HOMECOURSESSTUDENTSDONATIONSVIDEOSEVENTSTUTORIALSLINKSNEWSCONTACT


TUTORIALS 》 Linux Kernel Module to Drop Packets captured via netfilter hooks

Here is my sample Kernel Module to drop packets (i.e sk_buff instance) captured via netfilter hooks. When you want to drop packets in your custom netfilter hooks make sure you never do a manual kfree_skb(skb) API call. Since it is anyway performed once the flow of the code moves out of your kernel module netfilter hook. All you need to do is to return NF_DROP to drop gracefully the desired packet. Here is my detailed video and a sample Linux Kernel module.

Download this episode my entire kernel module sample code, make file, clean script HERE. And here is the source code for a quick reference.

New Update: 01-Jan-2019:
WARNING:

If you are using recent kernels such as 4.17.x or 4.18.x and so on, the above code may fail to compile. Since they replaced the nf_register_hook() and nf_unregister_hook() APIs with nf_register_net_hook() and nf_unregister_net_hook(). So in that case replace these lines with the new corresponding constructs as shown:

//nf_register_hook(&nfho_pre_routing); //compatible for old kernels
nf_register_net_hook(&init_net, &nfho_pre_routing); //compatible for new kernels

and ...

//nf_unregister_hook(&nfho_pre_routing); //compatible for old kernels
nf_unregister_net_hook(&init_net, &nfho_pre_routing); //compatible for new kernels

* which is why it is worth to note that the Linux Kernel is always evolving and constantly changing. As a kernel developer you have to be aware of these. And this is what time to time I always emphasize in many videos. Following just books or some examples wont help. You should learn kernel programming from kernel source itself. Kindly watch my video on this topic if you are more curious: 0x17d Linux Kernel Programming | Tracking changes in Kernel Source code


Here is the full code for quick reference:

/* pkt_drop.c
 * Author: Kiran Kankipati
 * Updated: 09-feb-2017
 */
#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/module.h> 
#include <linux/errno.h>
#include <linux/slab.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h>  
#include <linux/udp.h>
#include <linux/ip.h>
#include <linux/in.h>
#include <linux/string.h>
#include <linux/init.h>
#include <linux/net.h>
#include <linux/netdevice.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/inet.h>
#include <linux/inetdevice.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/if_arp.h>
#include <linux/icmp.h>
#include <linux/netlink.h>
#include <linux/mroute.h>
#include <net/checksum.h>
#include <net/inet_ecn.h>
#include <net/xfrm.h>
#include <net/route.h>
#include <net/sock.h>
#include <net/ip.h>
#include <net/tcp.h>
#include <net/arp.h>
#include <net/udp.h>
#include <net/icmp.h>
#include <net/inetpeer.h>
#include <net/protocol.h>
#include <net/flow.h>
#include <asm/types.h>

static struct nf_hook_ops nfho_pre_routing;

unsigned int pre_routing_hook_func(void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
{
	//kfree_skb(skb);  //- dont do this, this will crash your system.
	return NF_DROP; //this will drop the packet
	
	//return NF_ACCEPT; //this will accept the packet
}


static int hello_init(void)
{
	//Packet RX
	nfho_pre_routing.hook = pre_routing_hook_func;
	nfho_pre_routing.hooknum = NF_INET_PRE_ROUTING;
	nfho_pre_routing.pf = PF_INET;
	nfho_pre_routing.priority = NF_IP_PRI_FIRST;
	nf_register_hook(&nfho_pre_routing);

	return 0;
}

static void hello_exit(void) { nf_unregister_hook(&nfho_pre_routing); }

module_init(hello_init);
module_exit(hello_exit);

Also recommend to watch:


Featured Video:



Suggested Topics:


☆ Tutorials :: Arduino UNO Projects ↗


☆ Tutorials :: Network Software Development ↗


☆ Tutorials :: Research and Projects ↗


☆ Tutorials :: Linux (user-space), Systems Architecture ↗


☆ Tutorials :: Linux Kernel Software Development ↗


☆ Tutorials :: Linux Kernel Internals (PDFs) - by Ramin Farajpour ↗


☆ Tutorials :: Software Development (Programming) Tools ↗


☆ Tutorials :: Embedded Projects ↗

Join The Linux Channel :: Facebook Group ↗

Visit The Linux Channel :: on Youtube ↗


💗 Help shape the future: Sponsor/Donate


Recommended Topics:
Featured Video:
Watch on Youtube - [509//0] Linux Kernel Network Programming - struct tcphdr data-structure - episode2 - Sample Example Code ↗

