0

当数据包到达NF_IP_PRE_ROUTING的钩子时,我想直接将一些数据包传递到L4层。我使用使用 ip_local_deliver() 函数。但是,它不起作用。我可以知道如何使它工作。谢谢!

最好的问候,劳伦斯

4

1 回答 1

0

感谢您的建议!我的代码如下:

const char* hooks[] = {"NF_IP_PRE_ROUTING"};

unsigned int
header(unsigned int hooknum,
                     struct sk_buff* skb,
                     const struct net_device *in,
                     const struct net_device *out,
                     int (*okfn)(struct sk_buff*))
{

    struct sk_buff* nskb;
    struct iphdr *iph = NULL;

    nskb = skb;
    if(nskb==NULL)
    {
      printk("%s\n", "*skb is NULL");
      return NF_ACCEPT;
    }

    iph = ip_hdr(nskb);
    if(iph == NULL)
    {
      printk("%s\n", "*iph is NULL");
      return NF_ACCEPT;
    }

    if ((iph->protocol == IPPROTO_UDP) || (iph->protocol == IPPROTO_ICMP)){

            ip_local_deliver(nskb);
            printk("------delivered  --------\n");
            return NF_STOLEN;
    }

    return NF_ACCEPT;
}


static struct nf_hook_ops header_ops[] = {  
{
    {
        .hook     = header,
        .owner    = THIS_MODULE,
        .pf       = PF_INET,
        .hooknum  = 0, //NF_IP_PRE_ROUTING,
        .priority = NF_IP_PRI_FIRST,
    },
};

static int __init init(void)
{

      int ret;
      ret = nf_register_hooks(header_ops, ARRAY_SIZE(header_ops));
      if (ret < 0) {
          printk("http detect:can't register header_ops detect hook!\n");
          return ret;
      }
      printk("insmod header_ops detect module\n");
      return 0;
}

static void __exit fini(void)
{

     nf_unregister_hooks(header_ops, ARRAY_SIZE(header_ops));
     printk("remove header_ops detect module.\n");

}


module_init(init);

module_exit(fini);
于 2013-04-07T20:59:40.890 回答