我想直接将一些数据包传递到L4层,当 数据包到达 NF_IP_PRE_ROUTING 的钩子(Hook)。我用的是用 ip_local_deliver() 函数。然而,它不起作用。我可以知道怎么做吗 我能让它发挥作用。谢谢!
最诚挚的问候, 劳伦斯
最佳答案
感谢您的建议!我的代码如下:
const char* hooks[] = {"NF_IP_PRE_ROUTING"};
unsigned int
header(unsigned int hooknum,
struct sk_buff* skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
struct sk_buff* nskb;
struct iphdr *iph = NULL;
nskb = skb;
if(nskb==NULL)
{
printk("%s\n", "*skb is NULL");
return NF_ACCEPT;
}
iph = ip_hdr(nskb);
if(iph == NULL)
{
printk("%s\n", "*iph is NULL");
return NF_ACCEPT;
}
if ((iph->protocol == IPPROTO_UDP) || (iph->protocol == IPPROTO_ICMP)){
ip_local_deliver(nskb);
printk("------delivered --------\n");
return NF_STOLEN;
}
return NF_ACCEPT;
}
static struct nf_hook_ops header_ops[] = {
{
{
.hook = header,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = 0, //NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST,
},
};
static int __init init(void)
{
int ret;
ret = nf_register_hooks(header_ops, ARRAY_SIZE(header_ops));
if (ret < 0) {
printk("http detect:can't register header_ops detect hook!\n");
return ret;
}
printk("insmod header_ops detect module\n");
return 0;
}
static void __exit fini(void)
{
nf_unregister_hooks(header_ops, ARRAY_SIZE(header_ops));
printk("remove header_ops detect module.\n");
}
module_init(init);
module_exit(fini);
关于linux - 如何在 NF_IP_PRE_ROUTING Hook 中直接将数据包传递到 L4 层,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15747064/