -obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o -obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o -obj-$(CONFIG_NF_NAT) += iptable_nat.o -obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o -obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o - -# matches -obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o -obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o -obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o - -# targets -obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o -obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o -obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o -obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o -obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o -obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o -obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o - -# generic ARP tables -obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o -obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o - -# just filtering instance of ARP tables for now -obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o - -obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o - diff --git a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l.c b/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l.c deleted file mode 100755 index caa8262..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l.c +++ /dev/null @@ -1,445 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) -#include -#endif -#include - -#include "nf_sfc50_l_data.h" -#include "nf_gate_data.h" -#include "decode.h" - -#ifdef DEBUG -#define SFC50_L_DBG(x) x -#else -#define SFC50_L_DBG(x) -#endif - -#ifdef DBG_WARNING -#define SFC50_L_WARN(x) x -#else -#define SFC50_L_WARN(x) -#endif - -static unsigned int loopback_ip = (127 << 24) - | (0 << 16) - | (0 << 8) - | 0; - -static inline void sfc50_l_l4_checksum(struct iphdr *oldiph) -{ - if(oldiph->protocol == IPPROTO_TCP) { - struct tcphdr *tcph; - int datalen; - - datalen = ntohs(oldiph->tot_len) - (oldiph->ihl << 2); - tcph = (struct tcphdr *)((unsigned char *)oldiph + (oldiph->ihl << 2)); - tcph->check = 0; - tcph->check = tcp_v4_check(datalen, - oldiph->saddr, oldiph->daddr, - csum_partial(tcph, - datalen, 0)); - } - else if(oldiph->protocol == IPPROTO_UDP) { - struct udphdr *udph; - int datalen; - - udph = (struct udphdr *)((unsigned char *)oldiph + (oldiph->ihl << 2)); - if(udph->check) { - datalen = ntohs(oldiph->tot_len) - (oldiph->ihl << 2); - udph->check = 0; - udph->check = csum_tcpudp_magic(oldiph->saddr, oldiph->daddr, - datalen, IPPROTO_UDP, - csum_partial(udph, - datalen, 0)); - } - } -} - -/* 发送流程入口 */ -static unsigned int sfc50_l_hook_out(unsigned int hooknum, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) -{ - struct iphdr *oldiph, *newiph; - unsigned int max_headroom; - struct sk_buff *new_skb; - unsigned int newip; - - if(!sfc_dt.is_online) - return NF_ACCEPT; - - oldiph = ip_hdr(skb); - - /* loopback */ - if(loopback_ip == (loopback_ip & ntohl(oldiph->saddr)) - || loopback_ip == (loopback_ip & ntohl(oldiph->daddr))) { - SFC50_L_DBG(printk(KERN_DEBUG "tx: loopback pkt, skip it!!!\n");); - return NF_ACCEPT; - } - - /* UDP/TCP only */ - if(unlikely(IPPROTO_UDP != oldiph->protocol - && IPPROTO_TCP != oldiph->protocol - && IPPROTO_ICMP != oldiph->protocol)) - return NF_ACCEPT; - - /* 不处理分片 */ - if(unlikely(oldiph->frag_off & htons(IP_OFFSET))) { - SFC50_L_WARN(printk(KERN_WARNING "rx: rcv ip frag, skip it!!!\n");); - return NF_ACCEPT; - } - - if(unlikely(!pskb_may_pull(skb, ntohs(oldiph->tot_len)))) { - SFC50_L_WARN(printk(KERN_DEBUG "<%s, %d>: rx: length skb error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_ACCEPT; - } - - /* 工作模式 */ - if(sfc_dt.mode & (1 << SFC50_L_M_NET)) { - if((ntohl(oldiph->daddr) & sfc_dt.mask) - == sfc_dt.prefix) - return NF_ACCEPT; - } - if(sfc_dt.mode & (1 << SFC50_L_M_WHITE)) { - if(mtrie_longest_match(sfc_dt.w_root, - ntohl(oldiph->daddr))) { - return NF_ACCEPT; - } - } - - /* 要排除一种情况: 宿主主机发送的、目的是本机ID的报文, - 应当由D100返回给宿主主机 */ - if(sfc_dt.id == ntohl(oldiph->daddr)) { - SFC50_L_WARN(printk(KERN_WARNING "<%s, %d>: loopback to host, id=%08x, sip=%08x\n", - __FILE__, __LINE__, sfc_dt.id, ntohl(oldiph->saddr));); - newip = oldiph->daddr; - oldiph->daddr = oldiph->saddr; - oldiph->saddr = newip; - sfc50_l_l4_checksum(oldiph); - ip_send_check(oldiph); - return NF_ACCEPT; - } - - /* 网关查询 */ - sfc50_l_data_lock(); - if(NF_DROP == sfc50_l_gw_find(skb, oldiph, &newip)) { - sfc50_l_data_unlock(); - return NF_DROP; - } - sfc50_l_data_unlock(); - - /* 开始封装 */ - max_headroom = sizeof(struct iphdr) + MTP_AUTH_INFO_LEN + LL_MAX_HEADER; - new_skb = skb_realloc_headroom(skb, max_headroom); - if (!new_skb) { - SFC50_L_WARN(printk(KERN_WARNING "<%s, %d>: no memory!!!\n", - __FILE__, __LINE__);); - return NF_DROP; - } - if (skb->sk) - skb_set_owner_w(new_skb, skb->sk); - skb = new_skb; - oldiph = ip_hdr(skb); - - skb_push(skb, sizeof(struct iphdr) + MTP_AUTH_INFO_LEN); - skb_reset_network_header(skb); - skb_set_transport_header(skb, sizeof(struct iphdr)); - memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); - - newiph = ip_hdr(skb); - memcpy(newiph, oldiph, sizeof(struct iphdr)); - newiph->protocol = sfc_dt.is_inside ? IPPROTO_MTP_I : IPPROTO_MTP_O; - newiph->daddr = newip; /* saddr is local ip address */ - newiph->tot_len = htons(ntohs(oldiph->tot_len) + sizeof(struct iphdr) + MTP_AUTH_INFO_LEN); - newiph->ihl = 5; - - if((ntohl(oldiph->daddr) & 0xdc000000) == 0xdc000000) { - oldiph->saddr = htonl(sfc_dt.id); /* set local ID */ - ip_send_check(oldiph); - } - - if(sfc_dt.is_inside) { - memset((unsigned char *)newiph + sizeof(struct iphdr), - 0, MTP_AUTH_INFO_LEN); /* 起源认证信息 */ - } - else { - struct scatterlist sg; - - if(crypto_hash_init(&(sfc_dt.md5))) { - printk(KERN_ALERT "<%s, %d>: MD5 init failed !!!\n", - __FILE__, __LINE__); - goto crypto_er; - } - - sg_init_one(&sg, oldiph, sizeof(struct iphdr)); - if(crypto_hash_update(&(sfc_dt.md5), &sg, sizeof(struct iphdr))) { - printk(KERN_ALERT "<%s, %d>: MD5 update failed !!!\n", - __FILE__, __LINE__); - goto crypto_er; - } - - sg_init_one(&sg, &(sfc_dt.key), sizeof(int)); - if(crypto_hash_update(&(sfc_dt.md5), &sg, sizeof(int))) { - printk(KERN_ALERT "<%s, %d>: MD5 update failed !!!\n", - __FILE__, __LINE__); - goto crypto_er; - } - - if(crypto_hash_final(&(sfc_dt.md5), (unsigned char *)newiph - + sizeof(struct iphdr))) { - printk(KERN_ALERT "<%s, %d>: MD5 final failed !!!\n", - __FILE__, __LINE__); - goto crypto_er; - } - } - - /* l4 checksum */ - sfc50_l_l4_checksum(oldiph); - - /* checksum already */ - skb->ip_summed = CHECKSUM_UNNECESSARY; - - if (unlikely(ip_route_me_harder(skb, RTN_LOCAL))) { - dev_kfree_skb(skb); - SFC50_L_WARN(printk(KERN_WARNING "<%s, %d>: route failed!!!