修复hash_32的bug,增加进程监控(没做完,还需要加一些东西)

linux_kernel/network.c

@@ -1,6 +1,6 @@
 #include "network.h"
 
-void block_ip_address(size_t ip_address, size_t time_sec) {
+void block_ip_address(u32 ip_address, size_t time_sec) {
     struct ip_hashmap_node_t *data = get_ipdata_by_hashmap(ip_address);
     const s64 current_time_sec = ktime_get_real_seconds();
 
@@ -17,7 +17,7 @@ void block_ip_address(size_t ip_address, size_t time_sec) {
     data->info.ip_meta_info.remove_time = current_time_sec + time_sec;
     data->info.ip_meta_info.is_attack = true;
 }
-bool check_is_blacklist_ip(size_t ip_address) {
+bool check_is_blacklist_ip(u32 ip_address) {
     struct ip_hashmap_node_t *data = get_ipdata_by_hashmap(ip_address);
     if (data == NULL) {
         return false;
@@ -37,7 +37,7 @@ bool check_syn_attack(struct iphdr *ip_header, struct sk_buff *skb) {
         if (tcp_header->syn == 0 || tcp_header->ack || tcp_header->rst) {
             break;
         }
-        size_t ip_address_key = ip_header->saddr;
+        u32 ip_address_key = ip_header->saddr;
         struct ip_hashmap_node_t *data = get_ipdata_by_hashmap(ip_address_key);
         const s64 current_time_sec = ktime_get_real_seconds();
         if (data == NULL) {
@@ -87,7 +87,7 @@ bool check_ssh_brute_force_attack(struct iphdr *ip_header,
         if (ntohs(tcp_header->dest) != SSH_PORT) {
             break;
         }
-        size_t ip_address_key = ip_header->saddr;
+        u32 ip_address_key = ip_header->saddr;
         struct ip_hashmap_node_t *data = get_ipdata_by_hashmap(ip_address_key);
         const s64 current_time_sec = ktime_get_real_seconds();
         if (data == NULL) {
@@ -118,20 +118,9 @@ bool check_ssh_brute_force_attack(struct iphdr *ip_header,
     } while (false);
     return is_block;
 }
-unsigned int network_callback(const struct nf_hook_ops *ops,
-                              struct sk_buff *skb, const struct net_device *in,
-                              const struct net_device *out,
-                              int (*okfn)(struct sk_buff *)) {
+bool check_in_packet(struct iphdr *ip_header, struct sk_buff *skb) {
     bool is_block = false;
     do {
-        if (skb == NULL) {
-            break;
-        }
-        struct iphdr *ip_header = ip_hdr(skb);
-
-        if (ip_header == NULL) {
-            break;
-        }
         if (check_is_blacklist_ip(ip_header->saddr)) {
             is_block = true;
             printk(KERN_ERR "Block ip address: %pI4\n", &ip_header->saddr);
@@ -153,7 +142,31 @@ unsigned int network_callback(const struct nf_hook_ops *ops,
             // push ip address to list
             push_msg_new_ip_connect(ip_header->saddr);
         }
+    } while (false);
 
+    return is_block;
+}
+unsigned int network_callback(const struct nf_hook_ops *ops,
+                              struct sk_buff *skb, const struct net_device *in,
+                              const struct net_device *out,
+                              int (*okfn)(struct sk_buff *)) {
+    bool is_block = false;
+    do {
+        if (skb == NULL) {
+            break;
+        }
+        struct iphdr *ip_header = ip_hdr(skb);
+        if (ip_header == NULL) {
+            break;
+        }
+        if (ip_header->saddr == ip_header->daddr) {
+            // 本机连接本机的数据包
+            break;
+        }
+        if (skb->pkt_type == PACKET_HOST) {
+            // 这是一个输入数据包
+            is_block = check_in_packet(ip_header, skb);
+        }
     } while (false);
 
     return is_block ? NF_DROP : NF_ACCEPT;