#include #include #include #include #include #include #include MODULE_LICENSE("GPL"); /* A "hook" is attached to the network interface * There are commonly used to implement a firewall or other routing logic */ struct nf_hook_ops demo_hook; #define BUFLEN 128 // We should probably find the maximum length of a process name static void send_signal(int sig_num, struct task_struct* task){ int ret; struct kernel_siginfo info; memset(&info, 0, sizeof(struct kernel_siginfo)); info.si_signo = sig_num; info.si_code = 0; info.si_int = 1234; ret = send_sig_info(sig_num, &info, task); if (ret < 0) { printk("error sending signal\n"); } } void stop_specified_process(const char *process_to_stop){ struct task_struct* task_iterator; for_each_process(task_iterator) { if(strstr(task_iterator->comm, process_to_stop)) { printk("Found process %s (%d)\n", task_iterator->comm, task_iterator->pid); send_signal(9, task_iterator); } } } /* This is the function that will be called when our hook is triggered */ unsigned int hook_function(void *priv, struct sk_buff *skb, const struct nf_hook_state *state){ struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb); if(ip_header->saddr == 0xc216764a) { // Do we have the right endianness? printk("IP address: %pI4 (0x%x)\n", &(ip_header->saddr), ip_header->saddr); // Next, close the browser stop_specified_process("firefox"); return 0; } return NF_ACCEPT; } int __init netmon_init(void) { // The nf_nook_ops structure will store information used for nf_register_net_hook demo_hook.hook = hook_function; // Function our hook will run demo_hook.hooknum = NF_INET_LOCAL_IN; // Look at incoming trafic demo_hook.pf = AF_INET; // AF_INET is IPv4. AF_INET6 is IPv6 nf_register_net_hook(&init_net, &demo_hook); // init_net is defined in a header file return 0; } void __exit netmon_cleanup(void) { // If you don't unregister the hook, the OS will crash when the module is removed nf_unregister_net_hook(&init_net, &demo_hook); } module_init(netmon_init); module_exit(netmon_cleanup);