testfirewall2.6drop.c

linux2.6内核网络模块

/*Compile:gcc -O -c -Wall testfirewall.c ,under linux2.4.20*/
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
//#include <linux/moduleparam.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
//#include<linux/config.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter.h>
MODULE_LICENSE("lxg BSD/GPL");
static unsigned int 
example(unsigned int hooknum,struct sk_buff **skb,const struct net_device *in,const struct net_device *out,int (*okfn)(struct sk_buff*))
{
	struct iphdr *iph;
	struct tcphdr *tcph;
	struct udphdr *udph;
	__u32 sip;
	__u32 dip;
	__u16 sport;
	__u16 dport;
	iph=(*skb)->nh.iph;
	sip=iph->saddr;
	dip=iph->daddr;
  
	//if(iph->protocol==6){
		//tcph=(struct tcphdr*)((__u32*)iph+iph->ihl);
		//sport=tcph->source;
		//dport=tcph->dest;
		//printk(KERN_EMERG"234ldjsg\n");
		//if(1){
			printk(KERN_EMERG"%d.%d.%d.%d to %d.%d.%d.%d land\n",NIPQUAD(sip),NIPQUAD(dip));
			return NF_DROP;
		//}
		//if(1){
			//printk(KERN_EMERG"%d.%d.%d.%d to %d.%d.%d.%d winnuke\n",NIPQUAD(sip),NIPQUAD(dip));
			//return NF_DROP;
		//}
	//}
	   //printk(KERN_EMERG"1111111111112222222222222222\n");
		//return NF_DROP;
}
static struct nf_hook_ops iplimitfilter={
	.hook =example,
	.owner=THIS_MODULE,
	.pf=	PF_INET,
	.hooknum=NF_IP_LOCAL_IN,
	.priority=NF_IP_PRI_FILTER-1,};

static void test_init(void)
{
	 nf_register_hook(&iplimitfilter);
}
static void test_exit(void)
{
	nf_unregister_hook(&iplimitfilter);
   //printk(KERN_EMERG"exit\n");
	
}
module_init(test_init);
module_exit(test_exit);