kk Blog —— 通用基础

暴力密码破解工具--关键在于字典

2014-08-06 14:51:00

http://www.ha97.com/5186.html

PS：这款暴力密码破解工具相当强大，支持几乎所有协议的在线密码破解，其密码能否被破解关键在于字典是否足够强大。对于社会工程型渗透来说，有时能够得到事半功倍的效果。

一、简介

hydra是著名黑客组织thc的一款开源的暴力密码破解工具，可以在线破解多种密码。官网：http://www.thc.org/thc-hydra ，可支持AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP等类型密码。

二、安装

如果是Debian和Ubuntu发行版，源里自带hydra，直接用apt-get在线安装：

sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev hydra

Redhat/Fedora发行版的下载源码包编译安装，先安装相关依赖包：

yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel

hydra下载地址： http://www.thc.org/releases/hydra-7.3.tar.gz

# tar zxvf hydra-7.0-src.tar.gz
# cd hydra-7.0-src
# ./configure
# make
# make install

hydra支持GUI图形界面。

三、参数说明

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R 继续从上一次进度接着破解。
-S 采用SSL链接。
-s PORT 可通过这个参数指定非默认端口。
-l LOGIN 指定破解的用户，对特定用户破解。
-L FILE 指定用户名字典。
-p PASS 小写，指定密码破解，少用，一般是采用密码字典。
-P FILE 大写，指定密码字典。
-e ns 可选选项，n：空密码试探，s：使用指定用户和密码试探。
-C FILE 使用冒号分割格式，例如“登录名:密码”来代替-L/-P参数。
-M FILE 指定目标列表文件一行一条。
-o FILE 指定结果输出文件。
-f 在使用-M参数以后，找到第一对登录名或者密码的时候中止破解。
-t TASKS 同时运行的线程数，默认为16。
-w TIME 设置最大超时的时间，单位秒，默认是30s。
-v / -V 显示详细过程。

server 目标ip service 指定服务名，支持的服务和协议：telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等。 OPT 可选项

四、各种用法实例

简单演示：

破解成功，直接显示结果，上图画红线的地方就是破解出来的密码，也可以通过参数-o输出到文件里。如果字典够强大，结合社工，密码不用很久就出来。

1、破解ssh：
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip ssh
hydra -l 用户名 -p 密码字典 -t 线程 -o save.log -vV ip ssh

2、破解ftp：
hydra ip ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV
hydra ip ftp -l 用户名 -P 密码字典 -e ns -vV

3、get方式提交，破解web登录：
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip http-get /admin/
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f ip http-get /admin/index.php

4、post方式提交，破解web登录：
hydra -l 用户名 -P 密码字典 -s 80 ip http-post-form "/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password"


hydra -t 3 -l admin -P pass.txt -o out.txt -f 10.36.16.18 http-post-form "login.php:id=^USER^&passwd=^PASS^:<title>wrong username or password</title>"

（参数说明：-t同时线程数3，-l用户名是admin，字典pass.txt，保存为out.txt，
-f 当破解了一个密码就停止， 10.36.16.18目标ip，
http-post-form表示破解是采用http的post方式提交的表单密码破解,
<title>中 的内容是表示错误猜解的返回信息提示。）

5、破解https：
hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https

6、破解teamspeak：
hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak

7、破解cisco：
hydra -P pass.txt 10.36.16.18 cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable

8、破解smb：
hydra -l administrator -P pass.txt 10.36.16.18 smb

9、破解pop3：
hydra -l muts -P pass.txt my.pop3.mail pop3

10、破解rdp：
hydra ip rdp -l administrator -P pass.txt -V

11、破解http-proxy：
hydra -l admin -P pass.txt http-proxy://10.36.16.18

12、破解imap：
hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

makedumpfile.8

2014-08-06 14:46:00

makedumpfile.8

NAME

       makedumpfile - make a small dumpfile of kdump

SYNOPSIS

       makedumpfile    [OPTION] [-x VMLINUX|-i VMCOREINFO] VMCORE DUMPFILE
       makedumpfile -F [OPTION] [-x VMLINUX|-i VMCOREINFO] VMCORE
       makedumpfile -R DUMPFILE
       makedumpfile   --split   [OPTION]  [-x  VMLINUX|-i  VMCOREINFO]  VMCORE
       DUMPFILE1 DUMPFILE2 [DUMPFILE3 ..]
       makedumpfile --reassemble DUMPFILE1 DUMPFILE2 [DUMPFILE3 ..] DUMPFILE
       makedumpfile -g VMCOREINFO -x VMLINUX
       makedumpfile  -E  [--xen-syms   XEN-SYMS|--xen-vmcoreinfo   VMCOREINFO]
       VMCORE DUMPFILE
       makedumpfile --dump-dmesg [-x VMLINUX|-i VMCOREINFO] VMCORE LOGFILE
       makedumpfile -h
       makedumpfile -v

DESCRIPTION

       With  kdump,  the  memory  image  of the first kernel (called "panicked
       kernel") can be taken as /proc/vmcore while the second  kernel  (called
       "kdump   kernel"   or  "capture  kernel")  is  running.  This  document
       represents /proc/vmcore as VMCORE. makedumpfile makes a small  DUMPFILE
       by  compressing  dump  data  or  by  excluding  unnecessary  pages  for
       analysis,  or  both.  makedumpfile  needs  the  first  kernel's   debug
       information,  so that it can distinguish unnecessary pages by analyzing
       how the first kernel uses the memory.  The  information  can  be  taken
       from VMLINUX or VMCOREINFO.

       makedumpfile  can  exclude  the  following types of pages while copying
       VMCORE to DUMPFILE, and a user can choose which type of pages  will  be
       excluded.
       - Pages filled with zero
       - Cache pages
       - User process data pages
       - Free pages

       makedumpfile  provides  two  DUMPFILE  formats  (the ELF format and the
       kdump-compressed format). By default, makedumpfile makes a DUMPFILE  in
       the  kdump-compressed  format.  The kdump-compressed format is readable
       only with the crash utility, and it can be smaller than the ELF  format
       because of the compression support. The ELF format is readable with GDB
       and the crash utility.  If a user wants to use GDB, DUMPFILE format has
       to be explicitly specified to be the ELF format.

       To  analyze  the first kernel's memory usage, makedumpfile can refer to
       VMCOREINFO instead of VMLINUX. VMCOREINFO contains the  first  kernel's
       information  (structure  size,  field  offset, etc.), and VMCOREINFO is
       small enough to be included into the second kernel's initrd.
       If the second kernel is running on its initrd without mounting  a  root
       file  system,  makedumpfile  cannot refer to VMLINUX because the second
       kernel's initrd cannot include a large file like VMLINUX. To solve  the
       problem,  makedumpfile  makes  VMCOREINFO  beforehand, and it refers to
       VMCOREINFO instead of VMLINUX while the second kernel is running.
       VMCORE has contained VMCOREINFO since linux-2.6.24, and a user does not
       need to specify neither -x nor -i option.

       If the second kernel is running on its initrd without mounting any file
       system, a user needs to transport the dump data to a  remote  host.  To
       transport  the  dump data by SSH, makedumpfile outputs the dump data in
       the intermediate format (the flattened format) to the standard  output.
       By piping the output data to SSH, a user can transport the dump data to
       a remote host. Note that  analysis  tools  cannot  read  the  flattened
       format directly, so on a remote host the received data in the flattened
       format needs  to  be  rearranged  to  a  readable  DUMPFILE  format  by
       makedumpfile (or makedumpfile-R.pl).

