¡¾×ªÌûLINUX¡¿IP·ÖƬÖØ×é·ÖÎö

±¾ÎĵµµÄCopyleft¹éyfydzËùÓУ¬Ê¹ÓÃGPL·¢²¼£¬¿ÉÒÔ×ÔÓÉ¿½±´£¬×ªÔØ£¬×ªÔØʱÇë±£³ÖÎĵµµÄÍêÕûÐÔ£¬ÑϽûÓÃÓÚÈκÎÉÌÒµÓÃ;¡£
msn: yfydz_no1@hotmail.com
À´Ô´£ºhttp://yfydz.cublog.cn
1. Ç°ÑÔ
 
¶ÔIPËéƬµÄÖØ×éÊÇ·À»ðǽÌá¸ß°²È«ÐÔµÄÒ»¸öÖØÒªÊֶΣ¬Í¨¹ýÌáÇ°½øÐÐËéƬÖØ×飬¿ÉÒÔÓÐЧ·ÀÓù¸÷ÖÖËéƬ¹¥»÷£¬LinuxÄں˵ķÀ»ðǽnetfilter¾Í×Ô¶¯¶ÔIPËéƬ°ü½øÐÐÁËÖØ×飬±¾ÎĽéÉÜLinuxÄÚºËÖеÄIPÖØ×é¹ý³Ì£¬Äں˴úÂë°æ±¾2.4.26¡£
2. ´¦ÀíÁ÷³Ì
ʵÏÖIPÖØ×éµÄ»ù±¾º¯ÊýΪip_defrag()£¬ÔÚnet/ipv4/ip_fragment.cÖÐʵÏÖ£¬»ù±¾¹ý³ÌÊǽ¨Á¢ËéƬ´¦Àí¶ÓÁУ¬¶ÓÁÐÖÐÿ¸ö½ÚµãÊÇÒ»¸öÁ´±í£¬Õâ¸öÁ´±í±£´æͬһ¸öÁ¬½ÓµÄËéƬ£¬µ±ËéƬ¶¼µ½´ïÖ®ºó½øÐÐÊý¾Ý°üÖØ×飬»òÕßÔÚÒ»¶¨Ê±¼ä(ȱʡ30Ãë)ÄÚËùÓÐËéƬ°ü²»Äܵ½´ï¶øÊͷŵô¡£
2.1 Êý¾Ý½á¹¹
 
ÔÚ´¦Àí·ÖƬ°üʱ£¬½«skb°üµÄcb×ֶα£´æËéƬ¿ØÖÆÐÅÏ¢struct ipfrag_skb_cb¡£
 
#define FRAG_CB(skb) ((struct ipfrag_skb_cb*)((skb)->cb))
 
struct ipfrag_skb_cb
{
 struct inet_skb_parm h;
 int   offset;
};
 
ipq¶ÓÁнڵã½á¹¹£º
 
/* Describe an entry in the "incomplete datagrams" queue. */
struct ipq {
// ÏÂÒ»¸ö
 struct ipq *next;  /* linked list pointers   */
// ×îÐÂʹÓÃÁ´±í
 struct list_head lru_list; /* lru list member    */
// ÒÔÏÂ4ÏîÓÃÀ´Æ¥ÅäÒ»×éIP·ÖÅä
 u32  saddr;
 u32  daddr;
 u16  id;
 u8  protocol;
// ״̬±êÖ¾
 u8  last_in;
#define COMPLETE  4   // Êý¾ÝÒѾ­ÍêÕû
#define FIRST_IN  2   // µÚÒ»¸ö°üµ½´ï
#define LAST_IN   1   // ×îºóÒ»¸ö°üµ½´ï
//  ½ÓÊÕµ½µÄIPËéƬÁ´±í
 struct sk_buff *fragments; /* linked list of received fragments */
// lenÊǸù¾Ý×îÐÂIPËéƬÖеÄÆ«ÒÆÐÅÏ¢µÃ³öµÄÊý¾Ý×ܳ¤
 int  len;  /* total length of original datagram */
// meatÊÇËùÓÐËéƬʵ¼Ê³¤¶ÈµÄÀÛ¼Ó
 int  meat;
 spinlock_t lock;
 atomic_t refcnt;
// ³¬Ê±
 struct timer_list timer; /* when will this queue expire?  */
// Ç°Ò»Ïî¶ÓÁеØÖ·
 struct ipq **pprev;
// Êý¾Ý½øÈëÍø¿¨µÄË÷ÒýºÅ
&