上一篇点击打开链接介绍了netfilter的机制,本篇通过一个极简单的内核模块实践一下该机制。module代码nf_hook.c如下,在NF_INET_LOCAL_IN上挂hook_func钩子并判断如果报文目的地址是10.10.10.10就打印一下,仅此而已。
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/module.h>
#include <linux/ip.h>
static struct nf_hook_ops nfho;
//function to be called by hook
unsigned int hook_func(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (* okfn)(struct sk_buff *))
{
int ret = 0;
struct iphdr *iph = NULL;
struct udphdr *udp = NULL;
iph = (struct iphdr *)skb_network_header(skb);
if (ntohl(iph->daddr) == 0x0A0A0A0A) //10.10.10.10
{
printk("%s rcv packet \n\r",__func__);
}
return NF_ACCEPT;
}
int nf_hook_install(v