\n", - __FILE__, __LINE__);); - return NF_DROP; - } - - /* ip checksum here */ - ip_local_out(skb); - - return NF_DROP; - -crypto_er: - dev_kfree_skb(skb); - return NF_DROP; -} - -/*- 接收流程 -*/ -/* erp rx */ -static unsigned int sfc50_l_erp_rx(struct sk_buff *skb) -{ - struct iphdr *iph; - struct icmphdr *icmph; - __sum16 checksum; - - return NF_ACCEPT; //for now, skip it - - iph = ip_hdr(skb); - - if(unlikely(!pskb_may_pull(skb, ntohs(iph->tot_len)))) { - SFC50_L_DBG(printk(KERN_DEBUG "<%s, %d>: rx: length skb error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_DROP; - } - - if(unlikely(ntohs(iph->tot_len) <= (iph->ihl << 2) + - sizeof(struct icmphdr) + sizeof(struct iphdr))) { - SFC50_L_WARN(printk(KERN_DEBUG "<%s, %d>: rx: length skb error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_DROP; - } - - /* ICMP检查 */ - icmph = (struct icmphdr *)((unsigned char *)iph + (iph->ihl << 2)); - checksum = icmph->checksum; - icmph->checksum = 0; - icmph->checksum = ip_compute_csum((void *)icmph, - ntohs(iph->tot_len) - (iph->ihl << 2)); - if(unlikely(checksum != icmph->checksum)) { - SFC50_L_DBG(printk(KERN_DEBUG "<%s, %d>: rx: bad erp checksum, drop it !!!\n", - __FILE__, __LINE__);); - return NF_DROP; - } - - /* 不可达原始IP头 */ - iph = (struct iphdr *)((unsigned char *)iph + (iph->ihl << 2) + - sizeof(struct icmphdr)); - - /* 仅仅内网角色,需要通知用户空间 */ - if(sfc_dt.is_inside) { - sfc50_l_data_send(ntohl(iph->daddr)); - SFC50_L_DBG(printk(KERN_DEBUG "<%s, %d>: ERP rx, notify user-space unreach: \n", - __FILE__, __LINE__, ntohl(iph->daddr));); - } - - /* cache 反馈 */ - sfc50_l_data_lock(); - sfc50_l_cache_feedback(iph); - sfc50_l_data_unlock(); - - SFC50_L_DBG(printk(KERN_DEBUG "<%s, %d>: ERP rx, to local stack: \n", - __FILE__, __LINE__, ntohl(iph->daddr));); - - return NF_ACCEPT; -} - -/* mtp rx */ -static unsigned int sfc50_l_mtp_rx(struct sk_buff *skb) -{ - struct pintercept_pkthdr pkthdr; - Packet p; - struct iphdr *iphdr; - unsigned short oiph_len, ototal_len, pull_len; - - /* pkt valid */ - iphdr = ip_hdr(skb); - oiph_len = iphdr->ihl << 2; - ototal_len = ntohs(iphdr->tot_len); - - if(unlikely(ototal_len <= oiph_len + MTP_AUTH_INFO_LEN + sizeof(struct iphdr))) { - SFC50_L_WARN(printk(KERN_DEBUG "<%s, %d>: rx: length skb error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_ACCEPT; - } - - if(unlikely(!pskb_may_pull(skb, ototal_len))) { - SFC50_L_WARN(printk(KERN_DEBUG "<%s, %d>: rx: length skb error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_ACCEPT; - } - - /* make a ip eth frame */ - pull_len = oiph_len + MTP_AUTH_INFO_LEN - ETHERNET_HEADER_LEN; - skb_pull(skb, pull_len); - - /* pintercept_pkthdr ready */ - pkthdr.len = ototal_len - pull_len; - pkthdr.caplen = pkthdr.len; - - /* p */ - memset(&p, 0, sizeof(p)); - p.skb = skb; - - if(unlikely(NF_DROP == DecodeEthPkt(&p, &pkthdr, skb->data))) { - SFC50_L_WARN(printk(KERN_DEBUG "<%s, %d>: rx: real pkt check error, drop it !!!\n", - __FILE__, __LINE__);); - return NF_ACCEPT; - } - - skb_pull(skb, ETHERNET_HEADER_LEN); /* skip eth layer */ - skb_reset_network_header(skb); /* set ip layer */ - iphdr = ip_hdr(skb); - skb_set_transport_header(skb, iphdr->ihl << 2); /* set transport layer */ - - //printk("<%s, %d>: rx OK: src=%08x, dst=%08x, proto=%u\n", - // __FILE__, __LINE__, ntohl(iphdr->saddr), - // ntohl(iphdr->daddr), iphdr->protocol); - - return NF_ACCEPT; -} - -/* 接收流程入口 */ -static unsigned int sfc50_l_hook_in(unsigned int hooknum, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) -{ - /* loopback */ - if(loopback_ip == (loopback_ip & ntohl(ip_hdr(skb)->saddr)) - || loopback_ip == (loopback_ip & ntohl(ip_hdr(skb)->daddr))) { - SFC50_L_DBG(printk(KERN_DEBUG "rx: loopback pkt, skip it!!!\n");); - return NF_ACCEPT; - } - - /* 不处理分片 */ - if(unlikely(ip_hdr(skb)->frag_off & htons(IP_OFFSET))) { - SFC50_L_WARN(printk(KERN_WARNING "rx: rcv ip frag, skip it!!!\n");); - return NF_ACCEPT; - } - - /* Must be online */ - if(!sfc_dt.is_online) - return NF_ACCEPT; - - /* MTP decode */ - if(IPPROTO_MTP_O == ip_hdr(skb)->protocol - || IPPROTO_MTP_I == ip_hdr(skb)->protocol) - return sfc50_l_mtp_rx(skb); - - /* ERP decode */ - if(IPPROTO_ERP == ip_hdr(skb)->protocol) - return sfc50_l_erp_rx(skb); - - /* ignore other pkt */ - return NF_ACCEPT; -} - -static struct nf_hook_ops ipv4_sfc50_l_ops[] = { -#if 0 - { - .hook = sfc50_l_hook_out, - .owner = THIS_MODULE, - .pf = PF_INET, - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP_PRI_SFC50_L_OUT, - }, -#endif - { - .hook = sfc50_l_hook_out,//sfc50_l_hook_check, - .owner = THIS_MODULE, - .pf = PF_INET, - .hooknum = NF_INET_POST_ROUTING, - .priority = NF_IP_PRI_SFC50_L_OUT, - }, - { - .hook = sfc50_l_hook_in, - .owner = THIS_MODULE, - .pf = PF_INET, - .hooknum = NF_INET_PRE_ROUTING, - .priority = NF_IP_PRI_SFC50_L_IN, - }, -}; - -static int __init nf_sfc50_l_init(void) -{ - int ret; - - ret = nf_register_hooks(ipv4_sfc50_l_ops, ARRAY_SIZE(ipv4_sfc50_l_ops)); - if(ret < 0) { - printk(KERN_ERR "<%s, %s, %d>: !!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto failed_out0; - } - - printk(KERN_INFO "sfc50_l module: init done.\n"); - - return 0; - -failed_out0: - return -1; -} - -static void __exit nf_sfc50_l_fini(void) -{ - nf_unregister_hooks(ipv4_sfc50_l_ops, ARRAY_SIZE(ipv4_sfc50_l_ops)); - - printk(KERN_INFO "sfc50_l module: uninit done.\n"); -} - -module_init(nf_sfc50_l_init); -module_exit(nf_sfc50_l_fini); - -MODULE_LICENSE("GPL"); - - diff --git a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.c b/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.c deleted file mode 100755 index 293b1fe..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.c +++ /dev/null @@ -1,1179 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) -#include -#endif -#include -#include "mtrie.h" -#include "nf_sfc50_l_data.h" - -#ifdef DEBUG//DBG_WARNING -#define DATA_DBG(x) x -#else -#define DATA_DBG(x) -#endif - -#define SFC50_L_CACHE_BKT 8192 -#define SFC50_L_CACHE_TIMEOUT (60 * HZ) - -#define SFC50_L_FWD_BKT 8192 - -static unsigned long sfc50_l_cache_timeout = 60 * HZ; -static unsigned long sfc50_l_cache_retime = HZ; -static unsigned long sfc50_l_cache_renotify = 0;//3 * HZ; - -/* 数据根 */ -sfc50_l_data sfc_dt = { - .lock = __SPIN_LOCK_UNLOCKED(sfc_dt.lock), -}; -EXPORT_SYMBOL_GPL(sfc_dt); - -/* declare */ -static inline void sfc50_l_data_clean(void); - -/* 大块内存分配 */ -static void *nf_sfc50_l_mblk(unsigned int *item_numb, size_t item_size, int *vmalloced) -{ - void *ret; - unsigned int nr_slots; - size_t sz; - - *vmalloced = 0; - - nr_slots = *item_numb = roundup(*item_numb, PAGE_SIZE / item_size); - sz = nr_slots * item_size; - ret = (void *)__get_free_pages(GFP_KERNEL | __GFP_NOWARN | __GFP_ZERO, - get_order(sz)); - if (!ret) { - *vmalloced = 1; - printk(KERN_WARNING "nf_gate_mblk: falling back to vmalloc.