Hi,
i'm trying a simple lkm tht register a hook in PF_BRIDGE protocol,
also registers a queue_handler for the same.
the hook function simply returns NF_QUEUE for all IP pakcets.
i'm trying this out in 2.6.18-8.el5 (centos 5.0)
it seems like pkts are queuing up, but the _problem_ is queue_handler
is not getting invoked.
plz refer to the code below.
(NOTE: the same program worked fine in my rh9 (ie 2.4 kernel), of
course with minor nf API modification)
-------------------------------------------------
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/if_ether.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/list.h>
#include <linux/netfilter.h>
#include <linux/netfilter_bridge.h>
#include <linux/netfilter_ipv4.h>
#include <linux/spinlock.h>
static unsigned int ebq_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
if(ntohs(ETH_P_IP) != eth_hdr(*pskb)->h_proto)
{
printk(KERN_WARNING "caught non-IP packet\n");
return NF_ACCEPT;
}
//printk(KERN_INFO "src_ip: %d.%d.%d.%d dst_ip: %d.%d.%d.%d\n",
//NIPQUAD((*pskb)->nh.iph->saddr),
//NIPQUAD((*pskb)->nh.iph->daddr));
return NF_QUEUE;
}
static struct nf_hook_ops ebq_ops =
{
.hook = ebq_hook,
.owner = THIS_MODULE,
.pf = PF_BRIDGE,
.hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_FIRST
};
static int ebq_enqueue(struct sk_buff *skb, struct nf_info *info,
unsigned int queuenum, void *data) //start queueing.....
{
int status = -EINVAL;
printk(KERN_INFO "ebq_enqueue: inside ebq_enqueue\n");
printk(KERN_INFO "src_ip: %d.%d.%d.%d dst_ip: %d.%d.%d.%d\n",
NIPQUAD(skb->nh.iph->saddr), NIPQUAD(skb->nh.iph->daddr));
nf_reinject(skb, info, NF_ACCEPT); // :-)
status = 0;
return status; //arey... return zero directly na...
}
static struct nf_queue_handler ebq_handler =
{
.name = "testicles",
.data = NULL,
.outfn = ebq_enqueue,
};
int enter_da_dragon(void) //module loading....
{
int status = -ENOMEM;
printk(KERN_INFO "eb_queue: registering hook handler\n");
status = nf_register_hook(&ebq_ops);
if(status < 0)
{
printk(KERN_ERR "eb_queue: failed to register hook\n");
return -EINVAL;
}
printk(KERN_INFO "eb_queue: registering queue handler\n");
status = nf_register_queue_handler(PF_BRIDGE, &ebq_handler);
if(status < 0)
{
printk(KERN_ERR "eb_queue: failed 2 reg queue handler\n");
goto err_queue;
}
return status;
err_queue:
nf_unregister_hook(&ebq_ops);
return status;
}
void exit_da_dragon(void) //module exitin....
{
printk(KERN_INFO "eb_queue: unregistering queue handler\n");
nf_unregister_queue_handler(PF_BRIDGE);
printk(KERN_INFO "eb_queue: unregistering hook handler\n");
nf_unregister_hook(&ebq_ops);
}
module_init(enter_da_dragon);
module_exit(exit_da_dragon);
MODULE_DESCRIPTION("bridge mode hook!!!");
MODULE_LICENSE("GPL");
-----------------------------------------------------
i tried to search the solution for this in kernel/net/bridge
directory, but didn't find it (or wasn't able to locate it)
is there any other way to do this??
TIA,
Ratnaraj
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
