分类: LINUX
2009-02-27 17:17:29
|
2.6版内核的网络协议栈较2.4版有所改变,比如sk_buff结构中去掉了nh联合体的定义。在2.6内核中我们如果要得到ip数据包的源节点地址,需要使用const struct iphdr *iph = ip_hdr(skb); ip_hdr 的定义在linux/ip.h中定义。下面通过一个简单的例子介绍在2.6内核中如何在netfilter上挂载hook函数实现数据包的过滤。 #include #include #include #include #include #include static struct nf_hook_ops nfho; static unsigned char *drop_ip = "\x7f\x00\x00\x01"; unsigned int hook_func(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { struct sk_buff *sb = *skb; struct iphdr *iph ; iph = ip_hdr(sb); pr_info("Packet from %d.%d.%d.%d\n",NIPQUAD(iph->saddr)); if ( iph->saddr == *(__be32 *) drop_ip) { pr_info("Dropped packet from ... %d.%d.%d.%d\n",*drop_ip, *(drop_ip+1), *(drop_ip+2), *(drop_ip+3) ); return NF_DROP; }else { return NF_ACCEPT; } } int init_module() { pr_info("i'm now in the kernel space!\n"); nfho.hook = hook_func; nfho.hooknum = NF_IP_PRE_ROUTING; nfho.pf = PF_INET; nfho.priority = NF_IP_PRI_FIRST; nf_register_hook(&nfho); return 0; } void cleanup_module() { nf_unregister_hook(&nfho); pr_info("module removed from kernel!\n"); } ####################################################### Make file in the Fedora 8 obj-m +=simpFilter.o all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean rm Module.symvers install: /sbin/insmod simpFilter.ko remove: /sbin/rmmod simpFilter |
