实际上,Netfilter应该可以正常工作,因为它接收了整个数据包(内部存储为sk_buff,其中包含链接层信息)。以下是一些示例代码,可以帮助您入门。此代码拦截给定设备的所有传入数据包,并打印src
MAC和src IP。
static struct nf_hook_ops nfin;static unsigned int hook_func_in(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)){ struct ethhdr *eth; struct iphdr *ip_header; if (in is not the correct device) return NF_ACCEPT; eth = (struct ethhdr*)skb_mac_header(skb); ip_header = (struct iphdr *)skb_network_header(skb); printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest); printk("src IP addr:=%d.%d.%d.%d:%dn", NIPQUAD(ip_headr->saddr)); return NF_ACCEPT;}static int __init init_main(void){ nfin.hook = hook_func_in; nfin.hooknum = NF_IP_LOCAL_IN; nfin.pf = PF_INET; nfin.priority = NF_IP_PRI_FIRST; nf_register_hook(&nfin); return 0;}static void __exit cleanup_main(void){ nf_unregister_hook(&nfin);}module_init(init_main);module_exit(cleanup_main);
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)