JustForFun/kernel_module_learn
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add example to filter packet

Browse source
This commit is contained in:
Florian RICHER 2025-02-10 13:36:34 +01:00
parent 0f91d01776
commit 41839adab9
2 changed files with 52 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
04_packet_filter/Makefile Normal file
View file

@ -0,0 +1,7 @@
obj-m += test_module.o
all:
make -C $(LINUX_MODULES_FOLDER)/build M=$(PWD) modules
clean:
make -C $(LINUX_MODULES_FOLDER)/build M=$(PWD) clean

45
04_packet_filter/test_module.c Normal file
View file

@ -0,0 +1,45 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/tcp.h>
#include <linux/ip.h>
static struct nf_hook_ops nfho;
unsigned int hook_func(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) {
const struct iphdr *iph = ip_hdr(skb);
const struct tcphdr *tcph = tcp_hdr(skb);
// Filtrer les paquets TCP avec un port source spécifique
if (iph->protocol == IPPROTO_TCP && tcph->source == htons(8080)) {
pr_info("Paquets filtrés: TCP source port 8080\n");
return NF_DROP;
}
return NF_ACCEPT;
}
static int __init packet_filter_init(void) {
nfho.hook = hook_func;
nfho.hooknum = NF_INET_PRE_ROUTING;
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_net_hook(&init_net, &nfho);
pr_info("Module de filtrage de paquets chargé.\n");
return 0;
}
static void __exit packet_filter_exit(void) {
nf_unregister_net_hook(&init_net, &nfho);
pr_info("Module de filtrage de paquets déchargé.\n");
}
module_init(packet_filter_init);
module_exit(packet_filter_exit);
MODULE_LICENSE("MIT License");
MODULE_AUTHOR("Florian RICHER");
MODULE_DESCRIPTION("Un module noyau pour filtrer les paquets réseau");
MODULE_VERSION("1.0");