为什么慢速netfilter挂钩功能,导致系统崩溃?

时间:2013-07-06 08:39:58

标签: c crash kernel-module netfilter

以下代码是一个简单的netfilter挂钩模块。将msleep(500);添加到main_hook功能时,系统崩溃了。

有什么问题?

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/fs.h>
#include <asm/uaccess.h>
#include <linux/mutex.h>

#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

#include <linux/if_ether.h>
#include <linux/ip.h>
#include <net/ip.h>

#include <linux/tcp.h>
#include <net/tcp.h>
#include <linux/inet.h>
#include<linux/delay.h>

static struct mutex critical_section;

unsigned int main_hook(unsigned int hooknum,
                       struct sk_buff *skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff*))
{
    if (skb)
    {
        mutex_lock(&critical_section);
        msleep(500); // <------ Adding this line cause the system crashes.
        mutex_unlock(&critical_section);
    }
    return NF_ACCEPT;
}

static int __init my_device_module_init(void)
{
    mutex_init(&critical_section);

    netfilter_ops_out.hook                  =       main_hook;
    netfilter_ops_out.pf                    =       NFPROTO_IPV4;
    netfilter_ops_out.hooknum               =       NF_INET_POST_ROUTING;
    netfilter_ops_out.priority              =       NF_IP_PRI_FIRST;

    nf_register_hook(&netfilter_ops_out); /* register NF_IP_POST_ROUTING hook */

    return 0;
}

static void __exit my_device_module_exit(void)
{
    nf_unregister_hook(&netfilter_ops_out); /*unregister NF_IP_POST_ROUTING hook*/
    return;
}

module_init(my_device_module_init);
module_exit(my_device_module_exit);

0 个答案:

没有答案