- 论坛徽章:
- 0
|
#include linux/init.h>
#include linux/kernel.h>
#include linux/module.h>
#include linux/skbuff.h>
#include linux/netdevice.h>
#include linux/ip.h>
#include linux/tcp.h>
#include linux/udp.h>
#include linux/netfilter_ipv4.h>
#include linux/netfilter.h>
MODULE_LICENSE("lxg BSD/GPL");
static unsigned int
example(unsigned int hooknum,struct sk_buff **skb,const struct net_device *in,const struct net_device *out,int (*okfn)(struct sk_buff*))
{
struct iphdr *iph;
struct tcphdr *tcph;
struct udphdr *udph;
__u32 sip;
__u32 dip;
__u16 sport;
__u16 dport;
iph=(*skb)->nh.iph;
sip=iph->saddr;
dip=iph->daddr;
printk(KERN_EMERG"%d.%d.%d.%d to %d.%d.%d.%d land\n",NIPQUAD(sip),NIPQUAD(dip));
return NF_DROP;
}
static struct nf_hook_ops iplimitfilter={
.hook =example,
.owner=THIS_MODULE,
.pf= PF_INET,
.hooknum=NF_IP_LOCAL_IN,
.priority=NF_IP_PRI_FILTER-1,};
static void test_init(void)
{
nf_register_hook(&iplimitfilter);
}
static void test_exit(void)
{
nf_unregister_hook(&iplimitfilter);
}
module_init(test_init);
module_exit(test_exit);
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/74326/showart_1798425.html |
|
免费注册
发表于 2009-01-15 16:08