RE:Re: netfilter programming

* RE:Re: netfilter programming
@ 2004-03-29 13:08 Jorge Garcia
  2004-03-29 16:08 ` Henrik Nordstrom
  0 siblings, 1 reply; 2+ messages in thread
From: Jorge Garcia @ 2004-03-29 13:08 UTC (permalink / raw)
  To: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 3754 bytes --]

hi, and thanx for answer me, im sorry if i didnt explain well on my last post.
for educational and intelectual satisfaction i want to make a module that do this:
iptables -A INPUT -i eth0 -s 192.168.100.7 -p tcp --dport 23 -j DROP
So i search the internet and i find very little stuff about this but i make the following code :

#define __KERNEL__

#define MODULE

#include <linux/ip.h>			

#include <linux/kernel.h>		

#include <linux/module.h>		

#include <linux/netdevice.h>		

#include <linux/netfilter.h>		

#include <linux/netfilter_ipv4.h>	

#include <linux/skbuff.h>		

#include <linux/tcp.h>			/* Para la cabecera TCP */

static struct nf_hook_ops nfho;		/* Registramos la funcion */

static unsigned char *direccion_ip = "xC0xA8x64x07";  	/* 192.168.100.7en Network Byte Order */

static char *interface = "eth0"; 							/* Interface eth0 */

unsigned char *puerto = "x00x17";				                /* Puerto 23 (Telnet) */

struct sk_buff *sock_buff;								/* Socket Kernel Buffer */

struct tcphdr *cabecera_tcp;	                                                /* Cabecera TCP */

/* La funcion */

unsigned int hook_func(unsigned int hooknum,
                        struct sk_buff **skb,
                        const struct net_device *in,
                        const struct net_device *out,
                        int (*okfn)(struct sk_buff *))
{

	if(strcmp(in->name,interface) == 0){          /*  Filtrado por interface */
            return NF_DROP; 
        }                                                                   

	sock_buff = *skb;

	if(!sock_buff){
           return NF_ACCEPT;			/* Chequea un paquete IP valido */
        }

	if(!(sock_buff->nh.iph)){ 
            return NF_ACCEPT; 
        }			

	/* Descarta paquetes si vienen de la direccion 192.168.100.7 */ 	

	if(sock_buff->nh.iph->saddr == *(unsigned int*)direccion_ip){
            return NF_DROP; 
        }

	if(sock_buff->nh.iph->protocol != 17){	/* Nos aseguramos de que el paquete sea tcp */
           return NF_ACCEPT; 
        }  	

	cabecera_tcp = (struct tcphdr *)(sock_buff->data   (sock_buff->nh.iph->ihl *4));	/* Descartamos por puerto */

	if((cabecera_tcp->dest) == *(unsigned short*)puerto){
            return NF_DROP; 
        }  

return NF_ACCEPT;			/* Si todo lo anterior falla, se acepta el paquete */

}  

/* Rutina de inicializacion */
int init_module()
{
    /* LLenamos la estructura de la funcion  gancho */
    nfho.hook     = hook_func;         /* Manejador de funcion*/
    nfho.hooknum  = NF_IP_PRE_ROUTING; /* Primer gancho para  IPv4 */
    nfho.pf       = PF_INET; /* famila */
    nfho.priority = NF_IP_PRI_FIRST;   /* Hacer nuestra funcion primera */

    nf_register_hook(&nfho);

    return 0;
}

/* Rutina de limpieza */
void cleanup_module()
{
    nf_unregister_hook(&nfho);
}

Comments are in spanish becouse i speak that lenguaje :)
The problemas are the followings:
I dont understand how it drops from source port, i only copy and paste from a code i found in the net, please explain me something about how to programming that part.
The other problem is that this module is this:
This code showld drop incomming connections to port 23 from 192.168.1007, but its drop connections to port 23 from all the addresses in the local network, like 192.168.100.12
The code must have an error and please if anyone can find me please tell me as soon as u can.
I hope this clar the situation of what i want and if anyone have a question please ask me .
Excuse my english and please understand me :)
FrediX

http://www.latinmail.com - La forma más cómoda de enviar y recibir tus e-mails

^ permalink raw reply	[flat|nested] 2+ messages in thread