linux-2.6.35.6内核netfilter框架,Linux2.6内核Netfilter的简单例子、七（netMonitor）

2010年02月26日 星期五 17时48分02秒

升级whoVisit的功能，监视5个hook点的网络信息，以便调试我的其他netfilter模块。

1、netMonitor.c

#include

#include                   /* for tcphdr */

#include

#include                     /* for csum_tcpudp_magic */

#include

#include                    /* for icmp_send */

#include                   /* for ip_route_output */

#include

#include

#include

#include

#include

#include "tools.h"

MODULE_LICENSE("GPL");

/* This is the structure we shall use to register our function */

/* This is the hook function itself */

unsigned int sahu_pre_routing(unsigned int hooknum,

struct sk_buff *skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

char saddr_str[16],daddr_str[16];

struct sk_buff *sb = skb;

struct iphdr *iph;

if(!sb) return NF_ACCEPT;

iph = ip_hdr(sb);

if(!iph) return NF_ACCEPT;

inet_i2str(iph->saddr,saddr_str);

inet_i2str(iph->daddr,daddr_str);

printk("pre_routing:/t%s->%s/n",saddr_str,daddr_str);

return NF_ACCEPT;

}

unsigned int sahu_post_routing(unsigned int hooknum,

struct sk_buff *skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

char saddr_str[16],daddr_str[16];

struct sk_buff *sb = skb;

struct iphdr *iph;

if(!sb) return NF_ACCEPT;

iph = ip_hdr(sb);

if(!iph) return NF_ACCEPT;

inet_i2str(iph->saddr,saddr_str);

inet_i2str(iph->daddr,daddr_str);

printk("post_routing:/t%s->%s/n",saddr_str,daddr_str);

return NF_ACCEPT;

}

unsigned int sahu_local_in(unsigned int hooknum,

struct sk_buff *skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

char saddr_str[16],daddr_str[16];

struct sk_buff *sb = skb;

struct iphdr *iph;

if(!sb) return NF_ACCEPT;

iph = ip_hdr(sb);

if(!iph) return NF_ACCEPT;

inet_i2str(iph->saddr,saddr_str);

inet_i2str(iph->daddr,daddr_str);

printk("local_in:/t%s->%s/n",saddr_str,daddr_str);

return NF_ACCEPT;

}

unsigned int sahu_local_out(unsigned int hooknum,

struct sk_buff *skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

char saddr_str[16],daddr_str[16];

struct sk_buff *sb = skb;

struct iphdr *iph;

if(!sb) return NF_ACCEPT;

iph = ip_hdr(sb);

if(!iph) return NF_ACCEPT;

inet_i2str(iph->saddr,saddr_str);

inet_i2str(iph->daddr,daddr_str);

printk("local_out:/t%s->%s/n",saddr_str,daddr_str);

return NF_ACCEPT;

}

unsigned int sahu_forward(unsigned int hooknum,

struct sk_buff *skb,

const struct net_device *in,

const struct net_device *out,

int (*okfn)(struct sk_buff *))

{

char saddr_str[16],daddr_str[16];

struct sk_buff *sb = skb;

struct iphdr *iph;

if(!sb) return NF_ACCEPT;

iph = ip_hdr(sb);

if(!iph) return NF_ACCEPT;

inet_i2str(iph->saddr,saddr_str);

inet_i2str(iph->daddr,daddr_str);

printk("forward:/t%s->%s/n",saddr_str,daddr_str);

return NF_ACCEPT;

}

/* netfilter hooks in this kernel module*/

static struct nf_hook_ops sahu_ops[] __read_mostly = {

{

.hook = sahu_pre_routing,

.owner = THIS_MODULE,

.pf = PF_INET,

.hooknum = NF_INET_PRE_ROUTING,

.priority = NF_IP_PRI_FIRST,

},

{

.hook = sahu_post_routing,

.owner = THIS_MODULE,

.pf = PF_INET,

.hooknum = NF_INET_POST_ROUTING,

.priority = NF_IP_PRI_FIRST,

},

{

.hook = sahu_local_in,

.owner = THIS_MODULE,

.pf = PF_INET,

.hooknum = NF_INET_LOCAL_IN,

.priority = NF_IP_PRI_FIRST,

},

{

.hook = sahu_local_out,

.owner = THIS_MODULE,

.pf = PF_INET,

.hooknum = NF_INET_LOCAL_OUT,

.priority = NF_IP_PRI_FIRST,

},

{

.hook = sahu_forward,

.owner = THIS_MODULE,

.pf = PF_INET,

.hooknum = NF_INET_FORWARD,

.priority = NF_IP_PRI_FIRST,

}

};

/* Initialisation routine */

int init_module()

{

int ret;

ret = nf_register_hooks(sahu_ops,ARRAY_SIZE(sahu_ops));

if(ret<0){

pr_info("can't install netMonitor into kernel!/n");

}else{

pr_info("netMonitor install into kernel!/n");

}

return 0;

}

/* Cleanup routine */

void cleanup_module()

{

nf_unregister_hooks(sahu_ops,ARRAY_SIZE(sahu_ops));

pr_info("netMonitor removed from kernel!/n");

}

2、tool.h

//extern static char * inet_i2str(__be32 addr);

int inet_i2str(unsigned int addr,char *addr_str){

unsigned char *p;

int i;

p=(unsigned char *)(&addr);

for(i=0;i<4;i++){

addr_str[i*4+0]=*(p+i)/100+'0';

addr_str[i*4+1]=*(p+i)/10-(*(p+i)/100)*10+'0';

addr_str[i*4+2]=*(p+i)%10+'0';

addr_str[i*4+3]='.';

}

addr_str[15]='/0';

return 0;

}

3、Makefile

obj-m +=netMonitor.o

all:

make -C /lib/modules/`uname -r`/build M=`pwd`

clean:

make -C /lib/modules/`uname -r`/build M=`pwd` clean

install:

/sbin/insmod netMonitor.ko

remove:

/sbin/rmmod netMonitor

4、编译模块：

make

5、安装模块：

make install

6、测试：

ping 127.0.0.1

输入：dmesg | tail，查看结果，有如下字样：

[ 3642.000132] local_out: 127.000.000.001->127.000.000.001

[ 3642.000147] post_routing: 127.000.000.001->127.000.000.001

[ 3642.000157] pre_routing: 127.000.000.001->127.000.000.001

[ 3642.000163] local_in: 127.000.000.001->127.000.000.001

7、卸载模块：

make remove