I have written a kernel module to modify all the IP messages which will be sent out of `pppoe-wan' . This is my code:
#include .......
static struct nf_hook_ops nfho;
unsigned int hook_funcion(void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
{
if(state->out->name=="pppoe-wan")
{
// do something here
}
return NF_ACCEPT;
}
static int __init hook_init(void)
{
nfho.hook = hook_funcion;
nfho.pf = NFPROTO_IPV4;
nfho.hooknum = NF_INET_POST_ROUTING;
nfho.priority = NF_IP_PRI_MANGLE;
nf_register_hook(&nfho);
printk("xmu-router-patcher start\n");
return 0;
}
static void __exit hook_exit(void)
{
nf_unregister_hook(&nfho);
printk("xmu-router-patcher stop\n");
}
module_init(hook_init);
module_exit(hook_exit);
It works quite well.
Then, I found there is a member dev in nf_hook_ops struct, so I set nfho.dev with dev_get_by_name(&init_net, "pppoe-wan") before registing the hook. But my hook_function would still be called by IP message about other interfaces. Here is my code:
#include .......
static struct nf_hook_ops nfho;
unsigned int hook_funcion(void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
{
printk("hooking message from %s to %s\n", state -> in -> name, state -> out -> name);
if(state->out->name=="pppoe-wan")
{
// do something here
}
return NF_ACCEPT;
}
static int __init hook_init(void)
{
nfho.hook = hook_funcion;
nfho.pf = NFPROTO_IPV4;
nfho.hooknum = NF_INET_POST_ROUTING;
nfho.priority = NF_IP_PRI_MANGLE;
nfho.dev= dev_get_by_name(&init_net, "pppoe-wan");
if(nfho.dev == 0)
{
printk("pppoe-wan no found!\n");
return 0;
}
printk("found %s\n", nfho.dev -> name);
nf_register_hook(&nfho);
printk("xmu-router-patcher start\n");
return 0;
}
static void __exit hook_exit(void)
{
nf_unregister_hook(&nfho);
printk("xmu-router-patcher stop\n");
}
module_init(hook_init);
module_exit(hook_exit);
From kernel log, I knew that nfho.dev' had been set the correct value, but myhook_functionwould still be called by IP message about other interfaces, such as ones fromnonetolan, or fromnonetolo`.