|
packet filtering !!! need help
/*i have written this code to allow packets from IP 192.168.0.12 only */
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /* For IP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfhook;
/* IP address we want to drop packets from, in NB order */
static unsigned char *allow_ip = "\xco\xa8\x00\x0c"; /*192.168.0.12*/
/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
if (sb->nh.iph->saddr == *(unsigned int*) allow_ip) {
/*here im printing srcaddr and total length just for my reference*/
printk("\n\nIP source address:%d",sb->nh.iph->saddr);
printk("\n\nTotal Length:%d",sb->nh.iph->tot_len);
printk("Allow packet from... %d.%d.%d.%d\n",
*allow_ip, *(allow_ip + 1),
*(allow_ip + 2), *(allow_ip + 3));
return NF_ACCEPT;
} else {
return NF_DROP;
}
}
/* Initialisation routine */
static int allow_init(void)
{
/* Fill in our hook structure */
nfhook.hook = hook_func;
/* Handler function */
nfhook.hooknum = NF_IP_PRE_ROUTING;/*First for IPv4 */
nfhook.pf = PF_INET;
nfhook.priority = NF_IP_PRI_FIRST; /* Make our func first */
nf_register_hook(&nfhook);
return 0;
}
/* Cleanup routine */
static void allow_exit(void)
{
nf_unregister_hook(&nfhook);
}
module_init(allow_init);
module_exit(allow_exit);
i am using SUSE10(kernel 2.6)..when i inserted the module using "INSMOD"..i got message "allow_ip module is not supported by Novell, some tainted message"..
from var/log/messages..
then i done PING 192.168.0.12
but there was no response... at the end it showing 100% packet loss...
is the code ok..or i have to make changes in the code?
plz help me out...
Thanks in advance
|
