#ifndef __KERNEL__
#define __KERNEL__
#endif
#ifndef MODULE
#define MODULE
#endif
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/icmp.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/if_arp.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
static struct nf_hook_ops nfho;
unsigned char* ip = "/x7f/x00/x00/x01";
unsigned char* drop_ip = "/xC0/xA8/x08/xC9";
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff* sb = *skb;
struct tcphdr *tcp = NULL;
unsigned int d_ip ,s_ip = 0;
unsigned int d_port = 0,s_port = 0;
if( sb->nh.iph->protocol == IPPROTO_TCP )
tcp = (struct tcphdr *)((sb->data) + (sb->nh.iph->ihl * 4));
d_ip = sb->nh.iph->daddr;
s_ip = sb->nh.iph->saddr;
if( tcp)
{
d_port = tcp->source;
s_port = tcp->dest;
}
if( sb->nh.iph->saddr == *(unsigned int*)drop_ip )
{
printk( "Droped packet from ..%d.%d.%d.%d:%d/n", NIPQUAD(s_ip), s_port );
return NF_DROP;
}
printk( "FROM:%d.%d.%d.%d:%d TO:%d.%d.%d.%d:%d ETH:%s/n", NIPQUAD(s_ip), s_port, NIPQUAD(d_ip), d_port, in->name );
return NF_ACCEPT;
}
int init_module()
{
printk( "begin init module test2/n" );
nfho.hook = hook_func;
nfho.hooknum = NF_IP_PRE_ROUTING;
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho);
printk("init module test2/n");
return 0;
}
void cleanup_module()
{
nf_unregister_hook(&nfho);
printk("cleanup module test2/n");
}
MODULE_LICENSE("GPL");
1435
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
