typedef unsigned int nf_hookfn(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn) (struct sk_buff *));
/* 處理函數返回值 */
#define NF_DROP 0 /* drop the packet, don't continue traversal */
#define NF_ACCEPT 1 /* continue traversal as normal */
#define NF_STOLEN 2 /* I've taken over the packet, don't continue traversal */
#define NF_QUEUE 3 /* queue the packet (usually for userspace handling) */
#define NF_REPEAT 4 /* call this hook again */
#define NF_STOP 5
#define NF_MAX_VERDICT NF_STOP
在使用Netfilter時,需要定義一個nf_hook_ops實例。
struct nf_hook_ops {
struct list_head list;
/* User fills in from here down. */
nf_hookfn *hook; /* 要註冊的鉤子函數 */
struct module *owner;
u_int8_t pf; /* 協議類型 */
unsigned int hooknum; /* 哪個釣魚臺 */
/* Hooks are ordered in asending priority. */
int priority; /* 數值越小,優先級越高 */
};
typedef __u8 u_int8_t;