-
#include <linux/module.h>
-
#include <linux/kernel.h>
-
#include <linux/init.h>
-
#include <linux/skbuff.h>
-
#include <linux/ip.h>
-
#include <linux/netfilter.h>
-
#include <linux/netfilter_ipv4.h>
-
#include <net/tcp.h>
-
#include <linux/if_ether.h>
-
#include <linux/if_packet.h>
-
#include <linux/inet.h>
-
#include <net/checksum.h>
-
-
MODULE_LICENSE("GPL");
-
MODULE_AUTHOR("dragon");
-
MODULE_DESCRIPTION("test");
-
MODULE_ALIAS("module test netfiler");
-
-
static unsigned int nf_hook_in(unsigned int hooknum,
-
struct sk_buff *sk,
-
const struct net_device *in,
-
const struct net_device *out,
-
int (*okfn)(struct sk_buff *))
-
{
-
__be32 saddr, daddr;
-
struct sk_buff *sb = sk;
-
struct tcphdr *tcph = NULL;
-
struct ucphdr *udph = NULL;
-
-
struct iphdr *iph = ip_hdr(sk);
-
unsigned int src_ip = iph->saddr;
-
-
saddr = in_aton("192.168.1.101");
-
daddr = in_aton("192.168.2.101");
-
-
if(saddr == iph->saddr && daddr == iph->daddr){
-
printk("input src:%d.%d.%d.%d dst:%d.%d.%d.%d \n",
-
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
-
-
daddr = in_aton("192.168.1.100");
-
iph->daddr = daddr;
-
iph->check = ip_fast_csum((unsigned char*)iph, iph->ihl);
-
-
printk("input changed src:%d.%d.%d.%d dst:%d.%d.%d.%d \n",
-
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
-
}
-
-
//printk("filter local in \n");
-
return NF_ACCEPT;
-
-
}
-
-
static unsigned int nf_hook_out(unsigned int hooknum,
-
struct sk_buff *sk,
-
const struct net_device *in,
-
const struct net_device *out,
-
int (*okfn)(struct sk_buff *))
-
{
-
__be32 saddr, daddr;
-
struct sk_buff *sb = sk;
-
struct tcphdr *tcph = NULL;
-
struct ucphdr *udph = NULL;
-
-
struct iphdr *iph = ip_hdr(sk);
-
unsigned int src_ip = iph->saddr;
-
-
saddr = in_aton("192.168.1.100");
-
daddr = in_aton("192.168.1.101");
-
-
if(saddr == iph->saddr && daddr == iph->daddr){
-
printk("output src:%d.%d.%d.%d dst:%d.%d.%d.%d \n",
-
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
-
-
saddr = in_aton("192.168.2.101");
-
iph->daddr = saddr;
-
iph->check = ip_fast_csum((unsigned char*)iph, iph->ihl);
-
-
printk("input changed src:%d.%d.%d.%d dst:%d.%d.%d.%d \n",
-
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
-
}
-
-
//printk("filter local out \n");
-
return NF_ACCEPT;
-
}
-
-
static struct nf_hook_ops nfin = {
-
.hook = nf_hook_in,
-
.hooknum = NF_INET_PRE_ROUTING,
-
.pf = PF_INET,
-
.priority = NF_IP_PRI_FIRST,
-
};
-
-
static struct nf_hook_ops nfout = {
-
.hook = nf_hook_out,
-
.hooknum = NF_INET_POST_ROUTING,
-
.pf = PF_INET,
-
.priority = NF_IP_PRI_FIRST,
-
};
-
-
-
int __init test_init(void)
-
{
-
nf_register_hook(&nfin);
-
nf_register_hook(&nfout);
-
-
printk("test module init\n");
-
-
return 0;
-
}
-
-
void __exit test_exit(void)
-
{
-
nf_unregister_hook(&nfin);
-
nf_unregister_hook(&nfout);
-
-
printk("test module exit\n");
-
-
return;
-
}
-
-
module_init(test_init);
- module_exit(test_exit);