- 论坛徽章:
- 0
|
static unsigned int test(unsigned int hooknum,struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,int (*okfn)(struct sk_buff *))
{
struct sk_buff *newskb = *skb;
struct iphdr *iph = NULL;
//code A start
if( eth_hdr(newskb)->h_proto != htons(ETH_P_IP))
{
//printk("not eth_i_ip!!\n");
return NF_ACCEPT;
}
if(newskb->len < sizeof(struct iphdr)) {
//printk("iph length is too short!!\n");
return NF_ACCEPT;
}
iph = ip_hdr(newskb);
if(iph == NULL) {
//printk("iph is null!\n");
return NF_ACCEPT;
}
//code A end
//code B start
//spin_lock_irqsave(&my_lock, myflags);
//spin_unlock_irqrestore(&my_lock, myflags);
spin_lock(&my_lock);
spin_unlock(&my_lock);
//code B end
return NF_ACCEPT;
}
//static struct nf_hook_ops iplimitfilter = { {NULL,NULL} ,sample,NULL,PF_INET,NF_IP_LOCAL_IN,132};
static struct nf_hook_ops filter_hook = { {NULL,NULL} ,test,NULL,PF_INET,1,132};
|
在FC10,内核2.6.27.5中编译这个hook模块有两个问题:
1)NF_IP_LOCAL_IN不认,只好改为/netfilter_ipv4.h中的常量1
2)上面中的code A和B如果同时在,内核就会荡掉。注释掉其中一段后没有问题。 |
|
免费注册
发表于 2009-03-30 09:57