Problem with Netfilter
- From: "Prafulla T" <prafulla.tekawade@xxxxxxxxx>
- Date: 29 Dec 2006 20:42:59 -0800
Hello to Evreryone.
I am trying to make Linux Kernel Module which will work
as firewall.
It is bases on one Linux Journel Article that I found about Simple
Firewalls.
I am using netfilter to get the packets.
I have written code which I have attached below.
Then I wrote simple client server code using Java.
Server runs on Localhost Port-12000
Client(which is also on Localhost) makes connection to Server & sends
one string & terminates.
Now,This java program works even When i have inserted This module into
kernel.
It's not blocking Client from making TCP Connection at Port-12000
What's getting wrong?
Help me!!
<<Code Start>>
/*
gcc -c -DMODULE -D__KERNEL__ -o net.o pfilter.c -isystem
/lib/modules/2.4.20-8/build/include
*/
#include <linux/kernel.h>
#include <linux/module.h>
/*For Network Code*/
#include <linux/net.h>
#include <net/sock.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /*IP Header Defination*/
#include <linux/tcp.h>
#include <asm/uaccess.h>
/*For kmalloc and related stuff*/
#include <linux/slab.h>
MODULE_AUTHOR("Prafulla Tekawade(prafulla.tekawade@xxxxxxxxx)");
MODULE_DESCRIPTION("Playing with NetFilters");
MODULE_LICENSE("GPL");
static struct nf_hook_ops netfilter_ops;
struct sk_buff *sock_buff;
struct udphdr *udp_header;
struct tcphdr *tcp_header;
unsigned int main_hook(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
sock_buff = *skb;
if(!sock_buff)
{
printk("Could not get SKB ????");
return NF_ACCEPT;
}
if(!(sock_buff->nh.iph))
{
printk("Not an IP,Leave it");
return NF_ACCEPT;
}
if(sock_buff->nh.iph->protocol == 6 )
{
tcp_header = (struct tcphdr *)(sock_buff->data +
(sock_buff->nh.iph->ihl *4));
if(tcp_header->source==12000)
{
printk(">>TCP Packet Received");
printk(">>Source Port=%d,Dest
Port=%d\n",tcp_header->source,tcp_header->dest);
return NF_DROP;
}
}
return NF_ACCEPT;
}
int init_module()
{
printk("Module Inserted,Now registering Hook<<<<<<New>>>>>>>>>1\n");
netfilter_ops.hook = main_hook;
netfilter_ops.pf = PF_INET;
netfilter_ops.hooknum = NF_IP_PRE_ROUTING;
netfilter_ops.priority = NF_IP_PRI_FIRST;
nf_register_hook(&netfilter_ops);
return 0;
}
void cleanup_module()
{
printk("\nModule Removed");
nf_unregister_hook(&netfilter_ops);
}
<<Code End>>
.
- Prev by Date: Re: Problem in Networking at Kernel Level
- Next by Date: Re: Voange WRT54GP2 router to Fedora Core 5 - eth0 won't get IP address and won't start
- Previous by thread: disabling sockets for running processes
- Next by thread: One computer only on home net having DNS lookup trouble
- Index(es):
Relevant Pages
|