       makedumpfile can read a DUMPFILE in the kdump-compressed format instead
       of VMCORE and re-filter it. This feature is useful  in  situation  that
       users need to reduce the file size of DUMPFILE for sending it somewhere
       by ftp/scp/etc. (If all of the page types, which are specified by a new
       dump_level,  are  excluded  from  an  original  DUMPFILE already, a new
       DUMPFILE is the same as an original DUMPFILE.)
       For example, makedumpfile can create a DUMPFILE of dump_level  31  from
       the one of dump_level 3 like the following:
       Example:
       # makedumpfile -c -d 3 /proc/vmcore dumpfile.1
       # makedumpfile -c -d 31 dumpfile.1 dumpfile.2

OPTIONS

       -c     Compress dump data by each page.
              A  user  cannot  specify this option with -E option, because the
              ELF format does not support compressed data.
              Example:
              # makedumpfile -c -d 31 -x vmlinux /proc/vmcore dumpfile

       -d dump_level
              Specify the type of unnecessary page for analysis.
              Pages of the specified type are not copied to DUMPFILE. The page
              type  marked  in  the  following  table  is excluded. A user can
              specify multiple page types by setting the sum of each page type
              for  dump_level.  The  maximum  of dump_level is 31. Note that a
              dump_level for Xen dump filtering is 0 or 1 on a  machine  other
              than  x86_64  (On an x86_64 machine, it is possible to specify 2
              or bigger as a dump_level).
              If specifying  multiple  dump_levels  with  the  delimiter  ',',
              makedumpfile  retries  to  create a DUMPFILE by other dump_level
              when "No  space  on  device"  error  happens.  For  example,  if
              dump_level  is  "11,31" and makedumpfile fails by dump_level 11,
              makedumpfile retries it by dump_level 31.
              Example:
              # makedumpfile -d 11 -x vmlinux /proc/vmcore dumpfile
              # makedumpfile -d 11,31 -x vmlinux /proc/vmcore dumpfile

                dump | zero | cache|cache  | user | free
               level | page | page |private| data | page
              -------+------+------+-------+------+------
                   0 |      |      |       |      |
                   1 |  X   |      |       |      |
                   2 |      |  X   |       |      |
                   3 |  X   |  X   |       |      |
                   4 |      |  X   |  X    |      |
                   5 |  X   |  X   |  X    |      |
                   6 |      |  X   |  X    |      |
                   7 |  X   |  X   |  X    |      |
                   8 |      |      |       |  X   |
                   9 |  X   |      |       |  X   |
                  10 |      |  X   |       |  X   |
                  11 |  X   |  X   |       |  X   |
                  12 |      |  X   |  X    |  X   |
                  13 |  X   |  X   |  X    |  X   |
                  14 |      |  X   |  X    |  X   |
                  15 |  X   |  X   |  X    |  X   |
                  16 |      |      |       |      |  X
                  17 |  X   |      |       |      |  X
                  18 |      |  X   |       |      |  X
                  19 |  X   |  X   |       |      |  X
                  20 |      |  X   |  X    |      |  X
                  21 |  X   |  X   |  X    |      |  X
                  22 |      |  X   |  X    |      |  X
                  23 |  X   |  X   |  X    |      |  X
                  24 |      |      |       |  X   |  X
                  25 |  X   |      |       |  X   |  X
                  26 |      |  X   |       |  X   |  X
                  27 |  X   |  X   |       |  X   |  X
                  28 |      |  X   |  X    |  X   |  X
                  29 |  X   |  X   |  X    |  X   |  X
                  30 |      |  X   |  X    |  X   |  X
                  31 |  X   |  X   |  X    |  X   |  X

       -E     Create DUMPFILE in the ELF format.
              This option cannot be specified with -c option, because the  ELF
              format does not support compressed data.
              Example:
              # makedumpfile -E -d 31 -x vmlinux /proc/vmcore dumpfile

       -f     Force existing DUMPFILE to be overwritten.
              Example:
              # makedumpfile -f -d 31 -x vmlinux /proc/vmcore dumpfile
              This command overwrites DUMPFILE even if it already exists.

