netfilter 过滤icmp包

直接代码

#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/string.h>
#include <linux/netfilter_ipv4.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jason.L.Yu");

char f_dest[16] = "192.168.31.129";
static unsigned int drop_package(unsigned int hooknu,
                        struct sk_buff ** pskb,
                        const struct net_device *in,
                        const struct net_device *out,
                        int (*okfn)(struct sk_buff*))

{
        char buf[16] = {0};

        sprintf(buf, "%u.%u.%u.%u", NIPQUAD((*pskb)->nh.iph->saddr));
        printk("\n\n%s\n\n",buf);
        if(strcmp(buf, f_dest)==0){
                return NF_DROP;
        }
        return NF_ACCEPT;
}

static struct nf_hook_ops filter_baidu[1]= {{
                .hook           = drop_package,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_IP_PRE_ROUTING,
                .priority       = NF_IP_PRI_FILTER,
},};


static int __init filter_init(void)
{
        return nf_register_hooks(filter_baidu, ARRAY_SIZE(filter_baidu));
}

static void __exit filter_fini(void)
{
        nf_unregister_hooks(filter_baidu, ARRAY_SIZE(filter_baidu));
        return;
}
module_init(filter_init);
module_exit(filter_fini);