\n"); - ret = __vmalloc(sz, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL); - } - - return ret; -} - -static void nf_sfc50_l_fblk(void *blk, unsigned int bli_size, int vmalloced) -{ - if (vmalloced) - vfree(blk); - else - free_pages((unsigned long)blk, get_order(bli_size)); -} - -static int sfc50_l_op_role(kernel_msg *msg_ptr) -{ - unsigned int *is_inside = (unsigned int *)msg_ptr->value; - - sfc50_l_data_lock(); - - sfc_dt.is_inside = *is_inside; - sfc_dt.is_online = 0; - sfc50_l_data_clean(); - - sfc50_l_data_unlock(); - - DATA_DBG(printk("SFC50_L: set role %s\n", - sfc_dt.is_inside ? "INSIDE" : "OUTSIDE");); - - return 0; -} - -static int sfc50_l_op_id(kernel_msg * msg_ptr) -{ - unsigned int *id = (unsigned int *)msg_ptr->value; - - sfc50_l_data_lock(); - - sfc_dt.id = *id; - sfc_dt.is_online = 0; - sfc50_l_data_clean(); - - sfc50_l_data_unlock(); - - DATA_DBG(printk("SFC50_L: set id %08x\n", - sfc_dt.id);); - - return 0; -} - -static int sfc50_l_op_online(kernel_msg * msg_ptr) -{ - unsigned int *is_online = (unsigned int *)msg_ptr->value; - - sfc50_l_data_lock(); - - sfc_dt.is_online = *is_online; - //sfc50_l_data_clean(); - - sfc50_l_data_unlock(); - - DATA_DBG(printk("SFC50_L: set %s\n", - sfc_dt.is_online ? "ONLINE" : "OFFLINE");); - - return 0; -} - -static int sfc50_l_op_auth(kernel_msg * msg_ptr) -{ - int *key_ptr = (int *)msg_ptr->value; - - sfc50_l_data_lock(); - - sfc_dt.key = key_ptr[0]; - - sfc50_l_data_unlock(); - - DATA_DBG(printk("SFC50_L: set auth key %d\n", sfc_dt.key);); - - return 0; -} - -static int sfc50_l_op_gws(kernel_msg * msg_ptr) -{ - unsigned int *gws = (unsigned int *)msg_ptr->value; - - sfc50_l_data_lock(); - - memcpy(sfc_dt.gws, gws, sizeof(unsigned int) * MAX_STATION_GATE); - - sfc50_l_data_unlock(); - - DATA_DBG({ - unsigned int i; - char buf[256]; - char buf2[32]; - - strcpy(buf, "SFC50_L: set gws "); - for(i = 0; i < MAX_STATION_GATE - 1; i ++) { - sprintf(buf2, "%08x ", sfc_dt.gws[i]); - strcat(buf, buf2); - } - sprintf(buf2, "%08x\n", sfc_dt.gws[MAX_STATION_GATE - 1]); - strcat(buf, buf2); - }); - - return 0; -} - -static inline void sfc50_l_del_one_item(sfc_ct *cache_ptr) -{ - hlist_del_init((&(cache_ptr->list))); - hlist_del_init((&(cache_ptr->list_rule))); - - kmem_cache_free(sfc_dt.ct_cache, cache_ptr); - - DATA_DBG(printk("<%s, %d>: cache timeout: \n", - __FILE__, __LINE__, ntohl(cache_ptr->dst), ntohs(cache_ptr->sp), - ntohs(cache_ptr->dp), cache_ptr->proto, (cache_ptr->nf_result ==NF_ACCEPT) ? - "ACCEPT" : "DROP");); -} - -static inline sfc_fwd_item *__sfc50_l_fwd_find(unsigned int hash_val, unsigned int dst) -{ - sfc_fwd_item *fwd_ptr; - struct hlist_node *n; - - hlist_for_each_entry(fwd_ptr, n, &(sfc_dt.fwd_bkt[hash_val]), - list) { - if(fwd_ptr->data.dst == dst) - return fwd_ptr; - } - - return NULL; -} - -static inline sfc_fwd_item *sfc50_l_fwd_find(unsigned int dst) -{ - unsigned int hash_val; - - hash_val = jhash_1word(dst, sfc_dt.fwd_rand) & - (sfc_dt.fwd_bkt_numb - 1); - - return __sfc50_l_fwd_find(hash_val, dst); -} - -static inline void sfc50_l_fwd_cache_clean(struct hlist_head *head_ptr) -{ - sfc_ct *cache_ptr; - - while (!hlist_empty(head_ptr)) { - cache_ptr = hlist_entry(head_ptr->first, - sfc_ct, list_rule); - if(del_timer(&(cache_ptr->timeout))) - sfc50_l_del_one_item(cache_ptr); - } -} - -static int sfc50_l_op_fwd(kernel_msg *msg_ptr) -{ - sfc_fwd_item *fwd_ptr; - sfc_fwd_data *fr_ptr = (sfc_fwd_data *)msg_ptr->value; - unsigned int hash_val; - - if(fr_ptr->numb > MAX_STATION_GATE) { - printk(KERN_ERR "<%s, %d>: mtrie item too big gw number !!!\n", - __FILE__, __LINE__); - return -1; - } - - hash_val = jhash_1word(fr_ptr->dst, sfc_dt.fwd_rand) & - (sfc_dt.fwd_bkt_numb - 1); - - if(OPER_ADD == msg_ptr->opera) { - DATA_DBG({ - unsigned int i; - char buf[1024]; - char bufff[32]; - - sprintf(buf, "Fwd mtrie add item: <%08x, %u:[", - fr_ptr->dst, fr_ptr->numb); - for(i = 0; i < fr_ptr->numb; i ++) { - if(i + 1 == fr_ptr->numb) { - sprintf(bufff, "%08x]>\n", fr_ptr->gw[i]); - strcat(buf, bufff); - } else { - sprintf(bufff, "%08x, ", fr_ptr->gw[i]); - strcat(buf, bufff); - } - } - printk(buf); - }); - - fwd_ptr = kmem_cache_zalloc(sfc_dt.fwd_cache, GFP_KERNEL); - if(NULL == fwd_ptr) { - printk(KERN_ERR "<%s, %d>: mtrie item alloc failed !!!\n", - __FILE__, __LINE__); - return -1; - } - - fwd_ptr->data = *fr_ptr; - - INIT_HLIST_HEAD(&(fwd_ptr->rule_cache)); - - sfc50_l_data_lock(); - - hlist_add_head(&(fwd_ptr->list), &(sfc_dt.fwd_bkt[hash_val])); - - sfc50_l_data_unlock(); - - return 0; - } - - - sfc50_l_data_lock(); - - fwd_ptr = __sfc50_l_fwd_find(hash_val, fr_ptr->dst); - if(fwd_ptr) { - hlist_del_init((&(fwd_ptr->list))); - sfc50_l_fwd_cache_clean(&(fwd_ptr->rule_cache)); - kmem_cache_free(sfc_dt.fwd_cache, fwd_ptr); - sfc50_l_data_unlock(); - - DATA_DBG(printk("Fwd mtrie del item: <%08x>\n", fr_ptr->dst);); - } - - sfc50_l_data_unlock(); - - return 0; -} - -static void sfc50_l_cache_timeout_fn(unsigned long cache_item) -{ - sfc_ct *cache_ptr = (sfc_ct *)cache_item; - - sfc50_l_data_lock(); - - sfc50_l_del_one_item(cache_ptr); - - sfc50_l_data_unlock(); -} - -static inline void sfc50_l_unreach_notify(struct sk_buff *old_skb, - struct iphdr *oldiph, - sfc_ct *cache_ptr, - int now) -{ - /* 角色无关 */ - if(NF_DROP == cache_ptr->nf_result - && IPPROTO_ICMP != oldiph->protocol) { - icmp_send(old_skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0); - DATA_DBG(printk("<%s, %d>: send cheat icmp unreach: \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohl(oldiph->saddr));); - } - - /* 仅内网角色 */ - if(sfc_dt.is_inside) { - if(now) { - sfc50_l_data_send(ntohl(oldiph->daddr)); - cache_ptr->tmsp = jiffies_64; - DATA_DBG(printk("<%s, %d>: notify user-space unreach: , immediately\n", - __FILE__, __LINE__, ntohl(oldiph->daddr));); - } - else { - sfc_fwd_item *fwd_ptr; - - DATA_DBG(printk("<%s, %d>: will search fwd rule: ...\n", - __FILE__, __LINE__);); - fwd_ptr = sfc50_l_fwd_find(ntohl(oldiph->daddr)); - if(fwd_ptr) { - cache_ptr->nf_result = NF_ACCEPT; - /*- ECMP??? FIX ME -*/ - cache_ptr->gw = htonl(fwd_ptr->data.gw[0]); - DATA_DBG(printk("<%s, %d>: fwd rule: found Rule\n", - __FILE__, __LINE__);); - } else { - DATA_DBG(printk("<%s, %d>: fwd rule: found Nothing\n", - __FILE__, __LINE__);); - cache_ptr->nf_result = NF_DROP; - if(jiffies_64 >= (cache_ptr->tmsp + - sfc50_l_cache_renotify)) { - /* re-find */ - sfc50_l_data_send(ntohl(oldiph->daddr)); - cache_ptr->tmsp = jiffies_64; - DATA_DBG(printk("<%s, %d>: notify user-space unreach: , rate limit\n", - __FILE__, __LINE__, ntohl(oldiph->daddr));); - } - } - } -} -} - -static inline sfc_ct *sfc50_l_cache_find(unsigned int hash_val, - struct iphdr *oldiph, - unsigned short source, - unsigned short dest) -{ - sfc_ct *cache_ptr; - struct hlist_node *n; - - hlist_for_each_entry(cache_ptr, n, &(sfc_dt.ct_bkt[hash_val]), - list) { - if(cache_ptr->dst == oldiph->daddr - && cache_ptr->sp == source - && cache_ptr->dp == dest - && cache_ptr->proto == oldiph->protocol) { - return cache_ptr; - } - } - - return NULL; -} - -static inline sfc_ct *sfc50_l_cache_add(unsigned int hash_val, - struct iphdr *oldiph, - unsigned short source, - unsigned short dest) -{ - sfc_ct *cache_ptr; - - cache_ptr = kmem_cache_zalloc(sfc_dt.ct_cache, GFP_ATOMIC); - if(unlikely(!cache_ptr)) { - printk(KERN_ERR "<%s, %d>: cache, no memory !!!