       -x VMLINUX
              Specify  the  first  kernel's  VMLINUX with debug information to
              analyze the first kernel's memory usage.
              This option is necessary if VMCORE does not contain  VMCOREINFO,
              [-i VMCOREINFO] is not specified, and dump_level is 2 or more.
              The  page  size of the first kernel and the second kernel should
              match.
              Example:
              # makedumpfile -d 31 -x vmlinux /proc/vmcore dumpfile

       -i VMCOREINFO
              Specify VMCOREINFO instead of VMLINUX for  analyzing  the  first
              kernel's memory usage.
              VMCOREINFO  should  be  made  beforehand by makedumpfile with -g
              option, and it contains the first kernel's information.
              This option is necessary if VMCORE does not contain  VMCOREINFO,
              [-x VMLINUX] is not specified, and dump_level is 2 or more.
              Example:
              # makedumpfile -d 31 -i vmcoreinfo /proc/vmcore dumpfile

       -g VMCOREINFO
              Generate  VMCOREINFO  from the first kernel's VMLINUX with debug
              information.
              VMCOREINFO must be generated on the system that is  running  the
              first  kernel.  With  -i  option,  a user can specify VMCOREINFO
              generated on the other system that is  running  the  same  first
              kernel. [-x VMLINUX] must be specified.
              Example:
              # makedumpfile -g vmcoreinfo -x vmlinux

       -F     Output  the  dump  data  in the flattened format to the standard
              output for transporting the dump data by SSH.
              Analysis tools cannot read the flattened  format  directly.  For
              analysis,  the  dump  data  in  the  flattened  format should be
              rearranged to a normal DUMPFILE (readable with  analysis  tools)
              by  -R  option. By which option is specified with -F option, the
              format of the rearranged DUMPFILE is fixed.  In other words,  it
              is  impossible to specify the DUMPFILE format when the dump data
              is rearranged with -R option. If specifying -E  option  with  -F
              option, the format of the rearranged DUMPFILE is the ELF format.
              Otherwise, it is the kdump-compressed format. All  the  messages
              are  output  to  standard  error  output  by  -F  option because
              standard output is used for the dump data.
              Example:
              # makedumpfile -F -c -d 31 -x vmlinux /proc/vmcore \
              | ssh user@host "cat > dumpfile.tmp"
              # makedumpfile -F -c -d 31 -x vmlinux /proc/vmcore \
              | ssh user@host "makedumpfile -R dumpfile"
              # makedumpfile -F -E -d 31 -i vmcoreinfo  /proc/vmcore \
              | ssh user@host "makedumpfile -R dumpfile"
              # makedumpfile -F -E --xen-vmcoreinfo VMCOREINFO /proc/vmcore \
              | ssh user@host "makedumpfile -R dumpfile"

       -R     Rearrange the  dump  data  in  the  flattened  format  from  the
              standard  input  to  a  normal  DUMPFILE (readable with analysis
              tools).
              Example:
              # makedumpfile -R dumpfile < dumpfile.tmp
              # makedumpfile -F -d 31 -x vmlinux /proc/vmcore \
              | ssh user@host "makedumpfile -R dumpfile"

              Instead of using -R option, a  perl  script  "makedumpfile-R.pl"
              rearranges  the  dump  data  in the flattened format to a normal
              DUMPFILE, too. The perl script does not depend on  architecture,
              and  most systems have perl command.  Even if a remote host does
              not have makedumpfile, it is possible to rearrange the dump data
              in  the flattened format to a readable DUMPFILE on a remote host
              by running this script.
              Example:
              # makedumpfile -F -d 31 -x vmlinux /proc/vmcore \
              | ssh user@host "makedumpfile-R.pl dumpfile"

       --split
              Split the dump  data  to  multiple  DUMPFILEs  in  parallel.  If
              specifying  DUMPFILEs on different storage devices, a device can
              share I/O load with other devices and it reduces time for saving
              the  dump  data.  The file size of each DUMPFILE is smaller than
              the system memory  size  which  is  divided  by  the  number  of
              DUMPFILEs.  This  feature  supports  only  the  kdump-compressed
              format.
              Example:
              # makedumpfile --split -d 31 -x vmlinux  /proc/vmcore  dumpfile1
              dumpfile2

