can't send packet

snakeholder · 04-27-2012, 04:55 AM

friends I'm using this

Code:

#include <linux/module.h> 
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
 
 
#include <linux/skbuff.h>
#include <linux/inet.h>
#include <linux/ip.h>
#include <net/ip.h>
#include <linux/tcp.h>
#include <linux/icmp.h>
#include <asm/uaccess.h>
 

 
MODULE_LICENSE ("GPL v2");
MODULE_AUTHOR ("ill");
MODULE_DESCRIPTION ("Firewall");
 
struct nf_hook_ops nf_incoming;
struct nf_hook_ops nf_outgoing;
struct sk_buff *skbf;
struct sk_buff *mskbf;
struct sk_buff_head *mlist;

struct tcphdr *th;
struct icmphdr *icmph;
struct iphdr *iph;
/*struct ipad;*/
int i=1; 
unsigned int hook_in (unsigned int hooknum, 
            struct sk_buff **skb,
            const struct net_device *in, 
            const struct net_device *out,
            int (*okfn)(struct sk_buff*))
            


{

skbf=*skb;
mskbf=kmalloc(skbf->truesize,GFP_ATOMIC);
mskbf=skb_copy(skbf,GFP_ATOMIC);
printk("addrpoint in=%d ICMP_inm%d Packet_len=%d ADDR=%x Buf_size=%u\n",skbf->pkt_type,mskbf->pkt_type,mskbf->len,mskbf->nh.iph->saddr,mskbf->truesize);
 
return NF_DROP;
}

unsigned int hook_out (unsigned int hooknum, 
            struct sk_buff **skb,
            const struct net_device *in,
            const struct net_device *out,
            int (*okfn)(struct sk_buff*))
{
    
    skbf=*skb;
     
if (skbf->protocol != htons(ETH_P_IP))
        return NF_ACCEPT;

    if (skbf->nh.iph->protocol != IPPROTO_TCP
	&&  skbf->nh.iph->protocol != IPPROTO_ICMP 
        && skbf->nh.iph->protocol != IPPROTO_UDP)
	return NF_DROP;
 
    if (skbf->nh.iph->protocol==IPPROTO_ICMP)
    {
	printk("ICMP_out Packet_len=%d ADDR=%x Buf_size=%u\n",skbf->len,skbf->nh.iph->saddr,skbf->truesize);

        skbf->h.icmph=(struct icmphdr *)(skbf->data+(skbf->nh.iph->ihl*4));

	if (skbf->h.icmph->type==ICMP_ECHOREPLY && skbf->h.icmph->code==0)
    	    return NF_ACCEPT;

        if (skbf->h.icmph->type==ICMP_DEST_UNREACH)
	    return NF_ACCEPT;

        if (skbf->h.icmph->type==ICMP_ECHO && skbf->h.icmph->code==0)
	    return NF_ACCEPT;
    
	return NF_DROP;
    }

return NF_ACCEPT;
    
}    
    
    
int init_module(void)
{
 
    nf_incoming.hook     = hook_in;
    nf_incoming.pf       = PF_INET;
    nf_incoming.hooknum  = NF_IP_PRE_ROUTING;
    nf_incoming.priority = NF_IP_PRI_FIRST;
 
    nf_outgoing.hook     = hook_out;
    nf_outgoing.pf       = PF_INET;
    nf_outgoing.hooknum  = NF_IP_POST_ROUTING;
    nf_outgoing.priority = NF_IP_PRI_FIRST;


    nf_register_hook(&nf_incoming);
    nf_register_hook(&nf_outgoing);

    printk ("FireWall loaded\n");
    
    return 0;
}
 
void cleanup_module(void)
{
nf_unregister_hook(&nf_incoming);
nf_unregister_hook(&nf_outgoing);

printk ("FireWall unload\n");
}

and I need to seend my packet mskbf instead of skbf.
but I can't find how!!
pls help!