Îå¡¢ ipt_do_table()º¯Êý£¬Êý¾Ý°üµÄ¹ýÂË
5.1 ipt_entry Ïà¹Ø½á¹¹ ip_tables.h
ipt_entry½á¹¹Ç°ÃæÓйýÁË£¬ÔÙ¿´Ò»±é
struct ipt_entry
{
struct ipt_ip ip;
/* ËùҪƥÅäµÄ±¨ÎĵÄIPÍ·ÐÅÏ¢ */
unsigned int nfcache;
/* λÏòÁ¿£¬±êʾ±¾¹æÔò¹ØÐı¨ÎĵÄʲô²¿·Ö£¬ÔÝδʹÓà */
u_int16_t target_offset;
/* targetÇøµÄÆ«ÒÆ£¬Í¨³£targetÇøλÓÚmatchÇøÖ®ºó£¬¶ømatchÇøÔòÔÚipt_entryµÄĩβ£»
³õʼ»¯Îªsizeof(struct ipt_entry)£¬¼´¼Ù¶¨Ã»ÓÐmatch */
u_int16_t next_offset;
/* ÏÂÒ»Ìõ¹æÔòÏà¶ÔÓÚ±¾¹æÔòµÄÆ«ÒÆ£¬Ò²¼´±¾¹æÔòËùÓÿռäµÄ×ܺͣ¬
³õʼ»¯Îªsizeof(struct ipt_entry)+sizeof(struct ipt_target)£¬¼´Ã»ÓÐmatch */
unsigned int comefrom;
/* λÏòÁ¿£¬±ê¼Çµ÷Óñ¾¹æÔòµÄHOOKºÅ£¬¿ÉÓÃÓÚ¼ì²é¹æÔòµÄÓÐЧÐÔ */
struct ipt_counters counters;
/* ¼Ç¼¸Ã¹æÔò´¦Àí¹ýµÄ±¨ÎÄÊýºÍ±¨ÎÄ×Ü×Ö½ÚÊý */
unsigned char elems[0];
/*target»òÕßÊÇmatchµÄÆðʼλÖà */
}
ipt_ip½á¹¹ ip_tables.h
struct ipt_ip {
struct in_addr src, dst; /* À´Ô´/Ä¿µÄµØÖ· */
struct in_addr smsk, dmsk; /* À´Ô´/Ä¿µÄµØÖ·µÄÑÚÂë */
char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; /*ÊäÈëÊä³öÍøÂç½Ó¿Ú*/
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
u_int16_t proto; /* ÐÒé, 0 = ANY */
u_int8_t flags; /* ±êÖ¾×ֶΠ*/
u_int8_t invflags; /* È¡·´±êÖ¾ */
};
5.2 ipt_do_tableº¯Êý ip_tables.c
unsigned int
ipt_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
&
Linux»·¾³½ø³Ì¼äͨÐÅ£¨¶þ£©:
Ðźţ¨Ï£©
ÎĵµÑ¡Ïî
<tr
valign="top"><td width="8"><img alt="" height="1" width="8"
src="//www.ibm.com/i/c.gif"/></td><td width="16"><img alt="" width=& ......
