如何在内核模块中捕获网络帧

实际上，Netfilter应该可以正常工作，因为它接收了整个数据包（内部存储为sk_buff，其中包含链接层信息）。以下是一些示例代码，可以帮助您入门。此代码拦截给定设备的所有传入数据包，并打印src
MAC和src IP。

static struct nf_hook_ops nfin;static unsigned int hook_func_in(unsigned int hooknum, struct sk_buff *skb,      const struct net_device *in,      const struct net_device *out,      int (*okfn)(struct sk_buff *)){    struct ethhdr *eth;    struct iphdr *ip_header;        if (in is not the correct device)          return NF_ACCEPT;    eth = (struct ethhdr*)skb_mac_header(skb);    ip_header = (struct iphdr *)skb_network_header(skb);    printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest);    printk("src IP addr:=%d.%d.%d.%d:%dn", NIPQUAD(ip_headr->saddr));    return NF_ACCEPT;}static int __init init_main(void){    nfin.hook     = hook_func_in;    nfin.hooknum  = NF_IP_LOCAL_IN;    nfin.pf       = PF_INET;    nfin.priority = NF_IP_PRI_FIRST;    nf_register_hook(&nfin);    return 0;}static void __exit cleanup_main(void){    nf_unregister_hook(&nfin);}module_init(init_main);module_exit(cleanup_main);