代码展示了Linux内核在接收到UDP数据包时,如何通过__udp4_lib_lookup_skb查找对应的socket。如果socket不存在或已绑定特定远程IP和端口,将发送ICMP_PORT_UNREACH错误并丢弃包。
linux内核版本:linux-4.18.0-348.7.1.el8_5
以下节选代码均follow linux kernel license:
/
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
uapi/linux/icmp.h:
/* Codes for UNREACH. */
#define ICMP_NET_UNREACH 0 /* Network Unreachable */
#define ICMP_HOST_UNREACH 1 /* Host Unreachable */
#define ICMP_PROT_UNREACH 2 /* Protocol Unreachable */
#define ICMP_PORT_UNREACH 3 /* Port Unreachable */net/ipv4/udp.c:
/*
* All we need to do is get the socket, and then do a checksum.
*/
int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
int proto)
{
struct sock *sk;
... ...
sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);
if (sk)
return udp_unicast_rcv_skb(sk, skb, uh);
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
goto drop;
nf_reset(skb);
/* No socket. Drop packet silently, if checksum is wrong */
if (udp_lib_checksum_complete(skb))
goto csum_error;
__UDP_INC_STATS(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
* Hmm. We got an UDP packet to a port to which we
* don't wanna listen. Ignore it.
*/
kfree_skb(skb);
return 0;
... ...
}以上代码中通过__udp4_lib_lookup_skb查找socket.
当udp socket不存在,或者当udp socket调用了connect()绑定了远端ip+port以后,只能接收从这个ip+port来的UDP package, 否则__udp4_lib_lookup_skb 查找失败,回ICMP port unreachable
扫一扫
940
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