\n", - __FILE__, __LINE__); - return NULL; - } - cache_ptr->dst = oldiph->daddr; - cache_ptr->sp = source; - cache_ptr->dp = dest; - cache_ptr->proto = oldiph->protocol; - - hlist_add_head(&(cache_ptr->list), &(sfc_dt.ct_bkt[hash_val])); - - return cache_ptr; -} - -static inline unsigned int sfc50_l_gw_find_inside(unsigned int hash_val, - struct sk_buff *old_skb, - struct iphdr *oldiph, - unsigned short source, - unsigned short dest, - unsigned int *newip) -{ - sfc_fwd_item *fwd_ptr; - sfc_ct *cache_ptr; - - /* cache 查找 */ - cache_ptr = sfc50_l_cache_find(hash_val, oldiph, source, dest); - if(likely(cache_ptr)) { - DATA_DBG(printk("<%s, %d>: cache hit: \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol, (cache_ptr->nf_result ==NF_ACCEPT) ? "ACCEPT" : "DROP");); - - if(NF_ACCEPT == cache_ptr->nf_result) { - unsigned long newtime; - - newtime = jiffies + sfc50_l_cache_timeout; - DATA_DBG(printk("<%s, %d>: cache hit: \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol, (cache_ptr->nf_result ==NF_ACCEPT) ? "ACCEPT" : "DROP");); - if(newtime - cache_ptr->timeout.expires >= - sfc50_l_cache_retime) { - mod_timer_pending(&(cache_ptr->timeout), newtime); - DATA_DBG(printk("<%s, %d>: cache timer refresh\n", - __FILE__, __LINE__);); - } - } - else { - sfc50_l_unreach_notify(old_skb, oldiph, cache_ptr, 0); - } - - goto fnd_out; - } - - /* cache 添加 */ - cache_ptr = sfc50_l_cache_add(hash_val, oldiph, source, dest); - if(unlikely(!cache_ptr)) - return NF_DROP; - fwd_ptr = sfc50_l_fwd_find(ntohl(oldiph->daddr)); - if(fwd_ptr) { - cache_ptr->nf_result = NF_ACCEPT; - /*- ECMP??? FIX ME -*/ - cache_ptr->gw = htonl(fwd_ptr->data.gw[0]); - hlist_add_head(&(cache_ptr->list_rule), &(fwd_ptr->rule_cache)); - DATA_DBG({ - unsigned int i; - char buf[1024]; - char bufff[32]; - - sprintf(buf, "<%s, %d>: Fwd find: <%08x, %u:[", - __FILE__, __LINE__, fwd_ptr->data.dst, - fwd_ptr->data.numb); - for(i = 0; i < fwd_ptr->data.numb; i ++) { - if(i + 1 == fwd_ptr->data.numb) { - sprintf(bufff, "%08x]>\n", fwd_ptr->data.gw[i]); - strcat(buf, bufff); - } else { - sprintf(bufff, "%08x, ", fwd_ptr->data.gw[i]); - strcat(buf, bufff); - } - } - printk(buf); - }); - DATA_DBG(printk("<%s, %d>: cache add \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol);); - } - else { - cache_ptr->nf_result = NF_DROP; - hlist_add_head(&(cache_ptr->list_rule), &(sfc_dt.ct_drop_list)); - sfc50_l_unreach_notify(old_skb, oldiph, cache_ptr, 1); - DATA_DBG(printk("<%s, %d>: cache add \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol);); - } - setup_timer(&(cache_ptr->timeout), sfc50_l_cache_timeout_fn, - (unsigned long)cache_ptr); - cache_ptr->timeout.expires = jiffies + sfc50_l_cache_timeout; - add_timer(&(cache_ptr->timeout)); - -fnd_out: - *newip = cache_ptr->gw; - - return cache_ptr->nf_result; -} - -static inline unsigned int sfc50_l_gw_find_outside(unsigned int hash_val, - struct sk_buff * old_skb, - struct iphdr * oldiph, - unsigned short source, - unsigned short dest, - unsigned int * newip) -{ - sfc_ct *cache_ptr; - unsigned long newtime; - - /* cache 查找 */ - cache_ptr = sfc50_l_cache_find(hash_val, oldiph, source, dest); - if(likely(cache_ptr)) { - newtime = jiffies + sfc50_l_cache_timeout; - DATA_DBG(printk("<%s, %d>: cache hit: \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol, (cache_ptr->nf_result == NF_ACCEPT) ? "ACCEPT" : "DROP");); - if(newtime - cache_ptr->timeout.expires >= - sfc50_l_cache_retime) { - mod_timer_pending(&(cache_ptr->timeout), newtime); - DATA_DBG(printk("<%s, %d>: cache timer refresh\n", - __FILE__, __LINE__);); - } - - /* 不可达通告 */ - if(NF_DROP == cache_ptr->nf_result) - sfc50_l_unreach_notify(old_skb, oldiph, cache_ptr, 0); - - goto fnd_out; - } - - /* cache 添加 */ - cache_ptr = sfc50_l_cache_add(hash_val, oldiph, source, dest); - if(unlikely(!cache_ptr)) - return NF_DROP; - /*- ECMP??? FIX ME -*/ - cache_ptr->gw = htonl(sfc_dt.gws[0]); - cache_ptr->nf_result = NF_ACCEPT; /* 对于外网角色,默认都是ACCEPT */ - setup_timer(&(cache_ptr->timeout), sfc50_l_cache_timeout_fn, - (unsigned long)cache_ptr); - cache_ptr->timeout.expires = jiffies + sfc50_l_cache_timeout; - add_timer(&(cache_ptr->timeout)); - DATA_DBG(printk("<%s, %d>: cache add \n", - __FILE__, __LINE__, ntohl(oldiph->daddr), ntohs(source), ntohs(dest), - oldiph->protocol);); - -fnd_out: - *newip = cache_ptr->gw; - - return cache_ptr->nf_result; -} - -unsigned int sfc50_l_gw_find(struct sk_buff *old_skb, - struct iphdr *oldiph, - unsigned int *newip) -{ - unsigned int hash_val; - sfc_ct_key key; - struct udphdr *udph; - struct tcphdr *tcph; - struct icmphdr *icmph; - - if(IPPROTO_UDP == oldiph->protocol) { - udph = (struct udphdr *)((unsigned char *)oldiph + - (oldiph->ihl << 2)); - key.sp = udph->source; - key.dp = udph->dest; - } - else if(IPPROTO_TCP == oldiph->protocol) { - tcph = (struct tcphdr *)((unsigned char *)oldiph + - (oldiph->ihl << 2)); - key.sp = tcph->source; - key.dp = tcph->dest; - } - else if(IPPROTO_ICMP == oldiph->protocol) { - icmph = (struct icmphdr *)((unsigned char *)oldiph + - (oldiph->ihl << 2)); - key.sp = icmph->type; - key.dp = icmph->code; - } - else - return NF_DROP; - - key.dst = oldiph->daddr; - key.proto = oldiph->protocol; - hash_val = jhash(&key, sizeof(key), sfc_dt.ct_rand) & - (sfc_dt.ct_bkt_numb - 1); - - if(sfc_dt.is_inside) - return sfc50_l_gw_find_inside(hash_val, old_skb, - oldiph, key.sp, - key.dp, newip); - - return sfc50_l_gw_find_outside(hash_val, old_skb, oldiph, - key.sp, key.dp, - newip); - -} -EXPORT_SYMBOL_GPL(sfc50_l_gw_find); - -int sfc50_l_cache_feedback(struct iphdr *iph) -{ - sfc_ct *cache_ptr; - unsigned int hash_val; - sfc_ct_key key; - - struct l4_hdr { - __be16 source; - __be16 dest; - } *chdr; - - if(unlikely(iph->protocol != IPPROTO_UDP - && iph->protocol != IPPROTO_TCP)) - return -1; - - chdr = (struct l4_hdr *)((unsigned char *)iph + - (iph->ihl << 2)); - key.dst = iph->daddr; - key.sp = chdr->source; - key.dp = chdr->dest; - key.proto = iph->protocol; - hash_val = jhash(&key, sizeof(key), sfc_dt.ct_rand) & - (sfc_dt.ct_bkt_numb - 1); - - /* cache 查找 */ - cache_ptr = sfc50_l_cache_find(hash_val, iph, chdr->source, - chdr->dest); - - /* cache行为更新 */ - if(likely(cache_ptr)) { - if(NF_DROP != cache_ptr->nf_result) { - cache_ptr->nf_result = NF_DROP; - hlist_del_init(&(cache_ptr->list_rule)); - hlist_add_head(&(cache_ptr->list_rule), &(sfc_dt.ct_drop_list)); - DATA_DBG(printk(KERN_DEBUG "<%s, %d>: ERP cause to DROP: \n", __FILE__, __LINE__, ntohl(cache_ptr->dst), - ntohs(cache_ptr->sp), ntohs(cache_ptr->dp), cache_ptr->proto);); - return 0; - } - } - - return -1; -} -EXPORT_SYMBOL_GPL(sfc50_l_cache_feedback); - -static int sfc50_l_op_wc(kernel_msg *msg_ptr) -{ - unsigned int *mode = (unsigned int *)msg_ptr->value; - - if(OPER_ADD == msg_ptr->opera) { - sfc_dt.mode |= 1 << (*mode); - } - else { - sfc_dt.mode &= ~(1 << (*mode)); - } - - return 0; -} - -static int sfc50_l_op_net(kernel_msg *msg_ptr) -{ - sfc_net *data = (sfc_net *)msg_ptr->value; - - sfc_dt.prefix = data->prefix & data->mask; - sfc_dt.mask = data->mask; - - return 0; -} - -static int sfc50_l_op_wd(kernel_msg *msg_ptr) -{ - mtrie_leaf_t *leaf_ptr; - w_rule *fr_ptr = (w_rule *)msg_ptr->value; - - if(OPER_ADD == msg_ptr->opera) { - leaf_ptr = kmem_cache_zalloc(sfc_dt.w_leaf_cache, - GFP_ATOMIC); - if(NULL == leaf_ptr) { - printk(KERN_ERR "<%s, %d>: mtrie item alloc failed !!!\n", - __FILE__, __LINE__); - return -1; - } - leaf_ptr->prefix = fr_ptr->prefix; - leaf_ptr->mask = fr_ptr->mask; - - sfc50_l_data_lock(); - - if(FALSE == mtrie_leaf_insert(sfc_dt.w_root, leaf_ptr)) { - sfc50_l_data_unlock(); - kmem_cache_free(sfc_dt.w_leaf_cache, leaf_ptr); - printk(KERN_ERR "<%s, %d>: mtrie item add failed !!!\n", - __FILE__, __LINE__); - return -1; - } - - sfc50_l_data_unlock(); - - DATA_DBG(printk("<%s, %d>: w add: <%08x, %08x>\n", - __FILE__, __LINE__, fr_ptr->prefix, fr_ptr->mask);); - - return 0; - } - - sfc50_l_data_lock(); - - leaf_ptr = mtrie_lookup_exact(sfc_dt.w_root, fr_ptr->prefix, fr_ptr->mask); - if(NULL == leaf_ptr) { - sfc50_l_data_unlock(); - - printk(KERN_ERR "<%s, %d>: mtrie item del failed !!!