【发布时间】:2016-09-10 13:57:10
【问题描述】:
我有一个基本代码。此代码丢弃并记录所有传入和传出的数据包。 我想编写一个 netfilter 内核模块来拦截数据包并将它们记录在内核日志中。它应该能够检测到不同类型的基于 TCP 的侦察包(例如显示 1 或 2)。该模块应该检测这些数据包并记录到内核日志中。我不想过滤数据包,只是识别并记录它们。
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
static struct nf_hook_ops nfho; //struct holding set of hook function options
//function to be called by hook
unsigned int hook_func(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *))
{
printk(KERN_INFO "packet dropped\n"); //log to var/log/messages
return NF_DROP; //drops the packet
}
//Called when module loaded using 'insmod'
int init_module()
{
nfho.hook = hook_func; //function to call when conditions below met
nfho.hooknum = NF_IP_PRE_ROUTING; //called right after packet recieved, first hook in Netfilter
nfho.pf = PF_INET; //IPV4 packets
nfho.priority = NF_IP_PRI_FIRST; //set to highest priority over all other hook functions
nf_register_hook(&nfho); //register hook
return 0; //return 0 for success
}
//Called when module unloaded using 'rmmod'
void cleanup_module()
{
nf_unregister_hook(&nfho); //cleanup – unregister hook
}
【问题讨论】:
标签: c linux tcp linux-kernel netfilter