Linux netfilterÔ´Âë·ÖÎö(5)

Îå¡¢ ipt_do_table()º¯Êý£¬Êý¾Ý°üµÄ¹ýÂË
 
5.1          ipt_entry Ïà¹Ø½á¹¹  ip_tables.h
ipt_entry½á¹¹Ç°ÃæÓйýÁË£¬ÔÙ¿´Ò»±é
struct ipt_entry
{
struct ipt_ip ip;
/* ËùҪƥÅäµÄ±¨ÎĵÄIPÍ·ÐÅÏ¢ */
unsigned int nfcache;
/* λÏòÁ¿£¬±êʾ±¾¹æÔò¹ØÐı¨ÎĵÄʲô²¿·Ö£¬ÔÝδʹÓà */
u_int16_t target_offset;
/* targetÇøµÄÆ«ÒÆ£¬Í¨³£targetÇøλÓÚmatchÇøÖ®ºó£¬¶ømatchÇøÔòÔÚipt_entryµÄĩβ£»
³õʼ»¯Îªsizeof(struct ipt_entry)£¬¼´¼Ù¶¨Ã»ÓÐmatch */
u_int16_t next_offset;
/* ÏÂÒ»Ìõ¹æÔòÏà¶ÔÓÚ±¾¹æÔòµÄÆ«ÒÆ£¬Ò²¼´±¾¹æÔòËùÓÿռäµÄ×ܺͣ¬
³õʼ»¯Îªsizeof(struct ipt_entry)+sizeof(struct ipt_target)£¬¼´Ã»ÓÐmatch */
unsigned int comefrom;
/* λÏòÁ¿£¬±ê¼Çµ÷Óñ¾¹æÔòµÄHOOKºÅ£¬¿ÉÓÃÓÚ¼ì²é¹æÔòµÄÓÐЧÐÔ */
struct ipt_counters counters;
/* ¼Ç¼¸Ã¹æÔò´¦Àí¹ýµÄ±¨ÎÄÊýºÍ±¨ÎÄ×Ü×Ö½ÚÊý */
unsigned char elems[0];
/*target»òÕßÊÇmatchµÄÆðʼλÖà */
}
 
ipt_ip½á¹¹  ip_tables.h
struct ipt_ip {
      struct in_addr src, dst;         /* À´Ô´/Ä¿µÄµØÖ· */
      struct in_addr smsk, dmsk;     /* À´Ô´/Ä¿µÄµØÖ·µÄÑÚÂë */
 
      char iniface[IFNAMSIZ], outiface[IFNAMSIZ];    /*ÊäÈëÊä³öÍøÂç½Ó¿Ú*/
      unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
 
      u_int16_t proto;    /* ЭÒé, 0 = ANY */
     
      u_int8_t flags;      /* ±êÖ¾×ֶΠ*/
      u_int8_t invflags;    /* È¡·´±êÖ¾ */
};
 
 
5.2  ipt_do_tableº¯Êý   ip_tables.c
 
unsigned int
ipt_do_table(struct sk_buff **pskb,
           unsigned int hook,
           const struct net_device *in,
    &