linux内核更新,sk_buff变了,博一个linux 2.6.32-504.23.4.el6.x86_64下的netfilter钩子
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define NIPQUAD(addr) \
((unsigned char *)&addr)[0], \
((unsigned char *)&addr)[1], \
((unsigned char *)&addr)[2], \
((unsigned char *)&addr)[3]
MODULE_LICENSE("GPL");
MODULE_AUTHOR("FrankXiong");
static struct nf_hook_ops nfho;
unsigned int hook_func(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) {
struct sk_buff *sb;
struct iphdr *iph;
// struct ethdhr *eth;
struct udphdr *udp;
__be32 sip,dip;
sb = skb;
iph = ip_hdr(sb);
udp = (struct udphdr*)&sb->transport_header;
sip = iph->saddr;
dip = iph->daddr;
printk("src= %d.%d.%d.%d\n",NIPQUAD(sip));
printk("dst= %d.%d.%d.%d\n",NIPQUAD(dip));
// ti qu IP tou
if(skb->pkt_type == PACKET_BROADCAST) {
return NF_ACCEPT;
}
if(skb->protocol == htons(ETH_P_IP)){
switch (iph->protocol) {
case IPPROTO_TCP: {
printk("TCP packet\n");
break;
}
case IPPROTO_ICMP: {
printk("ICMP packet\n");
break;
}
case IPPROTO_UDP: {
printk("UDP packet\n");
if (ntohs(udp->dest) == 520) {
printk("RIP packet\n");
}
break;
}
case IPPROTO_IP: {
printk("IP packet\n");
break;
}
default:
printk("other packet\n");
}
}
printk("===========\n");
return NF_ACCEPT;
}
static int kexec_test_init(void) {
printk("hook start ...\n");
nfho.hook = hook_func;
nfho.owner = NULL;
nfho.pf = PF_INET;
nfho.hooknum = NF_INET_PRE_ROUTING;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho);
return 0;
}
static void kexec_test_exit(void) {
printk("hook init...\n");
nf_unregister_hook(&nfho);
}
module_init(kexec_test_init);
module_exit(kexec_test_exit);
Makefile:
obj-m := netfilter_hook.o
KERNELBUILD := /lib/modules/`uname -r`/build
default:
make -C $(KERNELBUILD) M=$(shell pwd) modules
clean:
rm -rf *.o .*.cmd *.ko *.mod.c .tmp_versions Module.symvers *.ko.unsigned modules.order
193
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
