Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Problem with Netfilter

Reply
Thread Tools Display Modes

Problem with Netfilter

 
 
Prafulla T
Guest
Posts: n/a

 
      12-30-2006, 03:42 AM
Hello to Evreryone.
I am trying to make Linux Kernel Module which will work
as firewall.
It is bases on one Linux Journel Article that I found about Simple
Firewalls.
I am using netfilter to get the packets.
I have written code which I have attached below.
Then I wrote simple client server code using Java.
Server runs on Localhost Port-12000
Client(which is also on Localhost) makes connection to Server & sends
one string & terminates.
Now,This java program works even When i have inserted This module into
kernel.
It's not blocking Client from making TCP Connection at Port-12000
What's getting wrong?
Help me!!


<<Code Start>>

/*

gcc -c -DMODULE -D__KERNEL__ -o net.o pfilter.c -isystem
/lib/modules/2.4.20-8/build/include
*/

#include <linux/kernel.h>
#include <linux/module.h>

/*For Network Code*/
#include <linux/net.h>
#include <net/sock.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /*IP Header Defination*/
#include <linux/tcp.h>

#include <asm/uaccess.h>

/*For kmalloc and related stuff*/
#include <linux/slab.h>

MODULE_AUTHOR("Prafulla Tekawade((E-Mail Removed))");
MODULE_DESCRIPTION("Playing with NetFilters");
MODULE_LICENSE("GPL");

static struct nf_hook_ops netfilter_ops;
struct sk_buff *sock_buff;
struct udphdr *udp_header;
struct tcphdr *tcp_header;
unsigned int main_hook(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
sock_buff = *skb;
if(!sock_buff)
{
printk("Could not get SKB ????");
return NF_ACCEPT;
}
if(!(sock_buff->nh.iph))
{
printk("Not an IP,Leave it");
return NF_ACCEPT;
}

if(sock_buff->nh.iph->protocol == 6 )
{
tcp_header = (struct tcphdr *)(sock_buff->data +
(sock_buff->nh.iph->ihl *4));
if(tcp_header->source==12000)
{
printk(">>TCP Packet Received");
printk(">>Source Port=%d,Dest
Port=%d\n",tcp_header->source,tcp_header->dest);
return NF_DROP;
}
}
return NF_ACCEPT;
}
int init_module()
{
printk("Module Inserted,Now registering Hook<<<<<<New>>>>>>>>>1\n");
netfilter_ops.hook = main_hook;
netfilter_ops.pf = PF_INET;
netfilter_ops.hooknum = NF_IP_PRE_ROUTING;
netfilter_ops.priority = NF_IP_PRI_FIRST;
nf_register_hook(&netfilter_ops);
return 0;
}
void cleanup_module()
{
printk("\nModule Removed");
nf_unregister_hook(&netfilter_ops);
}

<<Code End>>
 
Reply With Quote
 
 
 
Reply

« disabling sockets for running processes | Voange WRT54GP2 router to Fedora Core 5 - eth0 won't get IP address and won't start »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with netfilter in a kernel module Aashay Shringarpure Linux Networking 1 03-02-2009 06:58 AM
netfilter & SIP Miss Terre Linux Networking 11 09-30-2007 10:53 AM
Netfilter question g68 Linux Networking 2 10-15-2006 01:31 PM
netfilter libiptc jasonsig Linux Networking 0 05-05-2006 12:07 PM
NetFilter/IPTables Learner Linux Networking 0 01-14-2004 02:23 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11