       --reassemble
              Reassemble  multiple  DUMPFILEs,  which  are  created by --split
              option,  into  one  DUMPFILE.  dumpfile1   and   dumpfile2   are
              reassembled into dumpfile on the following example.
              Example:
              # makedumpfile --reassemble dumpfile1 dumpfile2 dumpfile

       --xen-syms XEN-SYMS
              Specify the XEN-SYMS with debug information to analyze the xen's
              memory  usage.   This  option  extracts  the  part  of  xen  and
              domain-0.  -E option must be specified with this option.
              Example:
              # makedumpfile -E --xen-syms xen-syms /proc/vmcore dumpfile

       --xen-vmcoreinfo VMCOREINFO
              Specify  VMCOREINFO  instead of XEN-SYMS for analyzing the xen's
              memory usage.
              VMCOREINFO should be made beforehand  by  makedumpfile  with  -g
              option,  and  it contains the xen's information.  -E option must
              be specified with this option.
              Example:
              #  makedumpfile  -E  --xen-vmcoreinfo  VMCOREINFO   /proc/vmcore
              dumpfile

       -X     Exclude  all  the user domain pages from Xen kdump's VMCORE, and
              extracts the part  of  xen  and  domain-0.  If  VMCORE  contains
              VMCOREINFO  for  Xen,  it is not necessary to specify --xen-syms
              and --xen-vmcoreinfo.  -E option must  be  specified  with  this
              option.
              Example:
              # makedumpfile -E -X /proc/vmcore dumpfile

       --xen_phys_start xen_phys_start_address
              This    option    is    only    for    x86_64.     Specify   the
              xen_phys_start_address, if the xen code/data is relocatable  and
              VMCORE does not contain xen_phys_start_address in the CRASHINFO.
              xen_phys_start_address can be taken from the line of "Hypervisor
              code  and  data" in /proc/iomem. For example, specify 0xcee00000
              as xen_phys_start_address if /proc/iomem is the following:
                -------------------------------------------------------
                # cat /proc/iomem
                ...
                  cee00000-cfd99999 : Hypervisor code and data
                ...
                -------------------------------------------------------

              Example:
              # makedumpfile -E -X  --xen_phys_start  0xcee00000  /proc/vmcore
              dumpfile

       --message-level message_level
              Specify the message types.
              Users  can  restrict outputs printed by specifying message_level
              with this option. The message type  marked  with  an  X  in  the
              following table is printed. For example, according to the table,
              specifying 7 as message_level means progress  indicator,  common
              message,  and  error  message are printed, and this is a default
              value. Note that the maximum value of message_level is 31.

               message | progress | common  | error   | debug   | report
               level   | indicator| message | message | message | message
              ---------+----------+---------+---------+---------+---------
                     0 |          |         |         |         |
                     1 |    X     |         |         |         |
                     2 |          |    X    |         |         |
                     3 |    X     |    X    |         |         |
                     4 |          |         |    X    |         |
                     5 |    X     |         |    X    |         |
                     6 |          |    X    |    X    |         |
                   * 7 |    X     |    X    |    X    |         |
                     8 |          |         |         |    X    |
                     9 |    X     |         |         |    X    |
                    10 |          |    X    |         |    X    |
                    11 |    X     |    X    |         |    X    |
                    12 |          |         |    X    |    X    |
                    13 |    X     |         |    X    |    X    |
                    14 |          |    X    |    X    |    X    |
                    15 |    X     |    X    |    X    |    X    |
                    16 |          |         |         |         |    X
                    17 |    X     |         |         |         |    X
                    18 |          |    X    |         |         |    X
                    19 |    X     |    X    |         |         |    X
                    20 |          |         |    X    |         |    X
                    21 |    X     |         |    X    |         |    X
                    22 |          |    X    |    X    |         |    X
                    23 |    X     |    X    |    X    |         |    X
                    24 |          |         |         |    X    |    X
                    25 |    X     |         |         |    X    |    X
                    26 |          |    X    |         |    X    |    X
                    27 |    X     |    X    |         |    X    |    X
                    28 |          |         |    X    |    X    |    X
                    29 |    X     |         |    X    |    X    |    X
                    30 |          |    X    |    X    |    X    |    X
                    31 |    X     |    X    |    X    |    X    |    X