\n", - __FILE__, __LINE__); - return -1; - } - mtrie_leaf_delete(sfc_dt.w_root, leaf_ptr); - - sfc50_l_data_unlock(); - - DATA_DBG(printk("<%s, %d>: w del: <%08x, %08x>\n", - __FILE__, __LINE__, fr_ptr->prefix, fr_ptr->mask);); - - kmem_cache_free(sfc_dt.w_leaf_cache, leaf_ptr); - - return 0; -} - - -/* NETLINK 接收函数 */ - -/* --------------- */ -static void sfc50_l_data_from_user(kernel_msg *msg_ptr) -{ - if(WK_MSG_SFC50_L == msg_ptr->type) { - if(SFC50_L_ROLE == msg_ptr->sub_type) - sfc50_l_op_role(msg_ptr); - - else if(SFC50_L_ID == msg_ptr->sub_type) - sfc50_l_op_id(msg_ptr); - - else if(SFC50_L_ONLINE == msg_ptr->sub_type) - sfc50_l_op_online(msg_ptr); - - else if(SFC50_L_AUTH == msg_ptr->sub_type) - sfc50_l_op_auth(msg_ptr); - - else if(SFC50_L_GW == msg_ptr->sub_type) - sfc50_l_op_gws(msg_ptr); - - else if(SFC50_L_FWD == msg_ptr->sub_type) - sfc50_l_op_fwd(msg_ptr); - - else if(SFC50_L_WC == msg_ptr->sub_type) - sfc50_l_op_wc(msg_ptr); - - else if(SFC50_L_WD == msg_ptr->sub_type) - sfc50_l_op_wd(msg_ptr); - - else if(SFC50_L_NET == msg_ptr->sub_type) - sfc50_l_op_net(msg_ptr); - - /* more ... */ - else { - printk(KERN_ERR "<%s, %d>: netlink: bad msg sub_type !!!\n", - __FILE__, __LINE__); - } - } - - /* more ... */ - - else { - printk(KERN_ERR "<%s, %d>: netlink: bad msg type !!!\n", - __FILE__, __LINE__); - } -} - -static void sfc50_l_data_rcv_skb(struct sk_buff *skb) -{ - kernel_msg *msg_ptr; - struct nlmsghdr *nlh; - - nlh = nlmsg_hdr(skb); - - if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len || - nlh->nlmsg_len < NLMSG_LENGTH(sizeof(kernel_msg))) { - printk(KERN_ERR "<%s, %s, %d>: work module: bad work_msg!!!\n", - __FILE__, __FUNCTION__, __LINE__); - return; - } - - msg_ptr = NLMSG_DATA(nlh); - - sfc50_l_data_from_user(msg_ptr); -} - -void sfc50_l_data_send(unsigned int dst) -{ - unsigned int size; - struct sk_buff *skb; - struct nlmsghdr *nlh; - unsigned int *dst_ptr; - - size = NLMSG_SPACE(sizeof(dst)); - skb = alloc_skb(size, GFP_ATOMIC); - if (!skb) { - printk(KERN_ERR "<%s, %d>: netlink: skb alloc failed !!!\n", - __FILE__, __LINE__); - return; - } - - nlh = NLMSG_PUT(skb, 0, 0, 0, sizeof(dst)); - nlh->nlmsg_pid = 0; /*from kernel */ - dst_ptr = NLMSG_DATA(nlh); - *dst_ptr = dst; - - netlink_broadcast(sfc_dt.nl[1], skb, 0, 1, GFP_ATOMIC); - - return; - -nlmsg_failure: - kfree_skb(skb); - printk(KERN_ERR "<%s, %d>: netlink: build header error !!!\n", - __FILE__, __LINE__); -} -EXPORT_SYMBOL_GPL(sfc50_l_data_send); - -#ifdef CONFIG_PROC_FS -static void *cmn_seq_start(struct seq_file *seq, loff_t *pos) -{ - return *pos ? NULL : SEQ_START_TOKEN; -} - -static void cmn_seq_stop(struct seq_file *seq, void *v) -{ -} - -static void *cmn_seq_next(struct seq_file *seq, void *v, loff_t *pos) -{ - return NULL; -} - -static void sfc50_l_w_mtrie_callback(mtrie_leaf_t *leaf_entry, void *p1, void *p2) -{ - struct seq_file *seq = p1; - char buf[128]; - - sprintf(buf, "<%08x, %08x>\n", leaf_entry->prefix, - leaf_entry->mask); - seq_puts(seq, buf); -} - -static void sfc50_l_proc_all_show(struct seq_file *seq) -{ - char buf[256]; - unsigned int i, j; - sfc_fwd_item *fwd_ptr; - sfc_ct *entry_ptr; - struct hlist_node *n; - char *mode_name[] = { - "All", - "Net", - "ID", - "White", - "White2", - NULL, - }; - - sfc50_l_data_lock(); - - /* status */ - sprintf(buf, "Status:: Role:%s, ID:%08x, Online:%s\n\n", - sfc_dt.is_inside ? "Inside" : "Outside", - sfc_dt.id, - sfc_dt.is_online ? "Yes" : "No"); - seq_puts(seq, buf); - - sprintf(buf, "Auth key: %d\n\n", sfc_dt.key); - seq_puts(seq, buf); - - sprintf(buf, "Gws: total %u: ", sfc_dt.gw_numb); - seq_puts(seq, buf); - for(i = 0; i < MAX_STATION_GATE - 1; i ++) { - sprintf(buf, "%08x ", sfc_dt.gws[i]); - seq_puts(seq, buf); - } - sprintf(buf, "%08x\n\n", sfc_dt.gws[MAX_STATION_GATE - 1]); - seq_puts(seq, buf); - - seq_puts(seq, "Fwd item: \n"); - for(i = 0; i < sfc_dt.fwd_bkt_numb; i ++) { - hlist_for_each_entry(fwd_ptr, n, &(sfc_dt.fwd_bkt[i]), - list) { - sprintf(buf, "<%08x, %u:[", fwd_ptr->data.dst, - fwd_ptr->data.numb); - seq_puts(seq, buf); - for(j = 0; j < fwd_ptr->data.numb; j ++) { - if(j + 1 == fwd_ptr->data.numb) { - sprintf(buf, "%08x]>\n", fwd_ptr->data.gw[j]); - seq_puts(seq, buf); - } - else { - sprintf(buf, "%08x, ", fwd_ptr->data.gw[j]); - seq_puts(seq, buf); - } - } - } - } - seq_puts(seq, "\n"); - - seq_puts(seq, "Cache item: \n"); - for(i = 0; i < sfc_dt.ct_bkt_numb; i ++) { - hlist_for_each_entry(entry_ptr, n, &(sfc_dt.ct_bkt[i]), - list) { - sprintf(buf, "<%08x, %u, %u, %u, %llu>\n", - ntohl(entry_ptr->dst), ntohs(entry_ptr->sp), - ntohs(entry_ptr->dp), entry_ptr->proto, - entry_ptr->tmsp); - seq_puts(seq, buf); - } - } - seq_puts(seq, "\n"); - - sprintf(buf, "Work model (by value): %u\n", sfc_dt.mode); - seq_puts(seq, buf); - for(i = 0; i < SFC50_L_M_MAX; i ++ ) { - if(sfc_dt.mode & (1 << i)) { - sprintf(buf, "Work model: %s\n", mode_name[i]); - seq_puts(seq, buf); - } - } - sprintf(buf, "Net: %08x/%08x\n", sfc_dt.prefix, sfc_dt.mask); - seq_puts(seq, buf); - seq_puts(seq, "White item: \n"); - mtrie_walk(sfc_dt.w_root, sfc50_l_w_mtrie_callback, - seq, NULL); - seq_puts(seq, "\n"); - - sfc50_l_data_unlock(); -} - -static int sfc50_l_all_seq_show(struct seq_file *seq, void *v) -{ - sfc50_l_proc_all_show(seq); - - return 0; -} - -static const struct seq_operations sfc50_l_all_seq_ops = { - .start = cmn_seq_start, - .next = cmn_seq_next, - .stop = cmn_seq_stop, - .show = sfc50_l_all_seq_show, -}; - -static int sfc50_l_all_seq_open(struct inode *inode, struct file *file) -{ - return seq_open_net(inode, file, &sfc50_l_all_seq_ops, sizeof(struct seq_net_private)); -} - -static const struct file_operations sfc50_l_all_seq_fops = { - .owner = THIS_MODULE, - .open = sfc50_l_all_seq_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_net, -}; - -static int sfc50_l_proc_init(void) -{ - if (!proc_net_fops_create(&init_net, "sfc50_l_all", 0, &sfc50_l_all_seq_fops)) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when proc_net_fops_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - return -1; - } - - return 0; -} - -static void sfc50_l_proc_uninit(void) -{ - proc_net_remove(&init_net, "sfc50_l_all"); -} -#endif - -static int sfc50_l_data_init(void) -{ - unsigned int i; - - sfc_dt.gws = kzalloc(sizeof(unsigned int) * MAX_STATION_GATE, GFP_KERNEL); - if(NULL == sfc_dt.gws) { - printk(KERN_ERR "<%s, %d>: not enough memory !!!