Breakpointing-Bad-Public
/
112-hackathon
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
34 KiB
Tree: 9a4b3d9270
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a4b3d9270'
${ noResults }
112-hackathon/src/dns_lkm/netfilter_LKM.c

103 lines
2.3 KiB
Raw Normal View History

public repo
2 years ago
  1. /*****************************************************
  2. * This code was compiled and tested on Ubuntu 18.04.1
  3. * with kernel version 4.15.0
  4. *****************************************************/
  6. #include <linux/init.h>
  7. #include <linux/module.h>
  8. #include <linux/kernel.h>
  9. #include <linux/netfilter.h>
  10. #include <linux/netfilter_ipv4.h>
  11. #include <linux/ip.h>
  12. #include <linux/tcp.h>
  13. #include <linux/udp.h>
  16. static struct nf_hook_ops *nfho = NULL;
  18. struct last_dns_reply {
  19. int last_port;
  20. int match_count;
  21. };
  23. struct last_dns_reply dns_info;
  24. int response_thresh = 10;
  27. static int handle_dns_resp(int cli_port, struct sock *sk) {
  29. int safe_resp = 1;
  30. printk(KERN_INFO "response headed for client port: %d, lp: %d, mc: %d\n", cli_port, dns_info.last_port, dns_info.match_count);
  32. if (cli_port == dns_info.last_port) {
  33. dns_info.match_count = dns_info.match_count + 1;
  35. if (dns_info.match_count > response_thresh) {
  36. printk(KERN_INFO "got dns port match count over thresh, so dropping response..\n");
  37. safe_resp = 0;
  38. }
  39. } else {
  40. dns_info.match_count = 0;
  41. }
  43. dns_info.last_port = cli_port;
  45. return safe_resp;
  46. }
  49. static unsigned int hfunc(void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
  50. {
  51. struct iphdr *iph;
  52. struct udphdr *udph;
  53. int safe_resp;
  55. if (!skb)
  56. return NF_ACCEPT;
  58. iph = ip_hdr(skb);
  59. if (iph->protocol == IPPROTO_UDP) {
  60. udph = udp_hdr(skb);
  61. if (ntohs(udph->source) == 53) {
  62. printk(KERN_INFO "handle dns response packet info..\n");
  64. safe_resp = handle_dns_resp(udph->dest, skb->sk);
  65. if (safe_resp) {
  66. return NF_ACCEPT;
  67. } else {
  68. printk(KERN_INFO "dropping unsafe dns resp for client port: %d\n", udph->dest);
  69. return NF_DROP;
  70. }
  72. }
  73. }
  74. else if (iph->protocol == IPPROTO_TCP) {
  75. return NF_ACCEPT;
  76. }
  78. return NF_DROP;
  79. }
  81. static int __init LKM_init(void)
  82. {
  83. nfho = (struct nf_hook_ops*)kcalloc(1, sizeof(struct nf_hook_ops), GFP_KERNEL);
  85. /* Initialize netfilter hook */
  86. nfho->hook = (nf_hookfn*)hfunc; /* hook function */
  87. nfho->hooknum = NF_INET_PRE_ROUTING; /* received packets */
  88. nfho->pf = PF_INET; /* IPv4 */
  89. nfho->priority = NF_IP_PRI_FIRST; /* max hook priority */
  91. nf_register_net_hook(&init_net, nfho);
  93. return 1;
  94. }
  96. static void __exit LKM_exit(void)
  97. {
  98. nf_unregister_net_hook(&init_net, nfho);
  99. kfree(nfho);
  100. }
  102. module_init(LKM_init);
  103. module_exit(LKM_exit);