From b9c82000824907e16a6ee3b9dee987ffa431d26b Mon Sep 17 00:00:00 2001 From: Derry Date: Fri, 11 Oct 2019 19:12:36 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=BC=E5=AE=B93.12=E4=BB=A5=E4=B8=8A?= =?UTF-8?q?=E7=89=88=E6=9C=AC=E5=86=85=E6=A0=B8=EF=BC=8C=E8=A7=A3=E5=86=B3?= =?UTF-8?q?oaf=E5=86=85=E6=A0=B8=E6=A8=A1=E5=9D=97=E7=BC=96=E8=AF=91?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oaf/src/app_filter.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index 9d7a5e4..0a502fa 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -789,13 +789,14 @@ static u_int32_t app_filter_hook(unsigned int hook, const struct net_device *out, int (*okfn)(struct sk_buff *)){ #endif + unsigned long long total_packets = 0; + flow_info_t flow; // 4.10-->4.11 nfct-->_nfct #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0) struct nf_conn *ct = (struct nf_conn *)skb->_nfct; #else struct nf_conn *ct = (struct nf_conn *)skb->nfct; #endif - unsigned long long total_packets = 0; if (ct == NULL) { //AF_ERROR("ct is null\n"); @@ -808,18 +809,25 @@ static u_int32_t app_filter_hook(unsigned int hook, return NF_DROP; } #endif - - struct nf_conn_counter *acct; +// 3.12.74-->3.13-rc1 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,13,0) + struct nf_conn_acct *acct; acct = nf_conn_acct_find(ct); if (!acct) return NF_ACCEPT; - - total_packets = (unsigned long long)atomic64_read(&acct[IP_CT_DIR_ORIGINAL].packets) - + (unsigned long long)atomic64_read(&acct[IP_CT_DIR_REPLY].packets); + total_packets = (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_ORIGINAL].packets) + + (unsigned long long)atomic64_read(&acct->counter[IP_CT_DIR_REPLY].packets); +#else + struct nf_conn_counter *counter; + counter = nf_conn_acct_find(ct); + if (!counter) + return NF_ACCEPT; + total_packets = (unsigned long long)atomic64_read(&counter[IP_CT_DIR_ORIGINAL].packets) + + (unsigned long long)atomic64_read(&counter[IP_CT_DIR_REPLY].packets); +#endif if (total_packets > MAX_PARSE_PKT_NUM){ return NF_ACCEPT; } - flow_info_t flow; memset((char *)&flow, 0x0, sizeof(flow_info_t)); parse_flow_base(skb, &flow); parse_http_proto(&flow);