我想直接将一些数据包传送到L4层 数据包到达NF_IP_PRE_ROUTING的钩子。我使用了 ip_local_deliver()函数。但是,它不起作用。我可以知道怎么做 我可以让它发挥作用。谢谢!
最诚挚的问候, 劳伦斯
答案 0 :(得分:0)
感谢您的建议!我的代码如下:
const char* hooks[] = {"NF_IP_PRE_ROUTING"};
unsigned int
header(unsigned int hooknum,
struct sk_buff* skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
struct sk_buff* nskb;
struct iphdr *iph = NULL;
nskb = skb;
if(nskb==NULL)
{
printk("%s\n", "*skb is NULL");
return NF_ACCEPT;
}
iph = ip_hdr(nskb);
if(iph == NULL)
{
printk("%s\n", "*iph is NULL");
return NF_ACCEPT;
}
if ((iph->protocol == IPPROTO_UDP) || (iph->protocol == IPPROTO_ICMP)){
ip_local_deliver(nskb);
printk("------delivered --------\n");
return NF_STOLEN;
}
return NF_ACCEPT;
}
static struct nf_hook_ops header_ops[] = {
{
{
.hook = header,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = 0, //NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST,
},
};
static int __init init(void)
{
int ret;
ret = nf_register_hooks(header_ops, ARRAY_SIZE(header_ops));
if (ret < 0) {
printk("http detect:can't register header_ops detect hook!\n");
return ret;
}
printk("insmod header_ops detect module\n");
return 0;
}
static void __exit fini(void)
{
nf_unregister_hooks(header_ops, ARRAY_SIZE(header_ops));
printk("remove header_ops detect module.\n");
}
module_init(init);
module_exit(fini);