Drop skb or expand outgoing skb
When I grab an outgoing package in the kernel using a kernel module, I use kfree_skb () to remove that package, but it doesn't work and the package reaches its destination. I check & skb-> user is 1.
change_skb (struct sk_buff * skb) gets the original skb and creates a new seperate copy (just copy its payload) and upload the new skb. This works, I can see my new packet from the receiver side, but I cannot get rid of the original so that I can still see the original on the receiver side.
Here is my code:
int my_pkt_handling(struct sk_buff *skb, struct net_device *dev, struct packet_type *pkt, struct net_device *org_dev) {
struct ethhdr *eth = eth_hdr(skb);
struct iphdr *iph = ip_hdr(skb);
unsigned char dst_addr[] = {0x00, 0x16, 0x41, 0xaa, 0xf8, 0xf0};
unsigned char src_addr[] = {0x00, 0x1f, 0xe2, 0x12, 0xb0, 0x34};
switch (skb->pkt_type) {
case PACKET_OUTGOING:
if ( memcmp(eth->h_dest, dst_addr, ETH_ALEN) == 0 && eth->h_proto == htons(ETH_P_IP) ) {
printk(KERN_ALERT"Outgoing| Interface: %4s Type: 0x%4x Src: %pI4 Dest: %pI4 Len: %d SizeOf: %lu User#: %d\n",
skb->dev->name, ntohs(eth->h_proto), &iph->saddr, &iph->daddr, skb->len, sizeof(skb), atomic_read(&skb->users));
change_skb(skb);
kfree_skb(skb);
return 0;
}
break;
default:
break;
}
return 0;
source to share
From your function signature, it appears that you are using the dev_add_pack () API.
dev_add_pack () is not the correct API to remove a package.
If you want to remove a package, you must use nf_register_hook () and return NF_DROP.
Learn more about netfilter in this link: http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-3.html
source to share