#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/ip.h>
#include <linux/netdevice.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
#include <linux/if_ether.h>
#include <linux/if_vlan.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter_arp.h>
#include <linux/in_route.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/route.h>
#include <asm/uaccess.h>
#include <asm/checksum.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static unsigned int demo_nf_pre_routing(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#else
static unsigned int demo_nf_pre_routing(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#endif
{
return NF_ACCEPT;
}
static unsigned int
demo_nf_pre_routing_ipv6(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static unsigned int demo_nf_local_in(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#else
static unsigned int demo_nf_local_in(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#endif
{
DBGDBG("entered, packet len: %d\n", skb->len + skb->mac_len);
DBGHEX(skb->mac_header, skb->mac_len + skb->len);
return NF_ACCEPT;
}
static unsigned int
demo_nf_local_in_ipv6(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static unsigned int demo_nf_forward(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#else
static unsigned int demo_nf_forward(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#endif
{
return NF_ACCEPT;
}
static unsigned int
demo_nf_forward_ipv6(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static unsigned int demo_nf_local_out(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#else
static unsigned int demo_nf_local_out(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#endif
{
return NF_ACCEPT;
}
static unsigned int
demo_nf_local_out_ipv6(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static unsigned int demo_nf_post_routing(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#else
static unsigned int demo_nf_post_routing(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out, int (*okfn) (struct sk_buff *))
#endif
{
return NF_ACCEPT;
}
static unsigned int
demo_nf_post_routing_ipv6(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
return NF_ACCEPT;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 32)
static struct nf_hook_ops demo_nf_ops[] = {
{.hook = demo_nf_pre_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_pre_routing_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_local_in,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_local_in_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_forward,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_forward_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_local_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_local_out_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_post_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_post_routing_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP6_PRI_FILTER,},
};
#else
static struct nf_hook_ops demo_nf_ops[] = {
{.hook = demo_nf_pre_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_pre_routing_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_PRE_ROUTING,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_local_in,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_local_in_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_LOCAL_IN,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_forward,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_FORWARD,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_forward_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_FORWARD,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_local_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_local_out_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_LOCAL_OUT,
.priority = NF_IP6_PRI_FILTER,},
{.hook = demo_nf_post_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_FILTER,},
{.hook = demo_nf_post_routing_ipv6,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_POST_ROUTING,
.priority = NF_IP6_PRI_FILTER,},
};
#endif
//call this func in module_init func
int demo_filter_init(void)
{
int i, ret;
for (i = 0; i < ARRAY_SIZE(demo_nf_ops); i++) {
if ((ret = nf_register_hook(&demo_nf_ops[i])) >= 0)
continue;
while (i--)
nf_unregister_hook(&demo_nf_ops[i]);
return ret;
}
DBGINFO("Demo netfilter driver initialized\n");
return 0;
}
//call this func in module_exit func
void demo_filter_uninit(void)
{
int i;
for (i = ARRAY_SIZE(demo_nf_ops) - 1; i >= 0; i--)
nf_unregister_hook(&demo_nf_ops[i]);
DBGINFO("Demo netfilter driver uninitialized\n");
}