       --vtop virtual_address
              This option is useful, when user debugs the translation  problem
              of  virtual  address. If specifing virtual_address, its physical
              address is printed. It makes debugging  easy  by  comparing  the
              output  of  this option with the one of "vtop" subcommand of the
              crash utility.  "--vtop"  option  only  prints  the  translation
              output, and it does not affect the dumpfile creation.

       --dump-dmesg
              This  option  overrides  the  normal  behavior  of makedumpfile.
              Instead of  compressing  and  filtering  a  VMCORE  to  make  it
              smaller,  it  simply  extracts  the  dmesg log from a VMCORE and
              writes it to the specified LOGFILE. If a VMCORE does not contain
              VMCOREINFO for dmesg, it is necessary to specfiy [-x VMLINUX] or
              [-i VMCOREINFO].

              Example:
              # makedumpfile --dump-dmesg /proc/vmcore dmesgfile
              # makedumpfile --dump-dmesg -x vmlinux /proc/vmcore dmesgfile

       -D     Print debugging message.

       -h     Show help message.

       -v     Show the version of makedumpfile.

ENVIRONMENT VARIABLES

       TMPDIR  This environment variable is  for  a  temporary  memory  bitmap
               file.   If  your machine has a lots of memory and you use tmpfs
               on /tmp, makedumpfile can fail for a little memory in  the  2nd
               kernel because makedumpfile makes a very large temporary memory
               bitmap file in this case. To avoid this failure, you can set  a
               TMPDIR  environment  variable.  If  you  do  not  set  a TMPDIR
               environment variable, makedumpfile uses /tmp  directory  for  a
               temporary bitmap file as a default.

DIAGNOSTICS

       makedumpfile exits with the following value.

       0 : makedumpfile succeeded.

       1 : makedumpfile failed without the following reasons.

       2  :  makedumpfile failed due to the different version between  VMLINUX
       and VMCORE.

       3 : makedumpfile failed due to the analysis error of the memory.

AUTHORS

       Written by Masaki Tachibana, and Ken'ichi Ohmichi.

precise (8) makedumpfile.8.gz

Provided by: makedumpfile_1.3.7-2_i386

linux内核网络分层结构

2014-08-01 16:52:00

http://liucw.blog.51cto.com/6751239/1221140

内核网络结构

在Linux内核中，对网络部分按照网络协议层、网络设备层、设备驱动功能层和网络媒介层的分层体系设计。

网络驱动功能层主要通过网络驱动程序实现。

在Linux内核，所有的网络设备都被抽象为一个接口处理，该接口提供了所有的网络操作。

net_device结构表示网络设备在内核中的情况，也就是网络设备接口。网络设备接口既包括软件虚拟的网络设备接口，如环路设备，也包括了网络硬件设备，如以太网卡。

Linux内核有一个dev_base的全局指针，指向一个设备链表，包括了系统内的所有网络设备。该设备链表每个节点是一个网络设备。

在net_device结构中提供了许多供系统访问和协议层调用的设备方法，包括初始化、打开关闭设备、数据包发送和接收等。

与网络有关的数据结构

内核对网络数据包的处理都是基于sk_buff结构的，该结构是内核网络部分最重要的数据结构。

网络协议栈中各层协议都可以通过对该结构的操作实现本层协议数据的添加或者删除。使用sk_buff结构避免了网络协议栈各层来回复制数据导致的效率低下。

sk_buff结构可以分为两个部分，一部分是存储数据包缓存，在图中表示为PackertData，另一部分是由一组用于内核管理的指针组成。
sk_buff管理的指针最主要的是下面4个：

head指向数据缓冲(PackertData)的内核首地址；
data指向当前数据包的首地址；
tail指向当前数据包的尾地址；
end 指向数据缓冲的内核尾地址。
数据包的大小在内核网络协议栈的处理过程中会发生改变，因此data和tail指针也会不断变化，而head和tail指针是不会发生改变的。

