2

I'm using C to create a custom kernel module to hook into the netfilter operation on my Ubuntu box. However, I'm running into a problem revolving around the module_param argument. When inserting the module, I'm attempting to add a custom field, specifically this will drop ICMP traffic when specified. The code compiles fine using a standard make file but when using insmod to insert it, I get the error 

insmod: ERROR: could not insert module kernel.ko: Invalid parameters

I'm using the command 

insmod kernel.ko dropicmp=1

From what I've read, this should work with the module params argument, but nothing I've tried has fixed this.

Please find my code below.

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/ip.h>
#include <linux/tcp.h>

static struct nf_hook_ops nfho;
struct iphdr *iph;
struct tcphdr *tcp_header;
struct sk_buff *sock_buff;
unsigned int sport, dport;

// command line argument | called using insmod kernel_firewall.ko drop_icmp=1 
static int dropicmp = 1;

module_param(dropicmp, int , 0); // takes in an int from command line | (name, variable, permissions)

unsigned int hook_func(unsigned int hooknum,
                       struct sk_buff **skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *)){

    sock_buff = skb;

    if (!sock_buff) { // if there is no socket buffer, accept
        return NF_ACCEPT;
    }

    iph = (struct iphdr *)skb_network_header(sock_buff); // using the socket buffer, create our ip header structure out of packets in it

    if (!iph) {
        printk(KERN_INFO "no ip header, dropping\n"); // self explanatory
        return NF_DROP;
    }

    if(iph->protocol==IPPROTO_TCP) {
        if(iph->saddr | 0x11000000){ // if the first prefix is in the 192 range | might need to change the if statement up | considering sprintf
            printk(KERN_INFO "192 subnet detected, dropping\n");
            return NF_DROP;
        }
        else{
            return NF_ACCEPT;
        }
    }

    if(iph->protocol==IPPROTO_ICMP) { // if ICMP

        if(dropicmp == 1){
            return NF_DROP; // drop our ICMP traffic if required
        }
        else{
            return NF_ACCEPT;
        }
    }

    return NF_ACCEPT; // default to accept

}

// initialize
static int __init initialize(void) {
    nfho.hook = hook_func;
    nfho.hooknum = NF_INET_POST_ROUTING;
    nfho.pf = PF_INET;
    nfho.priority = NF_IP_PRI_FIRST;
    nf_register_hook(&nfho);
    return 0;
}

// rmmod 
static void __exit teardown(void) {
    nf_unregister_hook(&nfho);
}

module_init(initialize);
module_exit(teardown);
Improve this question
15
  • 2
    The reason for that error is almost always that the kernel you compile the module for is not the kernel you are trying to load it into. Commented Mar 12, 2018 at 20:14
  • Hmm could you expand on that a little more? I've compiled and loaded it successfully without the module_params before and it worked, only stopped when I added that. Commented Mar 12, 2018 at 20:26
  • 1
    Ah, ok, it worked without module parameter? Does it load with modparam in your code but without specifying a parameter at insmod command line? Furthermore, in your comment you state drop_icmp, but otherwise you use dropicmp, do you confuse something here? Commented Mar 12, 2018 at 20:27
  • 1
    @Crumblez Try changing the permissions field of module_param() from 0 to 0444. Commented Mar 13, 2018 at 1:12
  • 1
    On Stack Overflow we tend to have a questions useful for future visitors. As you have found module_param is unrelated to your actual problem, could you edit the question post and remove such unnecessary parts? Ideally, it should be a minimal reproducible example which reflects the exact problem (naming the module as kernel). Commented Mar 13, 2018 at 8:43

1 Answer 1

Reset to default
4

This was all due to my dumb naming scheme... I named the module kernel... Which is obviously already in use by the kernel...... So don't do that...

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Same here - don't name it 'module' either

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.