main.c

本程序是一个module

#ifndef __KERNEL__
#  define __KERNEL__		    /*按内核模块编译*/
#endif
#ifndef MODULE
#  define MODULE		       /*按设备驱动程序模块编译*/
#endif
#include <linux/module.h>	       /*最基本的内核模块头文件*/
#include <linux/sched.h> 
#include <linux/kernel.h>	       /*最基本的内核模块头文件*/
#include <linux/netdevice.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
#include <linux/if.h>
#include <linux/in.h>
#include <linux/firewall.h>
#include <net/checksum.h>
#include "headers.h"

#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_TTL.h>

static unsigned int modify_ttl(unsigned int hooknum,struct sk_buff **skb, 
const struct net_device *in, 
const struct net_device *out,int (*okfn)(struct sk_buff *)) 
{ 
struct iphdr *iph; 
struct tcphdr *tcph; 
struct udphdr *udph;
struct ip *ip;

__u32 sip; 
__u32 dip; 
__u16 sport; 
__u16 dport; 

iph=(*skb)->nh.iph; 
sip=iph->saddr; 
dip=iph->daddr;
ip=(struct ip *)((*skb)->data);

if(iph->ihl!=5){ 
ALERT("IP packet with packet from %d.%d.%d.%d to %d.%d.%d.%d\n",NIPQUAD(sip),NIPQUAD(dip)); 
}

printk("TTL(before modify)====%d\n",ip->ip_ttl);     /*输出原TTL值*/
ip->ip_ttl=5;                                        /*人为将TTL改为5*/
printk("TTL(after modify)====%d\n",ip->ip_ttl);      /*输出修改后的TTL值*/

NF_ACCEPT        /*继续正常传输数据报*/
}

static struct nf_hook_ops prev_mapping 
={{NULL,NULL},modify_ttl,PF_INET,NF_IP_PRE_ROUTING,NF_IP_PRI_FILTER-1};   /*调用的优先级在filer之后*/

int init_module(void) 
{ 
return nf_register_hook(&prev_mapping);          /*注册hook函数*/
}

void cleanup_module(void) 
{ 
printk("unload\n");
nf_unregister_hook(&prev_mapping); 
}