1、你也可以查看 /proc/net/route 文件。添加Null RoutesNull routes简单的忽略和它相匹配的包。使用它可以有效的屏蔽某个有问题的IP。例如:$ sudo route add 123.123.123.123 reject现在你不能和IP(123.123.123.123) 发送、接收数据包。移除Null Routes$ route del 123.123.123.123 reject在操作路由表时要格外小心;如果你不小心移除了和SSH相关的远程主机路由,你只能通过访问物理主机解决。使用C/C+更改路由表要使用程序添加null route,你需要使用ioctl,控制参数
2、SIOCADDRT:#include#include#include#includebool addNullRoute( long host )/ create the control socket.int fd = socket( PF_INET, SOCK_DGRAM, IPPROTO_IP );struct rtentry route;memset( &route, 0, sizeof( route ) );/ set the gateway to 0.struct sockaddr_in *addr = (struct sockaddr_in *)&route.rt_gateway;a
3、ddr-sin_family = AF_INET;addr-sin_addr.s_addr = 0;/ set the host we are rejecting.addr = (struct sockaddr_in*) &route.rt_dst;addr-sin_family = AF_INET;addr-sin_addr.s_addr = htonl(host);/ Set the mask. In this case we are using 255.255.255.255, to block a single/ IP. But you could use a less restric
4、tive mask to block a range of IPs./ To block and entire C block you would use 255.255.255.0, or 0x00FFFFFFFaddr = (struct sockaddr_in*) &route.rt_genmask;addr-sin_family = AF_INET;addr-sin_addr.s_addr = 0xFFFFFFFF;/ These flags mean: this route is created up, or active/ The blocked entity is a host
5、as opposed to a gateway/ The packets should be rejected. On BSD there is a flag RTF_BLACKHOLE/ that causes packets to be dropped silently. We would use that if Linux/ had it. RTF_REJECT will cause the network interface to signal that the/ packets are being actively rejected.route.rt_flags = RTF_UP |
6、 RTF_HOST | RTF_REJECT;route.rt_metric = 0;/ this is where the magic happens.if ( ioctl( fd, SIOCADDRT, &route ) )close( fd );return false;/ remember to close the socket lest you leak handles.close( fd );return true;注意:重启系统更改失效。上面代码的反操作,移除route:bool delNullRoute( long host )int fd = socket( PF_INET,
7、 SOCK_DGRAM, IPPROTO_IP );struct rtentry route;memset( &route, 0, sizeof( route ) );struct sockaddr_in *addr = (struct sockaddr_in *)&route.rt_gateway;addr-sin_family = AF_INET;addr-sin_addr.s_addr = 0;addr = (struct sockaddr_in*) &route.rt_dst;addr-sin_family = AF_INET;addr-sin_addr.s_addr = htonl(
8、host);addr = (struct sockaddr_in*) &route.rt_genmask;addr-sin_family = AF_INET;addr-sin_addr.s_addr = 0xFFFFFFFF;route.rt_flags = RTF_UP | RTF_HOST | RTF_REJECT;route.rt_metric = 0;/ this time we are deleting the route:if ( ioctl( fd, SIOCDELRT, &route ) )close( fd );return false;close( fd );return true;
copyright@ 2008-2023 冰点文库 网站版权所有
经营许可证编号:鄂ICP备19020893号-2