Re: netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Srinivas,

The hook to netfilter to intercept packet is clear to me.
I don't know how to put the packet back to different tap point than where packet is intercepted. For example, my code hooks to NF_IP_PRE_ROUTING, after processing, I want to bypass routing and deliver the packet to TCP stack which I think the NF_IP_LOCAL_IN is the point I need to inject. This is where I'm stuck now.

Thanks,
Ming

On 4/28/06, Srinivas G. <srinivasg@xxxxxxxxxxxxxxxxxxxxx> wrote:

>I know how to intercept tcp packets at NF_IP_PRE_ROUTING and do what I
have to, but how to put the packet back to >either NF_IP_LOCAL_IN or
NF_IP_LOCAL_OUT in network stack path.

>If you can point me example code that will be great.

Dear Chen,

First of all, you can go through the following link.
http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO.ht
ml

Please find some sample code below. I think it may help you.

Thanks and Regards,
Srinivas G

========================================================================
===
/* define netfilter structure here */
static struct nf_hook_ops netfilter_hook;

/* pointer to a buffer */
unsigned char *ptr_packet_buff;

/* function prototype which is called when a packet arrives */
unsigned int netfilter_drv_hook(unsigned int hooknum,
                                struct sk_buff **skb,
                                const struct net_device *in,
                                const struct net_device *out,
                                int (*okfn)(struct sk_buff *))
{
        printk("One Packet arrvied!\n");

        /* alocate the packet buffer */
        ptr_packet_buff = (unsigned char *)vmalloc(MAX_PACK_BUFF);

        /* the received packet was dropped here itself */
        return NF_QUEUE;
}



/* netfilter_init: initialization function */
static int
__init init_netfilter(void)
{
        printk("invoked!\n");

        /* assign the function pointer */
        netfilter_hook.hook = netfilter_drv_hook;

        /* assign the protocol family i.e. IPv4 */
        netfilter_hook.pf = PF_INET;

        /* assign the hook number like NF_IP_LOCAL_IN etc. */
        netfilter_hook.hooknum = NF_IP_PRE_ROUTING;

        /* assign the hook priority */
        netfilter_hook.priority = NF_IP_PRI_FIRST;

        /* register the netfilter driver with pointer to structure */
        nf_register_hook(&netfilter_hook);

        return 0;
}

/* netfilter_exit: cleanup function */
static void
__exit netfilter_exit(void)
{
        printk("invoked!\n");

        /* unregister the driver */
        nf_unregister_hook(&netfilter_hook);

}

/* explicit module definitions */
module_init(init_netfilter);
module_exit(netfilter_exit);

========================================================================
==

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux