netfilter例子改写2

最新推荐文章于 2025-05-15 09:28:56 发布

mounter625

最新推荐文章于 2025-05-15 09:28:56 发布

阅读量802

点赞数

CC 4.0 BY-SA版权

文章标签： hook module struct structure filter function

本文链接：https://blog.youkuaiyun.com/mounter625/article/details/7892565

本文提供了一个针对Linux 3.2.19内核的Netfilter示例代码，演示如何通过安装一个Netfilter钩子函数来丢弃指定IP地址的所有TCP数据包。该钩子函数在数据包到达之前被调用，并检查数据包是否为TCP类型。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

netfilter test examples are for linux 2.4. Now these examples are rewrite on linux kernel 3.2.19
filter_tcp.c
--------------------Begin--------------------------------------
/* Sample code to install a Netfilter hook function that will
* drop all incoming packets from an IP address we specify */

//#define __KERNEL__
//#define MODULE

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h>                  /* For IP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;

/* IP address we want to drop packets from, in NB order */
//static unsigned char *drop_ip = "\x7f\x00\x00\x01";
/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
                       struct sk_buff *skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *))
{
    struct iphdr *ip1 = NULL;
    if (!skb){
        return NF_ACCEPT;
    }
    ip1 = ip_hdr(skb);
    if (NULL != ip1){
        if (IPPROTO_TCP == ip1->protocol){
            printk("tcp,drop\n");
            return NF_DROP;
        }
    }else{
        printk("null!\n");
    }
    return NF_ACCEPT;
}

/* Initialisation routine */
int init_module()
{
   /* Fill in our hook structure */
   nfho.hook     = hook_func;
   /* Handler function */
   nfho.hooknum = NF_INET_PRE_ROUTING; /* First for IPv4 */
   nfho.pf       = PF_INET;
   nfho.priority = NF_IP_PRI_FIRST;   /* Make our func first */
   printk("init_module,filter_tcp\n");
   nf_register_hook(&nfho);

   return 0;
}

/* Cleanup routine */
void cleanup_module()
{
    printk("cleanup_module,filter_tcp\n");
    nf_unregister_hook(&nfho);
}
----------------------End-----------------------
Makefile
-------------------------Begin---------------------
MODULE_NAME:=filter_tcp
ifneq ($(KERNELRELEASE),)
mymodule-objs:=${MODULE_NAME}.o
obj-m:=${MODULE_NAME}.o
else
PWD:=$(shell pwd)
KVER:=$(shell uname -r)

KDIR:=/usr/src/linux-source-3.2.0/linux-source-3.2.0
all:
        $(MAKE) -C $(KDIR) M=$(PWD)
clean:
        @rm -rf .*.com *.o *.mod.c *.ko .tmp_versions modules.order Module.symvers
install:
        echo ${KDIR}
        @insmod ${MODULE_NAME}.ko
uninstall:
        @rmmod ${MODULE_NAME}.ko
endif
-------------------------End-----------------------