intnf_register(void){interr;if((err =nf_register_hooks(nf_inet_hooks, ARRAY_SIZE(nf_inet_hooks))) { printk(KERN_ERR"%s: netfilter hook registration failed (error %d)\n", THIS_MODULE->name, err);return-1; }return0; } 开发者ID:yvesjunior,项目名称:ovs-tracing,代码行数:11,代码来源:...
.pf = NFPROTO_IPV4, .hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init test_info_init(void) { int err; err = nf_register_hooks(ipv4_conn_dst_info, ARRAY_SIZE(ipv4_conn_dst_info)); if (err) { return err; } return err; } stat...
1structnf_hook_ops2{3structlist_head list;//链表成员4/*User fills in from here down.*/5nf_hookfn *hook;//钩子函数指针6structmodule *owner;7intpf;//协议簇,对于ipv4而言,是PF_INET8inthooknum;//hook类型9/*Hooks are ordered in ascending priority.*/10intpriority;//优先级11}; 成员list...
.hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init test_info_init(void) { int err; err = nf_register_hooks(ipv4_conn_dst_info, ARRAY_SIZE(ipv4_conn_dst_info)); if (err) { return err; } return err; } static void __exit test_i...
We read every piece of feedback, and take your input very seriously. Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Cancel Create saved search Sign in Sign up Reseting focus {...
.hooknum = NF_INET_PRE_ROUTING, .priority = NF_IP_PRI_CONNTRACK + 1, }, }; static int __init cache_dst_and_sock_demo_init(void) { int ret; ret = nf_register_hooks(ipv4_conn_cache_ops, ARRAY_SIZE(ipv4_conn_cache_ops)); ...
就是检查在nf_hooks链表数组中是否挂接了过滤hooks点,是则进行检查,否则执行正常函数okfn。 2.2 带桥代码时的宏定义 以下是2.6.17.11内核中的定义: #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, INT_MIN) ...
418 if (ret < 0) 419 gotocleanup_hooks; 420 #endif 421 return ret; 函数先是注册socketopt,然后再注册协议,分别注册了tcp udp icmp ipv4这么PF_INET协议簇的协议类型。然后,便是注册了netfilter钩子。 1.协议注册 :/net/netfilter/nf_conntrack_proto.c#nf_conntrack_l4proto_register ...
注意: netfilter 所有的钩子(hooks)都是在内核协议栈的 IP 层,由于 IPv4 和 IPv6 用的是不同的 IP 层代码,所以 iptables 配置的 rules 只会影响 IPv4 的数据包,而 IPv6 相关的配置需要使用 ip6tables。 表2:Netfilter返回码 返回码 含义 NF_DROP 丢弃数据包 ...
相比于2.4版本,2.6版内核在该宏的定义上显得更加灵活一些,定义如下: #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \...在include/linux/socket.h中IP协议AF_INET(PF_INET)的序号为2,因此我们就可以得到TCP/IP协议族的钩子函数挂载点为: PRE_ROUTING: nf_hooks...小节:整个Linux内核中Netfilter...