†††
†
†
| | +--- mod_strmodops | | | | | | +--- fwall_rput() | +--- fwall_open() | +--- fwall_close() | +--- minfo | | +--- fwall_rput() +--- minfo
†1 /* Simple filter 2 * /usr/local/bin/gcc -D_KERNEL fwall.c -c 3 * ld -dn -r fwall.o -o fwall 4 */ 5 6 /* added headers */ 7 #include <sys/modctl.h> 8 9 /* sample headers */ 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stream.h> 13 #include <sys/stropts.h> 14 #include <sys/ddi.h> 15 #include <sys/sunddi.h> 16 17 /* header's for network */ 18 #include <netinet/in.h> 19 #include <sys/types.h> 20 #include <sys/socket.h> 21 #include <sys/stropts.h> 22 #include <sys/dlpi.h> 23 #include <fcntl.h> 24 #include <sys/signal.h> 25 #include <sys/stream.h> 26 #include <net/if.h> 27 #include <netinet/if_ether.h> 28 #include <netinet/in_systm.h> 29 #include <netinet/tcp.h> 30 #include <netinet/ip.h> 31 32 #define REJECTADDR 0xac1d4958 /* 172.29.73.88 */ 33 34 35 static int fwall_open (queue_t*, dev_t*, int, int, cred_t*); 36 static int fwall_rput (queue_t*, mblk_t*); 37 static int fwall_wput (queue_t*, mblk_t*); 38 static int fwall_close (queue_t*, int, int, cred_t*); 39 40 static struct module_info minfo = 41 { 0xdefe, "fwall", 1, INFPSZ, 512, 128 }; 42 43 static struct qinit rinit = { 44 fwall_rput, NULL, fwall_open, fwall_close, NULL, &minfo, NULL}; 45 46 static struct qinit winit = { 47 fwall_wput, NULL, NULL, NULL, NULL, &minfo, NULL}; 48 49 struct streamtab fwmdinfo={ 50 &rinit, &winit, NULL, NULL}; 51 52 static struct fmodsw fw_fmodsw ={ 53 "fwall", &fwmdinfo, D_NEW | D_MP |D_MTQPAIR }; 54 55 struct modlstrmod modlstrmod ={ 56 &mod_strmodops, "simple module for test", &fw_fmodsw }; 57 58 static struct modlinkage modlinkage ={ 59 MODREV_1, (void *)&modlstrmod, NULL }; 60 61 _init() 62 { 63 return (mod_install(&modlinkage)); 64 } 65 66 _info(modinfop) 67 struct modinfo *modinfop; 68 { 69 return (mod_info(&modlinkage, modinfop)); 70 } 71 72 _fini(void) 73 { 74 return (mod_remove(&modlinkage)); 75 } 76 77 78 static int fwall_open (queue_t* q, dev_t *dev, int oflag, int sflag, cred_t *cred) 79 { 80 if (sflag != MODOPEN) 81 return EINVAL; 82 q->q_ptr = WR(q)->q_ptr = NULL; 83 qprocson(q); 84 return (0); 85 } 86 87 static int fwall_close (queue_t *q, int flag, int sflag, cred_t *cred) 88 { 89 qprocsoff(q); 90 q->q_ptr = WR(q)->q_ptr = NULL; 91 return(0); 92 } 93 94 static int 95 fwall_wput(queue_t *q, mblk_t *mp) 96 { 97 putnext(q, mp); 98 return (0); 99 } 100 101 static int 102 fwall_rput(queue_t *q, mblk_t *mp) 103 { 104 struct ip *ip; 105 106 if (mp->b_datap->db_type == M_DATA) { 107 u_char *rptr = mp->b_rptr; 108 int dlen = mp->b_wptr - mp->b_rptr; 109 char msg[100]; 110 111 ip = (struct ip *)&rptr[0]; 112 113 sprintf(msg, "%d.%d.%d.%d -> %d.%d.%d.%d Len:%d Protocol:%d", 114 ip->ip_src._S_un._S_un_b.s_b1, ip->ip_src._S_un._S_un_b.s_b2, ip->ip_src._S_un._S_un_b.s_b3, ip->ip_src._S_un._S_un_b.s_b4, 115 ip->ip_dst._S_un._S_un_b.s_b1, ip->ip_dst._S_un._S_un_b.s_b2, ip->ip_dst._S_un._S_un_b.s_b3, ip->ip_dst._S_un._S_un_b.s_b4, 116 ip->ip_len, ip->ip_p); 117 cmn_err(CE_CONT, "%s",msg); 118 119 if( ip->ip_src._S_un._S_addr == REJECTADDR){ 120 freemsg(mp); 121 cmn_err(CE_CONT, "Packet Dropped"); 122 return(0); 123 } 124 125 } /* if M_DATA */ 126 127 putnext(q, mp); 128 return (0); 129 } ††# /usr/local/bin/gcc fwall.c -D_KERNEL -c # /usr/ucb/ld -dn -r fwall.o -o fwall # /bin/cp fwall /kernel/strmod/fwall # /bin/cp fwall /kernel/strmod/sparcv9/fwall †# /usr/sbin/modload fwall # ifconfig le0 modinsert fwall@2 # ifconfig le0 modlist 0 arp 1 ip 3 le # ifconfig le0 modlist 0 arp 1 ip 2 le # make # make install # make uninstall 1 CC = /usr/local/bin/gcc 2 PRODUCTS = fwall 3 AUTOPUSH = /etc/autopush 4 ECHO = /bin/echo 5 CP = /bin/cp 6 RM = /bin/rm 7 LD = /usr/ucb/ld 8 RM = /bin/rm 9 CAT = /bin/cat 10 AWK = /bin/awk 11 MODLOAD = /usr/sbin/modload 12 MODUNLOAD = /usr/sbin/modunload 13 MODINFO = /usr/sbin/modinfo 14 15 16 all: $(PRODUCTS) 17 18 clean: 19 rm -f fwall fwall.o 20 21 fwall: fwall.c 22 $(CC) fwall.c -D_KERNEL -c 23 $(LD) -dn -r fwall.o -o fwall 24 25 install: 26 -$(CP) fwall /kernel/strmod/fwall 27 $(MODLOAD) fwall 28 ifconfig le0 modinsert fwall@2 29 30 uninstall: 31 ifconfig le0 modremove fwall@2 32 -$(MODUNLOAD) -i `$(MODINFO) | $(AWK) '/fwall/{ print $1 }'` 33 -$(RM) /kernel/strmod/fwall
32 #define REJECTADDR 0xac1d4958 /* 172.29.73.88 */
113 sprintf(msg, "%d.%d.%d.%d -> %d.%d.%d.%d Len:%d Protocol:%d", 114 ip->ip_src._S_un._S_un_b.s_b1, ip->ip_src._S_un._S_un_b.s_b2, 115 ip->ip_dst._S_un._S_un_b.s_b1, ip->ip_dst._S_un._S_un_b.s_b2, 116 ip->ip_len, ip->ip_p); 117 cmn_err(CE_CONT, "%s",msg); |