\n", - __FILE__, __LINE__); - goto err_quit0; - } - - sfc_dt.fwd_bkt_numb = SFC50_L_FWD_BKT; - sfc_dt.fwd_bkt = nf_sfc50_l_mblk(&(sfc_dt.fwd_bkt_numb), - sizeof(struct hlist_head), &(sfc_dt.fwd_bkt_vmed)); - if(NULL == sfc_dt.fwd_bkt) { - panic("<%s, %s, %d>: init failed(when kzalloc)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit1; - } - for(i = 0; i < sfc_dt.fwd_bkt_numb; i ++) { - INIT_HLIST_HEAD(&(sfc_dt.fwd_bkt[i])); - } - sfc_dt.fwd_cache = kmem_cache_create("fwd_item", - sizeof(sfc_fwd_item), 0, SLAB_PANIC, NULL); - if(NULL == sfc_dt.fwd_cache) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when kmem_cache_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit2; - } - - sfc_dt.ct_bkt_numb = SFC50_L_CACHE_BKT; - sfc_dt.ct_bkt = nf_sfc50_l_mblk(&(sfc_dt.ct_bkt_numb), - sizeof(struct hlist_head), &(sfc_dt.ct_bkt_vmed)); - if(NULL == sfc_dt.ct_bkt) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when kmem_cache_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit3; - } - for(i = 0; i < sfc_dt.ct_bkt_numb; i ++) { - INIT_HLIST_HEAD(&(sfc_dt.ct_bkt[i])); - } - sfc_dt.ct_cache = kmem_cache_create("ct_item", - sizeof(sfc_ct), 0, SLAB_PANIC, NULL); - if(NULL == sfc_dt.ct_cache) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when kmem_cache_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit4; - } - get_random_bytes(&(sfc_dt.ct_rand), sizeof(sfc_dt.ct_rand)); - INIT_HLIST_HEAD(&(sfc_dt.ct_drop_list)); - - sfc_dt.w_root = kzalloc(sizeof(mtrie_root_t), GFP_KERNEL); - if(NULL == sfc_dt.w_root) { - panic("<%s, %s, %d>: init failed(when kzalloc)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit5; - } - - sfc_dt.w_leaf_cache = kmem_cache_create("w_leaf", - sizeof(fwd_rule_entry), 0, SLAB_PANIC, NULL); - if(NULL == sfc_dt.w_leaf_cache) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when kmem_cache_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit6; - } - - sfc_dt.w_node_cache = kmem_cache_create("w_node", - sizeof(mtrie_node_t), 0, SLAB_PANIC, NULL); - if(NULL == sfc_dt.w_node_cache) { - printk(KERN_ERR "<%s, %s, %d>: work module: init failed(when kmem_cache_create)!!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit7; - } - - mtrie_init(sfc_dt.w_root, sfc_dt.w_node_cache); - - printk(KERN_INFO "fwd<%u, %u>, ct<%u, %u>\n", - SFC50_L_FWD_BKT, sfc_dt.fwd_bkt_numb, SFC50_L_CACHE_BKT, - sfc_dt.ct_bkt_numb); - - - return 0; - -err_quit7: - kmem_cache_destroy(sfc_dt.w_leaf_cache); -err_quit6: - kfree(sfc_dt.w_root); -err_quit5: - kmem_cache_destroy(sfc_dt.ct_cache); -err_quit4: - nf_sfc50_l_fblk(sfc_dt.ct_bkt, sizeof(struct hlist_head) * - sfc_dt.ct_bkt_numb, sfc_dt.ct_bkt_vmed); -err_quit3: - kmem_cache_destroy(sfc_dt.fwd_cache); -err_quit2: - nf_sfc50_l_fblk(sfc_dt.fwd_bkt, sizeof(struct hlist_head) * - sfc_dt.fwd_bkt_numb, sfc_dt.fwd_bkt_vmed); -err_quit1: - kfree(sfc_dt.gws); -err_quit0: - return -1; -} - -static inline void sfc50_l_data_clean(void) -{ - sfc_fwd_item *fwd_ptr; - unsigned int i; - - for(i = 0; i < sfc_dt.fwd_bkt_numb; i ++) { - while (!hlist_empty(&(sfc_dt.fwd_bkt[i]))) { - fwd_ptr = hlist_entry(sfc_dt.fwd_bkt[i].first, - sfc_fwd_item, list); - hlist_del_init(&(fwd_ptr->list)); - sfc50_l_fwd_cache_clean(&(fwd_ptr->rule_cache)); - kmem_cache_free(sfc_dt.fwd_cache, fwd_ptr); - } - } - - sfc50_l_fwd_cache_clean(&(sfc_dt.ct_drop_list)); - - sfc_dt.key = 0; -} - -static void sfc50_l_data_uninit(void) -{ - sfc50_l_data_clean(); - kfree(sfc_dt.gws); - nf_sfc50_l_fblk(sfc_dt.fwd_bkt, sizeof(struct hlist_head) * - sfc_dt.fwd_bkt_numb, sfc_dt.fwd_bkt_vmed); - kmem_cache_destroy(sfc_dt.fwd_cache); - nf_sfc50_l_fblk(sfc_dt.ct_bkt, sizeof(struct hlist_head) * - sfc_dt.ct_bkt_numb, sfc_dt.ct_bkt_vmed); - - mtrie_clear2(sfc_dt.w_root, (mtrie_leaf_free_func *)kmem_cache_free, - sfc_dt.w_leaf_cache); - kfree(sfc_dt.w_root); - kmem_cache_destroy(sfc_dt.w_leaf_cache); - kmem_cache_destroy(sfc_dt.w_node_cache); -} - -static int __init nf_sfc50_l_data_init(void) -{ - if(0 != sfc50_l_data_init()) - goto err_quit0; - -#ifdef CONFIG_PROC_FS - if(0 != sfc50_l_proc_init()) - goto err_quit1; -#endif - - sfc_dt.nl[0] = netlink_kernel_create(&init_net, NETLINK_KERNEL_MSG, 32, - sfc50_l_data_rcv_skb, NULL, THIS_MODULE); - if (sfc_dt.nl[0] == NULL) { - printk(KERN_ERR "<%s, %s, %d>: error !!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit2; - } - - sfc_dt.nl[1] = netlink_kernel_create(&init_net, NETLINK_KERNEL_MSG + 1, 32, - sfc50_l_data_rcv_skb, NULL, THIS_MODULE); - if (sfc_dt.nl[1] == NULL) { - printk(KERN_ERR "<%s, %s, %d>: error !!!\n", - __FILE__, __FUNCTION__, __LINE__); - goto err_quit3; - } - - sfc_dt.md5.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC); - if (!(sfc_dt.md5.tfm) || IS_ERR(sfc_dt.md5.tfm)) { - printk(KERN_DEBUG "<%s, %d>: sfc50_l: MD5 init failed !!!\n", - __FILE__, __LINE__); - goto err_quit4; - } - - printk(KERN_INFO "sfc50_l data module: Init OK\n"); - - return 0; -err_quit4: - netlink_kernel_release(sfc_dt.nl[1]); -err_quit3: - netlink_kernel_release(sfc_dt.nl[0]); -err_quit2: -#ifdef CONFIG_PROC_FS - sfc50_l_proc_uninit(); -err_quit1: -#endif - sfc50_l_data_uninit(); -err_quit0: - return -1; -} - -static void __exit nf_sfc50_l_data_fini(void) -{ - crypto_free_hash(sfc_dt.md5.tfm); - netlink_kernel_release(sfc_dt.nl[1]); - netlink_kernel_release(sfc_dt.nl[0]); - -#ifdef CONFIG_PROC_FS - sfc50_l_proc_uninit(); -#endif - - sfc50_l_data_uninit(); - - printk(KERN_INFO "sfc50_l data module: UnInit OK\n"); -} - -module_init(nf_sfc50_l_data_init); -module_exit(nf_sfc50_l_data_fini); - -MODULE_LICENSE("GPL"); - diff --git a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.h b/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.h deleted file mode 100755 index e9bda96..0000000 --- a/linux-net-kernel/net/ipv4/netfilter/nf_sfc50_l_data.h +++ /dev/null @@ -1,99 +0,0 @@ -#ifndef __NF_SFC50_L_DATA__ -#define __NF_SFC50_L_DATA__ - -#include -#include -#include -#include -#include -#include "../../apps/include/private/kernel/kernel_msg.h" -#include "decode.h" -#include "mtrie.h" -#include "nf_gate_data.h" - -/* conntrack */ -typedef struct { - unsigned int dst; - unsigned short sp; - unsigned short dp; - unsigned char proto; -} __attribute__((packed)) sfc_ct_key; - -typedef struct { - struct hlist_node list; - struct hlist_node list_rule; - unsigned int dst; - unsigned short sp; - unsigned short dp; - unsigned char proto; - unsigned char pad[3]; - unsigned int gw; - unsigned int nf_result; - struct timer_list timeout; /* 会话删除超时 */ - u64 tmsp; /* 不可达反馈时间戳 */ -} sfc_ct; - -typedef struct { - struct hlist_node list; - struct hlist_head rule_cache; - sfc_fwd_data data; -} sfc_fwd_item; - -/* 全局数据 */ -typedef struct { - unsigned int is_inside; - unsigned int id; - unsigned int is_online; - - int key; - unsigned int gw_numb; - unsigned int *gws; - - struct hlist_head *fwd_bkt; - struct kmem_cache *fwd_cache; - int fwd_bkt_vmed; - unsigned int fwd_bkt_numb; - unsigned int fwd_rand; - - struct hlist_head *ct_bkt; - struct hlist_head ct_drop_list; - struct kmem_cache *ct_cache; - int ct_bkt_vmed; - unsigned int ct_bkt_numb; - unsigned int ct_rand; - - unsigned int mode; /* 工作模式 */ - unsigned int prefix; /* 子网 */ - unsigned int mask; - mtrie_root_t *w_root; /* 白名单 */ - struct kmem_cache *w_leaf_cache; - struct kmem_cache *w_node_cache; - - struct hash_desc md5; - - spinlock_t lock; - - struct sock *nl[2]; -} sfc50_l_data; - -extern sfc50_l_data sfc_dt; - -static inline void sfc50_l_data_lock(void) -{ - spin_lock_bh(&(sfc_dt.lock)); -} - -static inline void sfc50_l_data_unlock(void) -{ - spin_unlock_bh(&(sfc_dt.lock)); -} - -extern void sfc50_l_data_send(unsigned int dst); - -extern unsigned int sfc50_l_gw_find(struct sk_buff *old_skb, - struct iphdr *oldiph, - unsigned int *newip); - -extern int sfc50_l_cache_feedback(struct iphdr *iph); - -#endif /* __NF_SFC50_L_DATA__ */ diff --git a/linux-net-kernel/net/modules.order b/linux-net-kernel/net/modules.order deleted