linux 内核网络钩子类型-静飞lv-ChinaUnix博客

内核收到包后（netif_receive_skb），

|—— 检测嗅探器，把包的副本给每个嗅探器

判断该包是否属于网桥-->handle_bridge --> br_handle_frame 钩子：

netfilet_bridge.h 中定义

/* Bridge Hooks */

/* After promisc drops, checksum checks. */

#define NF_BR_PRE_ROUTING 0

/* If the packet is destined for this box. */

#define NF_BR_LOCAL_IN 1

/* If the packet is destined for another interface. */

#define NF_BR_FORWARD 2

/* Packets coming from a local process. */

#define NF_BR_LOCAL_OUT 3

/* Packets about to hit the wire. */

#define NF_BR_POST_ROUTING 4

/* Not really a hook, but used for the ebtables broute table */

#define NF_BR_BROUTING 5

#define NF_BR_NUMHOOKS 6

钩子协议类型（pf）： NFPROTO_BRIDGE netfilet.h中定义
或者 AF_BRIDGE socket.h(include/linux) 中定义两者值相等

判断该包类型（根据以太网头判断包协议类型）

若是ARP包，若是arp包，进入arp处理 arp_rcv 钩子：

netfilet_arp.h 中定义

/* ARP Hooks */

#define NF_ARP_IN 0

#define NF_ARP_OUT 1

#define NF_ARP_FORWARD 2

#define NF_ARP_NUMHOOKS 3

钩子协议类型（pf）：NFPROTO_ARP netfilet.h中定义

若是IPv4包，进如三层处理， ip_rcv处理钩子：

netfilet_ipv4.h中定义

/* IP Hooks */

/* After promisc drops, checksum checks. */

#define NF_IP_PRE_ROUTING 0

/* If the packet is destined for this box. */

#define NF_IP_LOCAL_IN 1

/* If the packet is destined for another interface. */

#define NF_IP_FORWARD 2

/* Packets coming from a local process. */

#define NF_IP_LOCAL_OUT 3

/* Packets about to hit the wire. */

#define NF_IP_POST_ROUTING 4

#define NF_IP_NUMHOOKS 5

钩子协议类型(pf) : NFPROTO_IPV4 netfilet.h中定义

或者 AF_INET socket.h(include/linux) 中定义两者值相等

若是ipv6包，ip6_rcv处理钩子：

netfilet_ip6.h中定义

/* IP6 Hooks */

/* After promisc drops, checksum checks. */

#define NF_IP6_PRE_ROUTING 0

/* If the packet is destined for this box. */

#define NF_IP6_LOCAL_IN 1

/* If the packet is destined for another interface. */

#define NF_IP6_FORWARD 2

/* Packets coming from a local process. */

#define NF_IP6_LOCAL_OUT 3

/* Packets about to hit the wire. */

#define NF_IP6_POST_ROUTING 4

#define NF_IP6_NUMHOOKS 5

钩子协议类型(pf) : NFPROTO_IPV6 netfilet.h中定义

或者 AF_INET6 socket.h(include/linux) 中定义两者值相等

钩子号称或者用如下名称：

在netfilter.h中定义

enum nf_inet_hooks {

NF_INET_PRE_ROUTING,

NF_INET_LOCAL_IN,

NF_INET_FORWARD,

NF_INET_LOCAL_OUT,

NF_INET_POST_ROUTING,

NF_INET_NUMHOOKS

};

该值与IPV4和IPV6的钩子号相等（IPV4和IPV6的钩子号相等，但钩子协议号不同）

end

struct packet_type 是注册每个协议的处理函数（arp、ip等）

Linux用一个二维数组来管理钩子，数组每个元素是该钩子的表头，二维数组的行号表示协议类型，列号表是钩子号。

见内核钩子定义：struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly;

内核将每一个钩子函数按优先级注册到该钩子列表中，见内核注册钩子函数：

int nf_register_hook(struct nf_hook_ops *reg)

{

struct nf_hook_ops *elem;

int err;

err = mutex_lock_interruptible(&nf_hook_mutex);

if (err < 0)

return err;

list_for_each_entry(elem, &nf_hooks[reg->pf][reg->hooknum], list) {

if (reg->priority < elem->priority)

break;

}

list_add_rcu(®->list, elem->list.prev);

mutex_unlock(&nf_hook_mutex);

return 0;

}