对于一个TCP数据包为例，sk_buff还提供了几个指针直接指向各层协议头。mac指针指向数据的mac头；nh指针指向网络协议头，一般是IP协议头；h指向传输层协议头，在本例中是TCP协议头。

对各层设置指针的是方便了协议栈对数据包的处理。

net_device结构

Linux内核中网络设备最重要的数据结构就是net_device结构了，它是网络驱动程序最重要的部分。
net_device结构保存在include/linux/netdevices.h头文件，理解该结构对理解网络设备驱动有很大帮助。
内核中所有网络设备的信息和操作都在net_device设备中，无论是注册网络设备，还是设置网络设备参数，都用到该结构。
下面是主要数据成员。

设备名称
总线参数
协议参数
链接层变量
接口标志

数据包接收流程

在Linux内核中，一个网络数据包从网卡接收到用户空间需要经过链路层、传输层和socket的处理，最终到达用户空间。

以DM9000网卡为例，当网卡收到数据包以后，调用中断处理函数 dm9000_interrupt()，该函数检查中断处理类型，如果是接收数据包中断，则调用 dm9000_rx()函数接收数据包到内核空间。

dm9000_rx()函数收到数据包完成后，内核会继续调用 netif_rx()函数，函数的作用是把网卡接收到数据提交给协议栈处理。

协议栈使用 net_rx_action()函数处理接收数据包队列，该函数处理数据包后如果是 IP数据包则提交给 ip_recv()函数处理。ip_recv()函数主要是检查一个数据包IP头的合法性，检查通过后交给 ip_local_deliver()和 ip_local_deliver_finish()函数处理，之所以分开处理是因为内核中有防火墙相关的代码需要动态加载到此处。

IP头处理完毕后，以UDP数据包为例将交由 udp_recv()函数处理，与 ip_recv()函数类亿，该函数检查 UDP头的合法性，然后交给 udp_queue_recv()函数处理，最后提交给 sock_queue_recv()函数处理。

数据包进入 socket部分的第一个函数是 skb_recv_datagram()，该函数从内核的 socket队列取出数据包，交给 socket部分的 udp_recvmsg()函数，该函数负责处理UDP的数据，sock_recvmsg()处理提交给 sock_read()函数。

sock_read()函数读取接收到的数据缓冲，把数据返回给 sys_read()系统调用。sys_read()函数调用最终把数据复制到用户空间，供用户使得。

数据包发送流程

以UDP数据包发送流程为例，在DM9000网卡上如何发送一个数据包。

当用户空间的应用程序通过 socket函数 sento()发送一个UDP数据后，会调用内核空间的 sock_writev()函数，然后通过 sock_sendmsg()函数处理。sock_sendmsg()函数调用 inet_sendmsg()函数处理，inet_sendmsg()函数会把要发送的数据交给传输层的 udp_sendmsg()函数处理。

udp_sendmsg()函数在数据前加入UDP头，然后把数据交给 ip_build_xmit()函数处理，该函数根据 socket提供的目的 IP和端口信息构造IP头，然后调用 output_maybe_reroute()函数处理。out_maybe_reroute()函数检查数据包是否需要经过路由，最后交给 ip_output()函数写入到发送队列，写入完成后由 ip_finish_output()函数处理后续工作。

链路层的 dev_queue_xmit()函数处理发送队列，调用 DM9000网卡的发送数据包函数 dm9000_xmit()发送数据包，发送完毕后，调用 dm9000_xmit_done函数处理发送结果。

← Older Blog Archives Newer →