file mode 100755 index 9448504..0000000 --- a/linux-net-kernel/net/modules.order +++ /dev/null @@ -1,200 +0,0 @@ -kernel/net/802/p8022.ko -kernel/net/802/psnap.ko -kernel/net/802/stp.ko -kernel/net/sched/sch_cbq.ko -kernel/net/sched/sch_htb.ko -kernel/net/sched/sch_hfsc.ko -kernel/net/sched/sch_red.ko -kernel/net/sched/sch_gred.ko -kernel/net/sched/sch_dsmark.ko -kernel/net/sched/sch_sfq.ko -kernel/net/sched/sch_tbf.ko -kernel/net/sched/sch_teql.ko -kernel/net/sched/sch_prio.ko -kernel/net/sched/sch_multiq.ko -kernel/net/sched/sch_netem.ko -kernel/net/sched/sch_drr.ko -kernel/net/sched/cls_u32.ko -kernel/net/sched/cls_route.ko -kernel/net/sched/cls_fw.ko -kernel/net/sched/cls_rsvp.ko -kernel/net/sched/cls_tcindex.ko -kernel/net/sched/cls_rsvp6.ko -kernel/net/sched/cls_basic.ko -kernel/net/sched/cls_flow.ko -kernel/net/sched/cls_cgroup.ko -kernel/net/netfilter/nfnetlink.ko -kernel/net/netfilter/nfnetlink_queue.ko -kernel/net/netfilter/nfnetlink_log.ko -kernel/net/netfilter/nf_conntrack.ko -kernel/net/netfilter/nf_conntrack_proto_dccp.ko -kernel/net/netfilter/nf_conntrack_proto_gre.ko -kernel/net/netfilter/nf_conntrack_proto_sctp.ko -kernel/net/netfilter/nf_conntrack_proto_udplite.ko -kernel/net/netfilter/nf_conntrack_netlink.ko -kernel/net/netfilter/nf_conntrack_amanda.ko -kernel/net/netfilter/nf_conntrack_ftp.ko -kernel/net/netfilter/nf_conntrack_h323.ko -kernel/net/netfilter/nf_conntrack_irc.ko -kernel/net/netfilter/nf_conntrack_netbios_ns.ko -kernel/net/netfilter/nf_conntrack_pptp.ko -kernel/net/netfilter/nf_conntrack_sane.ko -kernel/net/netfilter/nf_conntrack_sip.ko -kernel/net/netfilter/nf_conntrack_tftp.ko -kernel/net/netfilter/nf_tproxy_core.ko -kernel/net/netfilter/x_tables.ko -kernel/net/netfilter/xt_tcpudp.ko -kernel/net/netfilter/xt_mark.ko -kernel/net/netfilter/xt_connmark.ko -kernel/net/netfilter/xt_CLASSIFY.ko -kernel/net/netfilter/xt_CONNSECMARK.ko -kernel/net/netfilter/xt_CT.ko -kernel/net/netfilter/xt_DSCP.ko -kernel/net/netfilter/xt_HL.ko -kernel/net/netfilter/xt_LED.ko -kernel/net/netfilter/xt_NFLOG.ko -kernel/net/netfilter/xt_NFQUEUE.ko -kernel/net/netfilter/xt_NOTRACK.ko -kernel/net/netfilter/xt_RATEEST.ko -kernel/net/netfilter/xt_SECMARK.ko -kernel/net/netfilter/xt_TPROXY.ko -kernel/net/netfilter/xt_TCPMSS.ko -kernel/net/netfilter/xt_TCPOPTSTRIP.ko -kernel/net/netfilter/xt_TEE.ko -kernel/net/netfilter/xt_TRACE.ko -kernel/net/netfilter/xt_cluster.ko -kernel/net/netfilter/xt_comment.ko -kernel/net/netfilter/xt_connbytes.ko -kernel/net/netfilter/xt_connlimit.ko -kernel/net/netfilter/xt_conntrack.ko -kernel/net/netfilter/xt_dccp.ko -kernel/net/netfilter/xt_dscp.ko -kernel/net/netfilter/xt_esp.ko -kernel/net/netfilter/xt_hashlimit.ko -kernel/net/netfilter/xt_helper.ko -kernel/net/netfilter/xt_hl.ko -kernel/net/netfilter/xt_iprange.ko -kernel/net/netfilter/xt_length.ko -kernel/net/netfilter/xt_limit.ko -kernel/net/netfilter/xt_mac.ko -kernel/net/netfilter/xt_multiport.ko -kernel/net/netfilter/xt_osf.ko -kernel/net/netfilter/xt_owner.ko -kernel/net/netfilter/xt_physdev.ko -kernel/net/netfilter/xt_pkttype.ko -kernel/net/netfilter/xt_policy.ko -kernel/net/netfilter/xt_quota.ko -kernel/net/netfilter/xt_rateest.ko -kernel/net/netfilter/xt_realm.ko -kernel/net/netfilter/xt_recent.ko -kernel/net/netfilter/xt_sctp.ko -kernel/net/netfilter/xt_socket.ko -kernel/net/netfilter/xt_state.ko -kernel/net/netfilter/xt_statistic.ko -kernel/net/netfilter/xt_string.ko -kernel/net/netfilter/xt_tcpmss.ko -kernel/net/netfilter/xt_time.ko -kernel/net/netfilter/xt_u32.ko -kernel/net/ipv4/netfilter/nf_gate_data.ko -kernel/net/ipv4/netfilter/nf_sfc50_l.ko -kernel/net/ipv4/netfilter/nf_sfc50_l_data.ko -kernel/net/ipv4/netfilter/mtrie.ko -kernel/net/ipv4/netfilter/nf_audit_work.ko -kernel/net/ipv4/netfilter/nf_gate_work.ko -kernel/net/ipv4/netfilter/nf_gate_proc.ko -kernel/net/ipv4/netfilter/nf_gate_counter.ko -kernel/net/ipv4/netfilter/nf_gate_counter_test.ko -kernel/net/ipv4/netfilter/nf_n2n_checkptk.ko -kernel/net/ipv4/netfilter/nf_n2n_sender.ko -kernel/net/ipv4/netfilter/nf_gate_pri.ko -kernel/net/ipv4/netfilter/nf_gate_if.ko -kernel/net/ipv4/netfilter/nf_gate_pri_cache.ko -kernel/net/ipv4/netfilter/nf_gate_nat.ko -kernel/net/ipv4/netfilter/nf_gate_tmp_udp.ko -kernel/net/ipv4/netfilter/nf_gate_ids.ko -kernel/net/ipv4/netfilter/nf_gate_tcp_conntrack.ko -kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat.ko -kernel/net/ipv4/netfilter/nf_defrag_ipv4.ko -kernel/net/ipv4/netfilter/nf_nat_amanda.ko -kernel/net/ipv4/netfilter/nf_nat_ftp.ko -kernel/net/ipv4/netfilter/nf_nat_h323.ko -kernel/net/ipv4/netfilter/nf_nat_irc.ko -kernel/net/ipv4/netfilter/nf_nat_pptp.ko -kernel/net/ipv4/netfilter/nf_nat_sip.ko -kernel/net/ipv4/netfilter/nf_nat_snmp_basic.ko -kernel/net/ipv4/netfilter/nf_nat_tftp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_dccp.ko -kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko -kernel/net/ipv4/netfilter/nf_nat_proto_udplite.ko -kernel/net/ipv4/netfilter/nf_nat_proto_sctp.ko -kernel/net/ipv4/netfilter/ip_tables.ko -kernel/net/ipv4/netfilter/iptable_filter.ko -kernel/net/ipv4/netfilter/iptable_mangle.ko -kernel/net/ipv4/netfilter/iptable_nat.ko -kernel/net/ipv4/netfilter/iptable_raw.ko -kernel/net/ipv4/netfilter/iptable_security.ko -kernel/net/ipv4/netfilter/ipt_addrtype.ko -kernel/net/ipv4/netfilter/ipt_ah.ko -kernel/net/ipv4/netfilter/ipt_ecn.ko -kernel/net/ipv4/netfilter/ipt_CLUSTERIP.ko -kernel/net/ipv4/netfilter/ipt_ECN.ko -kernel/net/ipv4/netfilter/ipt_LOG.ko -kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko -kernel/net/ipv4/netfilter/ipt_NETMAP.ko -kernel/net/ipv4/netfilter/ipt_REDIRECT.ko -kernel/net/ipv4/netfilter/ipt_REJECT.ko -kernel/net/ipv4/netfilter/ipt_ULOG.ko -kernel/net/ipv4/netfilter/ip_queue.ko -kernel/net/ipv4/ipip.ko -kernel/net/ipv4/ip_gre.ko -kernel/net/ipv4/ah4.ko -kernel/net/ipv4/esp4.ko -kernel/net/ipv4/ipcomp.ko -kernel/net/ipv4/xfrm4_tunnel.ko -kernel/net/ipv4/xfrm4_mode_beet.ko -kernel/net/ipv4/tunnel4.ko -kernel/net/ipv4/xfrm4_mode_transport.ko -kernel/net/ipv4/xfrm4_mode_tunnel.ko -kernel/net/ipv4/inet_diag.ko -kernel/net/ipv4/tcp_diag.ko -kernel/net/ipv4/tcp_bic.ko -kernel/net/ipv4/tcp_cubic.ko -kernel/net/ipv4/tcp_westwood.ko -kernel/net/ipv4/tcp_highspeed.ko -kernel/net/ipv4/tcp_hybla.ko -kernel/net/ipv4/tcp_htcp.ko -kernel/net/ipv4/tcp_vegas.ko -kernel/net/ipv4/tcp_veno.ko -kernel/net/ipv4/tcp_scalable.ko -kernel/net/ipv4/tcp_lp.ko -kernel/net/ipv4/tcp_yeah.ko -kernel/net/ipv4/tcp_illinois.ko -kernel/net/xfrm/xfrm_user.ko -kernel/net/xfrm/xfrm_ipcomp.ko -kernel/net/n2n_sysctl.ko -kernel/net/n2n_netlink.ko -kernel/net/llc/llc.ko -kernel/net/unix/unix.ko -kernel/net/packet/af_packet.ko -kernel/net/key/af_key.ko -kernel/net/bridge/bridge.ko -kernel/net/bridge/br_d100.ko -kernel/net/bridge/br_d100_data.ko -kernel/net/bridge/br_d1000_data.ko -kernel/net/bridge/br_d1000_proc.ko -kernel/net/bridge/br_d1000.ko -kernel/net/bridge/netfilter/ebtables.ko -kernel/net/bridge/netfilter/ebtable_broute.ko -kernel/net/bridge/netfilter/ebtable_filter.ko -kernel/net/bridge/netfilter/ebtable_nat.ko -kernel/net/bridge/netfilter/ebt_ip.ko -kernel/net/bridge/netfilter/ebt_limit.ko -kernel/net/bridge/netfilter/ebt_mark_m.ko -kernel/net/bridge/netfilter/ebt_mark.ko -kernel/net/bridge/netfilter/ebt_dnat.ko -kernel/net/bridge/netfilter/ebt_redirect.ko -kernel/net/bridge/netfilter/ebt_snat.ko -kernel/net/bridge/netfilter/ebt_log.ko -kernel/net/bridge/netfilter/ebt_ulog.ko -kernel/net/bridge/netfilter/ebt_nflog.ko From 455021db3b2309298f825598d276a72a4f221342 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Feb 2017 18:46:33 +0800 Subject: [PATCH 4/9] rm unuse file --- linux-net-kernel/net/bridge/modules.order | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100755 linux-net-kernel/net/bridge/modules.order diff --git a/linux-net-kernel/net/bridge/modules.order b/linux-net-kernel/net/bridge/modules.order deleted file mode 100755 index aa745b3..0000000 --- a/linux-net-kernel/net/bridge/modules.order +++ /dev/null @@ -1,20 +0,0 @@ -kernel/net/bridge/bridge.ko -kernel/net/bridge/br_d100.ko -kernel/net/bridge/br_d100_data.ko -kernel/net/bridge/br_d1000_data.ko -kernel/net/bridge/br_d1000_proc.ko -kernel/net/bridge/br_d1000.ko -kernel/net/bridge/netfilter/ebtables.ko -kernel/net/bridge/netfilter/ebtable_broute.ko -kernel/net/bridge/netfilter/ebtable_filter.ko -kernel/net/bridge/netfilter/ebtable_nat.ko -kernel/net/bridge/netfilter/ebt_ip.ko -kernel/net/bridge/netfilter/ebt_limit.ko -kernel/net/bridge/netfilter/ebt_mark_m.ko -kernel/net/bridge/netfilter/ebt_mark.ko -kernel/net/bridge/netfilter/ebt_dnat.ko -kernel/net/bridge/netfilter/ebt_redirect.ko -kernel/net/bridge/netfilter/ebt_snat.ko -kernel/net/bridge/netfilter/ebt_log.ko -kernel/net/bridge/netfilter/ebt_ulog.ko -kernel/net/bridge/netfilter/ebt_nflog.ko From f6668a630fd443b26c00f5b95e5603b5b5399fdf Mon Sep 17 00:00:00 2001 From: yangyazhou Date: Fri, 23 Feb 2018 10:47:24 +0800 Subject: [PATCH 5/9] change READ.ME --- ...\263\250\351\207\212\350\257\264\346\230\216.c.txt" | 3 +-- ...63\250\351\207\212\350\257\264\346\230\216.txt.txt" | 10 +--------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git "a/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.c.txt" "b/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.c.txt" index 93db69c..670e0c7 100755 --- "a/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.c.txt" +++ "b/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.c.txt" @@ -1,8 +1,7 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack linux内核网络协议栈阅读理解 - 本代码是linux内核网络协议栈源码(版本为2.6.35),主要是我读研期间在一家公司实习的时候在业余时间分析阅读的, -研究生毕业后由于工作需要,对读研期间没有阅读的剩余主要功能重新阅读了一遍。本代码对三层及其以上部分主要功能做 + 本代码是linux内核网络协议栈源码(版本为2.6.35),本代码对三层及其以上部分主要功能做 了详细注释,并对重要数据结构的各个成员进行了备注,同时对各个函数的调用关系都有详尽备注。主要参考资料为樊东东 老师的,再此对樊老师表示感谢,这是一本理解网络协议栈很好的书,两本合计1000多页,内 容比较多,但都很经典,对阅读内核协议栈源码有很大的帮助。 diff --git "a/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.txt.txt" "b/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.txt.txt" index efb6603..670e0c7 100755 --- "a/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.txt.txt" +++ "b/linu\345\206\205\346\240\270\345\215\217\350\256\256\346\240\210\346\272\220\347\240\201\351\230\205\350\257\273\347\220\206\350\247\243\350\257\246\347\273\206\346\263\250\351\207\212\350\257\264\346\230\216.txt.txt" @@ -1,8 +1,7 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack linux内核网络协议栈阅读理解 - 本代码是linux内核网络协议栈源码(版本为2.6.35),主要是我读研期间在一家公司实习的时候在业余时间分析阅读的, -研究生毕业后由于工作需要,对读研期间没有阅读的剩余主要功能重新阅读了一遍。本代码对三层及其以上部分主要功能做 + 本代码是linux内核网络协议栈源码(版本为2.6.35),本代码对三层及其以上部分主要功能做 了详细注释,并对重要数据结构的各个成员进行了备注,同时对各个函数的调用关系都有详尽备注。主要参考资料为樊东东 老师的,再此对樊老师表示感谢,这是一本理解网络协议栈很好的书,两本合计1000多页,内 容比较多,但都很经典,对阅读内核协议栈源码有很大的帮助。 @@ -33,10 +32,3 @@ linux 待分析主要模块:网桥模块,vlan模块,邻居子系统,路由表模块。 - - - - - -阅读工具source insight,如果中文乱码,按照source insight configure目录中说明操作 - From dd31611cabb766d96da40526cfde77131a049ac6 Mon Sep 17 00:00:00 2001 From: yangyazhou Date: Fri, 23 Feb 2018 10:49:28 +0800 Subject: [PATCH 6/9] change READ.ME --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 9117f26..b94faab 100755 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack linux鍐呮牳缃戠粶鍗忚鏍堥槄璇荤悊瑙 - 鏈唬鐮佹槸linux鍐呮牳缃戠粶鍗忚鏍堟簮鐮(鐗堟湰涓2.6.35)锛屼富瑕佹槸鎴戣鐮旀湡闂村湪涓瀹跺叕鍙稿疄涔犵殑鏃跺欏湪涓氫綑鏃堕棿鍒嗘瀽闃呰鐨勶紝 -鐮旂┒鐢熸瘯涓氬悗鐢变簬宸ヤ綔闇瑕侊紝瀵硅鐮旀湡闂存病鏈夐槄璇荤殑鍓╀綑涓昏鍔熻兘閲嶆柊闃呰浜嗕竴閬嶃傛湰浠g爜瀵逛笁灞傚強鍏朵互涓婇儴鍒嗕富瑕佸姛鑳藉仛 + 鏈唬鐮佹槸linux鍐呮牳缃戠粶鍗忚鏍堟簮鐮(鐗堟湰涓2.6.35)锛屾湰浠g爜瀵逛笁灞傚強鍏朵互涓婇儴鍒嗕富瑕佸姛鑳藉仛 浜嗚缁嗘敞閲婏紝骞跺閲嶈鏁版嵁缁撴瀯鐨勫悇涓垚鍛樿繘琛屼簡澶囨敞锛屽悓鏃跺鍚勪釜鍑芥暟鐨勮皟鐢ㄥ叧绯婚兘鏈夎灏藉娉ㄣ備富瑕佸弬鑰冭祫鏂欎负妯婁笢涓 鑰佸笀鐨锛屽啀姝ゅ妯婅佸笀琛ㄧず鎰熻阿锛岃繖鏄竴鏈悊瑙g綉缁滃崗璁爤寰堝ソ鐨勪功锛屼袱鏈悎璁1000澶氶〉锛屽唴 瀹规瘮杈冨锛屼絾閮藉緢缁忓吀锛屽闃呰鍐呮牳鍗忚鏍堟簮鐮佹湁寰堝ぇ鐨勫府鍔┿ @@ -33,4 +32,3 @@ linux鍐呮牳缃戠粶鍗忚鏍堥槄璇荤悊瑙 寰呭垎鏋愪富瑕佹ā鍧:缃戞ˉ妯″潡锛寁lan妯″潡锛岄偦灞呭瓙绯荤粺锛岃矾鐢辫〃妯″潡銆 -闃呰宸ュ叿source insight,濡傛灉涓枃涔辩爜锛屾寜鐓ource insight configure鐩綍涓鏄庢搷浣 \ No newline at end of file From f077f391c9d1781cc2c8c1b5a93ebbdd4d1e4401 Mon Sep 17 00:00:00 2001 From: yangyazhou Date: Thu, 28 Feb 2019 11:31:34 +0800 Subject: [PATCH 7/9] renew README.md --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index b94faab..96e7daf 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,16 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack + +QQ浜ゆ祦缇1(閽堝鍦ㄦ牎鐢)-(缇ゅ彿锛568892619 ) +=================================== +缇ゅ彿锛568892619 + 鍦ㄦ牎鐢焠ginx銆乺edis銆乵emcache銆乼wemproxy绛夋簮鐮佸疄鐜颁氦娴侊紝鎸囧紩鍦ㄦ牎鐢熷揩閫熼槄璇昏繖浜涘簳灞傚紑婧愬熀纭涓棿浠朵唬鐮侊紝瀵逛互鍚庡伐浣滃緢鏈夊府鍔 + +QQ浜ゆ祦缇2(閽堝宸插伐浣滐紝鏈変竴浜涙妧鏈熀纭鐨勫悓瀛)-(581089275) +=================================== +缇ゅ彿: 581089275 + 涓昏閽堝鏈変竴瀹氭妧鏈熀纭鐨勫紑鍙戜汉鍛橈紝鎻愬崌鍏跺熀纭缁勪欢婧愮爜鎶鏈繁搴(濡俷ginx銆乺edis銆乵emcache銆乼wemproxy銆乵ongodb銆佸瓨鍌ㄥ紩鎿庛佸唴鏍哥綉缁滃崗璁爤绛)锛屽悓鏃跺彲浠ュ府鍔╀笟鍔″紑鍙戙佽繍缁村紑鍙戙佸祵鍏ュ紡绛夊叾浠栧伐浣滄柟鍚戠殑鍚屽杞熀纭缁勪欢銆佷腑闂翠欢銆佸垎甯冨紡瀛樺偍銆侀珮鎬ц兘鏈嶅姟鍣ㄧ瓑寮鍙 + +=================================== linux鍐呮牳缃戠粶鍗忚鏍堥槄璇荤悊瑙 鏈唬鐮佹槸linux鍐呮牳缃戠粶鍗忚鏍堟簮鐮(鐗堟湰涓2.6.35)锛屾湰浠g爜瀵逛笁灞傚強鍏朵互涓婇儴鍒嗕富瑕佸姛鑳藉仛 From af6a07af492a2b894b73084d80ecc0e26d49a2d7 Mon Sep 17 00:00:00 2001 From: yangyazhou Date: Sun, 7 Apr 2019 15:03:58 +0800 Subject: [PATCH 8/9] renew READ.me --- README.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/README.md b/README.md index 96e7daf..90d18cd 100755 --- a/README.md +++ b/README.md @@ -1,14 +1,5 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack -QQ浜ゆ祦缇1(閽堝鍦ㄦ牎鐢)-(缇ゅ彿锛568892619 ) -=================================== -缇ゅ彿锛568892619 - 鍦ㄦ牎鐢焠ginx銆乺edis銆乵emcache銆乼wemproxy绛夋簮鐮佸疄鐜颁氦娴侊紝鎸囧紩鍦ㄦ牎鐢熷揩閫熼槄璇昏繖浜涘簳灞傚紑婧愬熀纭涓棿浠朵唬鐮侊紝瀵逛互鍚庡伐浣滃緢鏈夊府鍔 - -QQ浜ゆ祦缇2(閽堝宸插伐浣滐紝鏈変竴浜涙妧鏈熀纭鐨勫悓瀛)-(581089275) -=================================== -缇ゅ彿: 581089275 - 涓昏閽堝鏈変竴瀹氭妧鏈熀纭鐨勫紑鍙戜汉鍛橈紝鎻愬崌鍏跺熀纭缁勪欢婧愮爜鎶鏈繁搴(濡俷ginx銆乺edis銆乵emcache銆乼wemproxy銆乵ongodb銆佸瓨鍌ㄥ紩鎿庛佸唴鏍哥綉缁滃崗璁爤绛)锛屽悓鏃跺彲浠ュ府鍔╀笟鍔″紑鍙戙佽繍缁村紑鍙戙佸祵鍏ュ紡绛夊叾浠栧伐浣滄柟鍚戠殑鍚屽杞熀纭缁勪欢銆佷腑闂翠欢銆佸垎甯冨紡瀛樺偍銆侀珮鎬ц兘鏈嶅姟鍣ㄧ瓑寮鍙 =================================== linux鍐呮牳缃戠粶鍗忚鏍堥槄璇荤悊瑙 From db69c12f72341a72d0ab494b39341b5cb36de1a6 Mon Sep 17 00:00:00 2001 From: y123456yz <3058078489@qq.com> Date: Thu, 24 Dec 2020 11:01:42 +0800 Subject: [PATCH 9/9] renew READ.MD --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 90d18cd..f08da00 100755 --- a/README.md +++ b/README.md @@ -1,5 +1,14 @@ DDD# Reading-and-comprehense-linux-Kernel-network-protocol-stack +nginx楂樺苟鍙戣璁′紭绉鎬濇兂搴旂敤浜庡叾浠栭珮骞跺彂浠g悊涓棿浠: +=================================== + * [楂樻ц兘 -Nginx 澶氳繘绋嬮珮骞跺彂銆佷綆鏃跺欢銆侀珮鍙潬鏈哄埗鍦ㄧ櫨涓囩骇缂撳瓨 (redis銆乵emcache) 浠g悊涓棿浠朵腑鐨勫簲鐢╙(https://xie.infoq.cn/article/2ee961483c66a146709e7e861) + +redis銆乶ginx銆乵emcache銆乼wemproxy銆乵ongodb绛夋洿澶氫腑闂翠欢锛屽垎甯冨紡绯荤粺锛岄珮鎬ц兘鏈嶅姟绔牳蹇冩濇兂瀹炵幇鍗氬: +=================================== + * [涓棿浠躲侀珮鎬ц兘鏈嶅姟鍣ㄣ佸垎甯冨紡瀛樺偍绛(redis銆乵emcache銆乸ika銆乺ocksdb銆乵ongodb銆亀iredtiger銆侀珮鎬ц兘浠g悊涓棿浠)浜屾寮鍙戙佹ц兘浼樺寲锛岄愭鏁寸悊鏂囨。璇存槑骞堕厤鍚坉emo鎸囧](https://github.com/y123456yz/middleware_development_learning) + + =================================== linux鍐呮牳缃戠粶鍗忚鏍堥槄璇荤悊瑙