simple.c

linux下的ipv6防火墙过滤函数源代码

#define __KERNEL__
#define MODULE
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
#include <linux/netfilter_ipv6.h>
#include <linux/if_ether.h>
static struct nf_hook_ops nfho;

unsigned int filter(unsigned int hooknum, struct sk_buff **skb,
		const struct net_device *in, const struct net_device *out,
		int (*okfn)(struct sk_buff *))

{  
struct sk_buff *sk=*skb;
struct ipv6hdr  *hv6;
struct icmp6hdr  *mp6;
int i;
unsigned char vip[16]={0xfe,0x80,00,00,00,00,00,00,0x02,0x0c,0x29,0xff,0xfe,0xa9,0x43,0x93};
hv6=(struct ipv6hdr *)(sk->data);
for(i=0;i<sk->len;i++)
printk(":%02x",(unsigned int)sk->data[i]);
if(hv6->nexthdr==0x3a)
{ 
unsigned char *s;
mp6=(struct icmp6hdr *)(sk->data+40);
s=(unsigned char *)(sk->data+48);
if(mp6->icmp6_type==136)
{
if(strncmp(s,vip,16)==0)
{
printk("drop\n");
return NF_DROP;
}
}
}


	return NF_ACCEPT;
}

int init_module(void)
{	
	
		nfho.list.next=NULL;
		nfho.list.prev=NULL;
		nfho.hook = filter;
		nfho.hooknum = NF_IP6_PRE_ROUTING;
		nfho.pf = PF_INET6;
		nf_register_hook(&nfho);
	printk("vip drop initialized OK\n");
	
	return 0;
}

void cleanup_module(void)
{

	nf_unregister_hook(&nfho); 
	printk("GoodBye\n");
	
}

MODULE_LICENSE("GPL");