Add example to filter packet

2025-02-10 13:36:34 +01:00 · 2025-02-10 13:36:34 +01:00 · 41839adab9
commit 41839adab9
parent 0f91d01776
2 changed files with 52 additions and 0 deletions
--- a/04_packet_filter/Makefile
+++ b/04_packet_filter/Makefile
@ -0,0 +1,7 @@
+obj-m += test_module.o
+
+all:
+	make -C $(LINUX_MODULES_FOLDER)/build M=$(PWD) modules
+
+clean:
+	make -C $(LINUX_MODULES_FOLDER)/build M=$(PWD) clean
--- a/04_packet_filter/test_module.c
+++ b/04_packet_filter/test_module.c
@ -0,0 +1,45 @@
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/tcp.h>
+#include <linux/ip.h>
+
+static struct nf_hook_ops nfho;
+
+unsigned int hook_func(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) {
+    const struct iphdr *iph = ip_hdr(skb);
+    const struct tcphdr *tcph = tcp_hdr(skb);
+
+    // Filtrer les paquets TCP avec un port source spécifique
+    if (iph->protocol == IPPROTO_TCP && tcph->source == htons(8080)) {
+        pr_info("Paquets filtrés: TCP source port 8080\n");
+        return NF_DROP;
+    }
+
+    return NF_ACCEPT;
+}
+
+static int __init packet_filter_init(void) {
+    nfho.hook = hook_func;
+    nfho.hooknum = NF_INET_PRE_ROUTING;
+    nfho.pf = PF_INET;
+    nfho.priority = NF_IP_PRI_FIRST;
+
+    nf_register_net_hook(&init_net, &nfho);
+    pr_info("Module de filtrage de paquets chargé.\n");
+    return 0;
+}
+
+static void __exit packet_filter_exit(void) {
+    nf_unregister_net_hook(&init_net, &nfho);
+    pr_info("Module de filtrage de paquets déchargé.\n");
+}
+
+module_init(packet_filter_init);
+module_exit(packet_filter_exit);
+
+MODULE_LICENSE("MIT License");
+MODULE_AUTHOR("Florian RICHER");
+MODULE_DESCRIPTION("Un module noyau pour filtrer les paquets réseau");
+MODULE_VERSION("1.0");