Deuxieme exercice

filtre.c

#include <linux/module.h>   //these are for every module
#include <linux/kernel.h>

#include <linux/types.h>        //u_int && co
#include <linux/skbuff.h>       //struct sk_buff
#include <linux/in.h>           //basic internet shiat
#include <linux/ip.h>           //protocol headers
#include <linux/tcp.h>
#include <linux/netfilter.h>        //need this for register_
#include <linux/netfilter_ipv4.h>   //..
#include <linux/netdevice.h>        //struct net_device

static struct nf_hook_ops my_netfilter_ops;

unsigned int my_hook(unsigned int hooknum, struct sk_buff  *skb, const struct net_device *in, 
                        const struct net_device *out, int (*okfn)(struct sk_buff*)) { 

        struct iphdr _iph, *ih;
        ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);

        if (ih == NULL) {
                return NF_DROP;
        }

        if (ih->protocol == IPPROTO_TCP) {
                struct tcphdr _tcph, *th;
                th = skb_header_pointer(skb, ih->ihl * 4,
                                        sizeof(_tcph), &_tcph);
                if (th == NULL) {
                        return NF_DROP;
                }

                printk("SPT=%u DPT=%u \n", ntohs(th->source), ntohs(th->dest));
        }

        return NF_DROP; /* Drop ALL Packets */ 
}
static int __init init(void) { 
        my_netfilter_ops.hook = my_hook; 
        my_netfilter_ops.pf = PF_INET; 
        my_netfilter_ops.hooknum = NF_INET_PRE_ROUTING; 
        my_netfilter_ops.priority = NF_IP_PRI_FIRST;
        return nf_register_hook(&my_netfilter_ops); 
}
static void __exit fini(void) { 
        nf_unregister_hook(&my_netfilter_ops); 
} 
module_init(init); 
module_exit(fini);