netfilter

insmod: ERROR: could not insert module kernel.ko: Invalid parameters - Error related to naming scheme of kernel module

霸气de小男生 提交于 2021-02-17 03:56:07
问题 I'm using C to create a custom kernel module to hook into the netfilter operation on my Ubuntu box. However, I'm running into a problem revolving around the module_param argument. When inserting the module, I'm attempting to add a custom field, specifically this will drop ICMP traffic when specified. The code compiles fine using a standard make file but when using insmod to insert it, I get the error insmod: ERROR: could not insert module kernel.ko: Invalid parameters I'm using the command

How to get information about wireless net_devices

一曲冷凌霜 提交于 2021-02-10 05:30:27
问题 I am working in Linux kernel module which is using NF_INET_PRE_ROUTING hook. In that hook I need to know the status of all my net_devices, specially wireless devices. I am able get some information about devices from net_device->flags i.e IFF_UP is device up or down. But I need some more detail about the wireless net_device . Is net_device wireless / wired? Is wireless devices connected to wireless access point? If yes which wireless access point (name of access point)? Gateway address

How to get information about wireless net_devices

爱⌒轻易说出口 提交于 2021-02-10 05:27:55
问题 I am working in Linux kernel module which is using NF_INET_PRE_ROUTING hook. In that hook I need to know the status of all my net_devices, specially wireless devices. I am able get some information about devices from net_device->flags i.e IFF_UP is device up or down. But I need some more detail about the wireless net_device . Is net_device wireless / wired? Is wireless devices connected to wireless access point? If yes which wireless access point (name of access point)? Gateway address

How to access IP_DF and IP_MF from iph->frag_offset when using netfilter

元气小坏坏 提交于 2020-12-13 07:19:58
问题 I am trying to write a netfilter module and want to access the fields of the IPHeader that denotes the DF and MF fields. I can access most other fields as desired but I think I have to extract the DF and MF fields from the ipheader in the struct and manipulate them say for example I want to set or unset the DF bit depending on the type of packet I receive. The below structure has 'frag_off' how do I access/rewrite IP_DF and IP_MF from this? struct iphdr { #if defined(__LITTLE_ENDIAN_BITFIELD)

How to access IP_DF and IP_MF from iph->frag_offset when using netfilter

谁说我不能喝 提交于 2020-12-13 07:18:13
问题 I am trying to write a netfilter module and want to access the fields of the IPHeader that denotes the DF and MF fields. I can access most other fields as desired but I think I have to extract the DF and MF fields from the ipheader in the struct and manipulate them say for example I want to set or unset the DF bit depending on the type of packet I receive. The below structure has 'frag_off' how do I access/rewrite IP_DF and IP_MF from this? struct iphdr { #if defined(__LITTLE_ENDIAN_BITFIELD)

Rewriting network packets on the fly using libnetfilter_queue

早过忘川 提交于 2020-05-25 04:57:11
问题 I am attempting to write a userspace application that can hook into an OS's network stack, sniff packets flying past and edit ones that its interested in. After much Googling, it appears to me that the simplest (yet reasonably robust) method of doing so (on any platform) is Linux's libnetfilter_queue project. However, I'm having trouble finding any reasonable documentation for the project, outside of the limited official documentation. Its main features (as stated by the first link are)

iptables常用的防御功能实例

醉酒当歌 提交于 2020-04-25 13:23:23
一、使用 connlimit 模块, 控制 并发访问(CC / DOS )量: iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j LOG --log-prefix "WEB Attack" 示例配置 如下: *filter -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j LOG --log-prefix "WEB Attack" -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT 结果 图: 效果图: sudo

20199111 2019-2020-2 《网络攻防实践》第六周作业

喜你入骨 提交于 2020-04-07 14:16:46
20199111 2019-2020-2 《网络攻防实践》第六周作业 1.实践内容 1.1安全模型 静态安全模型:对网络进行风险分析,制定相应的安全策略,然后采取安全技术作为防护措施,主要针对固定、静态的威胁和环境弱点。 PDR安全模型:基于闭环控制理论的时间动态可适应网络安全模型,以经典的网络安全不等式P>D+R(保护、检测、响应)为本质基础,并提出安全性可量化和可计算的观点。 P2DR安全模型:基于PDR安全模型提出,增加了Policy分析制定安全策略,并以此为核心,所有的防护、检测、响应都是依据安全策略实施的。 1.2防火墙技术 防火墙指的是置于不同的网络安全域之间,对网络流量或访问行为实施访问控制的安全组件或设备,达到保护特定网络安全域免受非法访问和破坏的安全目标 Linux系统中提供了开源的netfilter/iptables解决方案,可以帮助网络管理员在自己的网络中快速实施防火墙边界保护。具体提供: 检查控制进出网络的网络流量 防止脆弱或不安全的协议和服务 防止内部网络信息的外泄 对网络存取和访问进行监控审计 防火墙可以强化网络安全策略并集成其他安全防御机制 netfilter/iptables工作原理: 在nefilter/iptables防火墙系统中,netfilter组件位于Linux的内核空间中,实现了静态包过滤和状态报文检查(即动态包过滤)基本防火墙功能
订阅 netfilter