RE: netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>I know how to intercept tcp packets at NF_IP_PRE_ROUTING and do what I
have to, but how to put the packet back to >either NF_IP_LOCAL_IN or
NF_IP_LOCAL_OUT in network stack path.

>If you can point me example code that will be great. 

Dear Chen,

First of all, you can go through the following link.
http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO.ht
ml

Please find some sample code below. I think it may help you.

Thanks and Regards,
Srinivas G

========================================================================
===
/* define netfilter structure here */
static struct nf_hook_ops netfilter_hook;

/* pointer to a buffer */
unsigned char *ptr_packet_buff;

/* function prototype which is called when a packet arrives */
unsigned int netfilter_drv_hook(unsigned int hooknum, 
				struct sk_buff **skb,
		      		const struct net_device *in, 
				const struct net_device *out,
		      		int (*okfn)(struct sk_buff *))
{
	printk("One Packet arrvied!\n");

	/* alocate the packet buffer */
	ptr_packet_buff = (unsigned char *)vmalloc(MAX_PACK_BUFF);
	
	/* the received packet was dropped here itself */
	return NF_QUEUE;
}
	
	

/* netfilter_init: initialization function */
static int
__init init_netfilter(void)
{
	printk("invoked!\n");
	
	/* assign the function pointer */
	netfilter_hook.hook = netfilter_drv_hook;

	/* assign the protocol family i.e. IPv4 */
	netfilter_hook.pf = PF_INET;

	/* assign the hook number like NF_IP_LOCAL_IN etc. */
	netfilter_hook.hooknum = NF_IP_PRE_ROUTING;

	/* assign the hook priority */
	netfilter_hook.priority = NF_IP_PRI_FIRST;

	/* register the netfilter driver with pointer to structure */
	nf_register_hook(&netfilter_hook);

	return 0;
}

/* netfilter_exit: cleanup function */
static void
__exit netfilter_exit(void)
{
	printk("invoked!\n");

	/* unregister the driver */
	nf_unregister_hook(&netfilter_hook);
	
}

/* explicit module definitions */
module_init(init_netfilter);
module_exit(netfilter_exit);

========================================================================
==

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux