netfilter/hook关于ICMP协议过滤的样例

来源：互联网发布：大非农数据利空金银编辑：程序博客网时间：2024/05/18 18:01
#include <linux/module.h>#include <linux/kernel.h>#include <linux/init.h>#include <linux/netfilter.h>#include <linux/skbuff.h>#include <linux/ip.h>#include <linux/netdevice.h>#include <linux/if_ether.h>#include <linux/if_packet.h>#include <net/tcp.h>#include <net/udp.h>#include <net/icmp.h>#include <linux/netfilter_ipv4.h>MODULE_LICENSE("GPL");MODULE_AUTHOR("ljk@xdja.com");MODULE_DESCRIPTION("netfilter hook");static unsigned int hook_icmp_func(unsigned int hooknum,struct sk_buff *skb,const struct net_device *in,const struct net_device *out,int (*okfn)(struct sk_buff *)){struct ethhdr *mac_header = (struct ethhdr *)skb_mac_header(skb);    struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb);if(!skb)return NF_ACCEPT;if(ip_header->protocol == IPPROTO_ICMP){printk(KERN_INFO "src_mac: %pM\n", mac_header->h_source);        printk(KERN_INFO "dst_mac: %pM\n", mac_header->h_dest);            printk(KERN_INFO "src_ip: %pI4\n", &ip_header->saddr);        printk(KERN_INFO "dst_ip: %pI4\n", &ip_header->daddr);                printk(KERN_INFO "the protocol ICMP(%d) is dropped...\n", IPPROTO_ICMP);return NF_DROP;}return NF_ACCEPT;}static struct nf_hook_ops nf_hook_icmp_ops = {.list     = {NULL, NULL},.hook     = hook_icmp_func,.owner    = THIS_MODULE,.pf       = PF_INET/*PF_INET6*/,.hooknum  = NF_INET_LOCAL_OUT,.priority = NF_IP_PRI_FIRST};static int __init hook_icmp_init(void){return nf_register_hook(&nf_hook_icmp_ops);}static void __exit hook_icmp_exit(void){nf_unregister_hook(&nf_hook_icmp_ops);}module_init(hook_icmp_init);module_exit(hook_icmp_exit);
0 0