¡¾×ªÌûLINUX¡¿netfilterÖеÄconntrackÄÚºËÔĶÁ±Ê¼Ç(3)
2008-07-07 22:06
PREROUTING£ºip_conntrack_defrag à ip_conntrack_in
1£¬ip_conntrack_defrag:
ͨ³£µ±IP±¨Îı»ËÍÖÁL4²ã´¦Àíʱ£¬Èç¹û¸Ã±¨ÎÄÊÇ·ÖƬ±¨ÎÄ£¬ÄÇô±¨ÎľͻáÏȱ»±£´æÆðÀ´£¬Ö±µ½ËùÓзÖƬµ½´ïºóÖØ×é³ÉÒ»¸öÍêÕû±¨Îĺó£¬ÔÙ±»·Ö·¢µ½L4²ã¡£µ±Ã»ÓÐÆô¶¯conntrackʱ£¬netfilter¸÷HOOKµã¶Ô±¨ÎIJÙ×÷ʱ£¬²¢²»¼ì²é¸Ã±¨ÎÄÊÇ·ñ·ÖƬ£»µ«ÊÇÈç¹ûÆô¶¯conntrack¹¦ÄÜ£¬Ôò±ØÐë±£Ö¤½øÈënetfilter HOOKµãµÄ±¨ÎÄÊÇÒ»¸öÍêÕûµÄ±¨ÎÄ£¬Òò´Ëip_conntrack_defragÒ»°ã´¦ÓÚ×îÇ°¶ËµÄHOOK£¬¸ºÔ𽫷ÖƬ±¨ÎÄÖØ×é¡£
/* Èô±¨ÎÄ·ÖƬ£¬Ôò µ÷ÓÃip_ct_gather_frags ×é×°±¨ÎÄ£¬Èç¹ûËùÓзÖƬ¾ùÒѵ½´ï£¬pskbÖ¸ÏòÐÂÉú³ÉµÄ±¨ÎÄ£¬¼ÌÐøÑØ×ÅHOOKÁ´½øÐÐÏÂÒ»²½´¦Àí£»·ñÔòΪ¿Õ£¬±¨Îı»»º´æµÈ´ýÏÂÒ»·ÖƬµ½À´*/
if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
*pskb = ip_ct_gather_frags(*pskb,
hooknum == NF_IP_PRE_ROUTING ?
IP_DEFRAG_CONNTRACK_IN :
IP_DEFRAG_CONNTRACK_OUT);
if (!*pskb)
return NF_STOLEN;
}
return NF_ACCEPT;
ip_ct_gather_fragsÖ±½Óµ÷ÓÃip_defrag´¦ÀíIP·ÖƬ±¨ÎÄ¡£¶ÔÓÚ·ÖƬ±¨ÎĵÄÖØ×éÖ÷ÒªÔÚip_fragment.cÖÐÍê³É¡£
3, resolve_normal_ct£º
resolve_normal_ctÔÚÈ«¾ÖÁ¬½Ó±íÖУ¬²éÕÒÓë¸Ã±¨ÎÄÏàÓ¦µÄÁ¬½Ó״̬£¬·µ»ØµÄÊÇip_conntrackµÄÖ¸Õ룬ÓÃÓÚÃèÊöºÍ¼Ç¼Á¬½ÓµÄ״̬£»Èô¸ÃÁ¬½ÓÉв»´æÔÚ£¬Ôò´´½¨ÏàÓ¦µÄ½á¹¹£¬²¢½øÐгõʼ»¯£¬ÉèÖÃÁ¬½Ó״̬¡£
/*1,½«Êý¾Ý°üµÄÄÚÈÝת»¯³ÉÏàÓ¦µÄtuple£¬¶ÔÓÚºÍÐÒéÏà¹ØµÄ²¿·Ö£¬Èç¶Ë¿Ú£¬Ôòµ÷ÓÃÏà¹ØÐÒéµÄ´¦Àíº¯Êýpkt_to_tuple*/
if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4,
Ïà¹ØÎĵµ£º
Ò»¸öСÀúÊ·½«ÓÐÖúÓÚ°ïÖúÄúÀí½â Security-Enhanced Linux£¨SELinux£©——¶øÇÒËü±¾ÉíÒ²ÊǶÎÓÐȤµÄÀúÊ·¡£
ÃÀ¹ú¹ú¼Ò°²È«¾Ö
£¨National
Security
Agency£¬NSA£©³¤Ê±¼äÒÔÀ´¾Í¹Ø×¢´ó²¿·Ö²Ù×÷ϵͳÖÐÊÜÏ޵ݲȫÄÜÁ¦¡£±Ï¾¹£¬ËûÃǵŤ×÷Ö®Ò»¾ÍÊÇҪȷ±£ÃÀ¹ú¹ú·À²¿Ê¹ÓõļÆËã»úÔÚà ......
Linux LVM µÄʹÓÃÏê½â
ÕªÒª£º LinuxÓû§°²×°Linux²Ù×÷ϵͳʱÓöµ½µÄÒ»¸ö×î³£¼ûµÄÄÑÒÔ¾ö¶¨µÄÎÊÌâ¾ÍÊÇÈçºÎÕýÈ·µØ¸øÆÀ¹À¸÷·ÖÇø´óС£¬ÒÔ·ÖÅäºÏÊʵÄÓ²Å̿ռ䡣¶øÓöµ½³öÏÖij¸ö·ÖÇø¿Õ¼äºÄ¾¡Ê±£¬½â¾öµÄ·½·¨Í¨³£ÊÇʹÓ÷ûºÅÁ´½Ó£¬»òÕßʹÓõ÷Õû·ÖÇø´óСµÄ¹¤¾ß(±ÈÈçPatition MagicµÈ)£¬µ«ÕⶼֻÊÇÔÝʱ½â¾ö°ì·¨£¬Ã»Óиù±¾½â¾öÎÊÌâ¡£Ëæ×ÅL ......
ÊÇÒªÓм¸¸ö½×¶ÎµÄ¡£ ¿ªÊ¼¿´ulk,
ulk×îºÃµÄµØ·½¾ÍÊÇËûËù³«µ¼µÄѧϰ·½·¨ÌرðºÃ¡£µ±ÄãÏëѧϰij·½Ãæʱ£¬ÏÈ¿´Í·Îļþ£¬ÔÚû°Ñÿ¸öÊý¾Ý½á¹¹ÖеÄÿ¸öÊý¾ÝÔªËØŪÇå³þ֮ǰ²»Òª¿´ÊµÏÖ´úÂë¡£
¶ÁÍêÍ·Îļþ£¬Òâζ×ÅÆäÖеÄ×éÖ¯¹Øϵ¸ú±ðµÄµØ·½µÄÁªÏµ¾ÍÇå³þÁË£¬ÕâʱºòÄãÈ¥¿´ÊµÏֵĴúÂëÄã»á·¢ÏÖËûÒѾ×öµÄÕýÊÇÄãËùÏëµÄ¡£
¸ú×Åulk°ÑÕâЩ»ù±¾µ ......
4. Threads
To use the POSIX standard thread API (pthreads), link libpthread.so
to your program.
4.1. Thread Creation
Each thread in a process is identified by a thread ID,
pthread_t.
The pthread_self function returns the thread ID of the current
thread.
This thread IDs can be compared ......
6. Devices
A device driver hides the hardware device’s communication
protocols from the operating system and allows the system to interact with the
device through a standardized interface.
Processes can communicate with a device driver via
file-like objects.
6.1 Device Types
A c ......
