problem with netfilter hook function struct skbuff *sock is null..

UNIX for Advanced & Expert Users
1

iam trying to built a firewall.so i have used netfilter for it.
in function main_hook sock_buff is returning null and in my log file continuously "sock buff null" is printed plse help to solve this problem..
(using print_string iam printing strings on current terminal (terminal we ping))

#include <linux/ip.h>  
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netdevice.h>
#include <linux/init.h>
#include <linux/sched.h>	
#include <linux/tty.h>		
#include <linux/version.h> 
#include<linux/inet.h> 
#include<linux/skbuff.h>
#include <linux/in.h>
# define NF_IP_PRE_ROUTING 0  
static struct nf_hook_ops netfilter_ops_in; 
struct sk_buff *sock_buff;
struct iphdr *ipptr;
static void print_string(char *str)
{
	struct tty_struct *my_tty;
        my_tty = current->signal->tty;

	if (my_tty != NULL) {

		
		((my_tty->driver)->ops->write) (my_tty,str,strlen(str));	

		((my_tty->driver)->ops->write) (my_tty, "\015\012", 2);

	}
}
unsigned int main_hook(unsigned int hooknum,  
                  struct sk_buff **skb,
                  const struct net_device *in,
                  const struct net_device *out,
                  int (*okfn)(struct sk_buff*))
{
    sock_buff = *skb;
    if(!sock_buff){ printk("sock buff null\n"); return NF_ACCEPT; }
    printk(KERN_ALERT "sockbuff is not zero\n");
    ipptr=(struct iphdr *)skb_network_header(sock_buff);                   
    if(!(ipptr))
    { 
            printk(KERN_ALERT "ipptr is ZERO\n"); 
            return NF_ACCEPT; 
    }   
    if(ipptr->saddr == in_aton("10.10.30.1"))
    { 
         print_string("packet dropped(10.10.30.1)\n");             
         return NF_DROP; 
    }     
    return NF_ACCEPT;
}
int init_module()
{
        netfilter_ops_in.hook                   =       (nf_hookfn *)main_hook;
        netfilter_ops_in.pf                     =       PF_INET;
        netfilter_ops_in.hooknum                =       NF_IP_PRE_ROUTING;
        netfilter_ops_in.priority               =       NF_IP_PRI_FIRST;
        nf_register_hook(&netfilter_ops_in); 
        printk("firewall Setuped\n");
return 0;
}
void cleanup()
{
nf_unregister_hook(&netfilter_ops_in); /*unregister NF_IP_PRE_ROUTING hook*/

}
2

@pavan6754

Hi,

the parameters vary a mong the linux versions:

with the linux versions >= 2,6,20 , the declaration of hook function must be : hookf(......., struct sk_buff *skb) , that means ONLY one asterisk.

BR

Mans