2.6版内核的网络协议栈较2.4版有所改变，比如sk_buff结构中去掉了nh联合体的定义。在2.6内核中我们如果要得到ip数据包的源节点地址， 需要使用const struct iphdr *iph = ip_hdr(skb); ip_hdr 的定义在linux/ip.h中定义。下面通过一个简单的例子介绍在2.6内核中如何在netfilter上挂载hook函数实现数据包的过滤。

#include
#include
#include
#include
#include
#include

static struct nf_hook_ops nfho;
static unsigned char *drop_ip = "\x7f\x00\x00\x01";

unsigned int hook_func(unsigned int hooknum,
                       struct sk_buff **skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *))
{
       struct sk_buff *sb = *skb;
       struct iphdr     *iph ;
  
       iph = ip_hdr(sb);
       pr_info("Packet from %d.%d.%d.%d\n",NIPQUAD(iph->saddr));
       if ( iph->saddr == *(__be32 *) drop_ip)
       {
             pr_info("Dropped packet from ... %d.%d.%d.%d\n",*drop_ip, *(drop_ip+1), *(drop_ip+2), *(drop_ip+3) );
             return NF_DROP;
       }else {
          
             return NF_ACCEPT;
       }
}

int init_module()
{
       pr_info("i'm now in the kernel space!\n");
       nfho.hook      = hook_func;
       nfho.hooknum   = NF_IP_PRE_ROUTING;
       nfho.pf                = PF_INET;
       nfho.priority      = NF_IP_PRI_FIRST;
  
       nf_register_hook(&nfho);

       return 0;
}

void cleanup_module()
{
    nf_unregister_hook(&nfho);
    pr_info("module removed from kernel!\n");
}

#######################################################
                                   Make file in the Fedora 8
obj-m +=simpFilter.o

all:
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
    rm Module.symvers
install:
    /sbin/insmod simpFilter.ko
remove:
    /sbin/rmmod simpFilter