Problem with netfilter in a kernel module

Discussion in 'Linux Networking' started by Aashay Shringarpure, Mar 1, 2009.

  1. Hi,
    i was trying to write a simple kernel module which would filter data
    based on the tcp destination port. From, what I know, the netfilter
    architecture was changed sometime between 2.4 and 2.6 and I'm getting
    a lot of conflicting HOWTOs on the net.

    Here is the code for my handler function:

    unsigned int hook_func(unsigned int hooknum,
    struct sk_buff* skb, // should this be
    sk_buf** skb ?
    const struct net_device *indev,
    const struct net_device *outdev,
    int (*okfn)(struct sk_buff *)) {

    if(!skb) {
    return NF_ACCEPT;
    return drop_by_port(skb,2000);

    In drop_by_port, I am getting the same address when I try to extract
    the transport header using skb_transport_header and the network header
    using skb_network_header which points me to believe that something is
    wrong with the packet I am getting.

    Also, If I change the sk_buf* to sk_buf**, I get *skb (which I pass to
    skb_transport_header) to be a Null pointer which crashes the entire

    Thanks for any help

    Aashay Shringarpure, Mar 1, 2009
    1. Advertisements

  2. I solved it. I just add the IP header length to its start to get the
    transport header's start.
    Aashay Shringarpure, Mar 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.