Adding your own Kernel Modules into Linux Kernel Source | Linux Kernel Programming ↗
Thursday' 13-Aug-2020
Whenever you do custom kernel modules, you can optionally make it a part of existing Linux Kernel source. This does not mean you are submitting your kernel module to the mainline kernel source (i.e kernel.org Linux Kernel Foundation). What I meant is, you can make your kernel module(s) part of Linux Kernel source so that when you compile your kernel you can automatically compile your kernel module(s) too. As well when you create/modify kernel .config configuration file (such as via make menuconfig, etc), you can enable or disable your kernel module(s) too.
To do the same you have to register (and include) your custom Kernel Module's Kconfig and Makefile to the existing Kconfig and Makefile of the Linux Kernel source Here is a detailed multi-episode video of mine which gives the overall idea and the big-picture.

Linux Kernel Programming | with or without Kernel Modules | Device Drivers ↗
Thursday' 13-Aug-2020
When learning Linux Kernel programming, often I notice my students and viewers gets confused and they start with learning writing Linux Kernel modules. And so they develop the common misconception about Kernel Programming in general. They assume writing code in Linux Kernel means writing kernel modules. Which is absolutely not. Kernel modules are an optional choice and are part of Linux Kernel. But besides modules, Linux Kernel has lot of other mainstream code. Hence if anyone wants to be a Kernel Developer, you should be aware that sometimes you add new code via modules, sometimes without them. And if you ask me, I am not much in favor of writing Kernel modules. Instead in my code, I try to integrate and make them a part of Linux Kernel so that they all get initialized during boot time. Here is an extensive Youtube video of mine on Linux Kernel Programming, with and without Kernel Modules.

Roadmap - How to become Linux Kernel Developer - Device Drivers Programmer and a Systems Software Expert ↗
Thursday' 13-Aug-2020
Many viewers and even sometimes my students ask me how I can become a kernel programmer or just device driver developer and so on. So I shot this video (and an add-on video) where I summarized steps and a roadmap to become a full-fledged Linux Kernel Developer.

Weekly News Digest - Week 03 - July 2020 ↗
Thursday' 13-Aug-2020
The Linux Channel :: Weekly News Digest - Week 03 - July 2020
> Linux founder tells Intel to stop inventing 'magic instructions' and 'start fixing real problems'
> QNAP launches its first 2.5GbE network switch - QSW-1105-5T
> Japan's ARM-based Fugaku is the world's fastest supercomputer
> FreeBSD Back To Seeing Progress On 802.11ac WiFi Support, Ath10k Driver
> Sparkfun Launches the ZED-F9R GPS Dead Reckoning Raspberry Pi pHAT for Mobile Robots
> ODROID-N2 Plus SBC Gets Amlogic S922X Rev. C Processor Clocked at up to 2.4 GHz
> Rock Pi E SBC Comes with WiFi, Bluetooth, Two Ethernet Ports, and Optional PoE

Linux Software Development and Tools ↗
Thursday' 13-Aug-2020

Compiling a C Compiler with a C Compilter | Compile gcc with gcc ↗
Thursday' 13-Aug-2020
The fundamental aspect of a programming language compiler is to translate code written from language to other. But most commonly compilers will compile code written in high-level human friendly language such as C, C++, Java, etc. to native CPU architecture specific (machine understandable) binary code which is nothing but sequence of CPU instructions. Hence if we see that way we should able to compile gcc Compiler source code with a gcc Compiler binary.

Programming Language Performance and Overheads ↗
Thursday' 13-Aug-2020
A detailed Youtube video series of various programming language performance and overheads - a big picture

PyDelhi + PyData + ILUG-D + Linux Chix meetup mash @ Sarai on 17-Dec-2016 ↗
Thursday' 13-Aug-2020

C Programming Language Basics - Pointers in C ↗
Thursday' 13-Aug-2020

Software Programming Standards (Coding Standards) ↗
Thursday' 13-Aug-2020


Trending Video:
Watch on Youtube - [574//0] 0x1be VLOG & my Workflow | Raspberry Pi - Device Drivers | Virtual Network Device Drivers ↗

Linux Kernel net_device data-structure ↗
Thursday' 13-Aug-2020



Recommended Video:
Watch on Youtube - [541//0] 0x1c5 Learning C Programming ?? - First learn to compile a source code !! ↗