关于netfilter编程的问题,请教!!
初学netfilter编程,下面是我写的一个代码。系统为redhat linux9,内核2.4.20-8,编译方法为gcc -c -DMODULE -D__KERNEL__ -D__USE_TO_IPV4__ -W -Wall -isystem /lib/modules/2.4.20-8/build/include testchk.c,如果不加两个"//----"之间关于计算校验和的部分,编译和加载模块都没问题。但如果加上这段代码,编译没问题,但加载时报错:
testchk.o:unresloved symbol ntohs。
查了一下ntohs包含在netinet/in.h头文件中,于是#include <netinet/in.h>,但在编译时就报错(好多怪异的错误啊):
In file included from nftest7.c:18:
/usr/include/netinet/in.h:32: conflicting types for `IPPROTO_IP'
/lib/modules/2.4.20-8/build/include/linux/in.h:25: previous declaration of `IPPROTO_IP'
/usr/include/netinet/in.h:34: parse error before numeric constant
/usr/include/netinet/in.h:36: conflicting types for `IPPROTO_ICMP'
/lib/modules/2.4.20-8/build/include/linux/in.h:26: previous declaration of `IPPROTO_ICMP'
/usr/include/netinet/in.h:38: conflicting types for `IPPROTO_IGMP'
/lib/modules/2.4.20-8/build/include/linux/in.h:27: previous declaration of `IPPROTO_IGMP'
/usr/include/netinet/in.h:40: conflicting types for `IPPROTO_IPIP'
/lib/modules/2.4.20-8/build/include/linux/in.h:28: previous declaration of `IPPROTO_IPIP'
/usr/include/netinet/in.h:42: conflicting types for `IPPROTO_TCP'
/lib/modules/2.4.20-8/build/include/linux/in.h:29: previous declaration of `IPPROTO_TCP'
/usr/include/netinet/in.h:44: conflicting types for `IPPROTO_EGP'
/lib/modules/2.4.20-8/build/include/linux/in.h:30: previous declaration of `IPPROTO_EGP'
/usr/include/netinet/in.h:46: conflicting types for `IPPROTO_PUP'
/lib/modules/2.4.20-8/build/include/linux/in.h:31: previous declaration of `IPPROTO_PUP'
/usr/include/netinet/in.h:48: conflicting types for `IPPROTO_UDP'
/lib/modules/2.4.20-8/build/include/linux/in.h:32: previous declaration of `IPPROTO_UDP'
/usr/include/netinet/in.h:50: conflicting types for `IPPROTO_IDP'
/lib/modules/2.4.20-8/build/include/linux/in.h:33: previous declaration of `IPPROTO_IDP'
/usr/include/netinet/in.h:54: conflicting types for `IPPROTO_IPV6'
/lib/modules/2.4.20-8/build/include/linux/in.h:37: previous declaration of `IPPROTO_IPV6'
/usr/include/netinet/in.h:56: parse error before numeric constant
/usr/include/netinet/in.h:60: conflicting types for `IPPROTO_RSVP'
/lib/modules/2.4.20-8/build/include/linux/in.h:34: previous declaration of `IPPROTO_RSVP'
/usr/include/netinet/in.h:62: conflicting types for `IPPROTO_GRE'
/lib/modules/2.4.20-8/build/include/linux/in.h:35: previous declaration of `IPPROTO_GRE'
/usr/include/netinet/in.h:64: conflicting types for `IPPROTO_ESP'
/lib/modules/2.4.20-8/build/include/linux/in.h:41: previous declaration of `IPPROTO_ESP'
/usr/include/netinet/in.h:66: conflicting types for `IPPROTO_AH'
/lib/modules/2.4.20-8/build/include/linux/in.h:42: previous declaration of `IPPROTO_AH'
/usr/include/netinet/in.h:68: parse error before numeric constant
/usr/include/netinet/in.h:78: conflicting types for `IPPROTO_PIM'
/lib/modules/2.4.20-8/build/include/linux/in.h:39: previous declaration of `IPPROTO_PIM'
/usr/include/netinet/in.h:80: conflicting types for `IPPROTO_COMP'
/lib/modules/2.4.20-8/build/include/linux/in.h:43: previous declaration of `IPPROTO_COMP'
/usr/include/netinet/in.h:82: conflicting types for `IPPROTO_RAW'
/lib/modules/2.4.20-8/build/include/linux/in.h:45: previous declaration of `IPPROTO_RAW'
/usr/include/netinet/in.h:85: conflicting types for `IPPROTO_MAX'
/lib/modules/2.4.20-8/build/include/linux/in.h:47: previous declaration of `IPPROTO_MAX'
/usr/include/netinet/in.h:135: redefinition of `struct in_addr'
/usr/include/netinet/in.h:191: redefinition of `struct in6_addr'
In file included from /usr/include/bits/socket.h:32,
from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/sys/types.h:41: conflicting types for `fsid_t'
/lib/modules/2.4.20-8/build/include/asm/statfs.h:8: previous declaration of `fsid_t'
/usr/include/sys/types.h:62: conflicting types for `dev_t'
/lib/modules/2.4.20-8/build/include/linux/types.h:14: previous declaration of `dev_t'
/usr/include/sys/types.h:72: conflicting types for `mode_t'
/lib/modules/2.4.20-8/build/include/linux/types.h:16: previous declaration of `mode_t'
/usr/include/sys/types.h:77: conflicting types for `nlink_t'
/lib/modules/2.4.20-8/build/include/linux/types.h:17: previous declaration of `nlink_t'
In file included from /usr/include/sys/types.h:216,
from /usr/include/bits/socket.h:32,
from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/sys/select.h:38: conflicting types for `sigset_t'
/lib/modules/2.4.20-8/build/include/asm/signal.h:21: previous declaration of `sigset_t'
In file included from /usr/include/sys/select.h:44,
from /usr/include/sys/types.h:216,
from /usr/include/bits/socket.h:32,
from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/time.h:119: redefinition of `struct timespec'
In file included from /usr/include/sys/select.h:46,
from /usr/include/sys/types.h:216,
from /usr/include/bits/socket.h:32,
from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/bits/time.h:70: redefinition of `struct timeval'
In file included from /usr/include/sys/types.h:216,
from /usr/include/bits/socket.h:32,
from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/sys/select.h:78: conflicting types for `fd_set'
/lib/modules/2.4.20-8/build/include/linux/types.h:13: previous declaration of `fd_set'
In file included from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/bits/socket.h:43: parse error before numeric constant
In file included from /usr/include/netinet/in.h:212,
from nftest7.c:18:
/usr/include/bits/socket.h:146: redefinition of `struct sockaddr'
/usr/include/bits/socket.h:173: parse error before numeric constant
/usr/include/bits/socket.h:188: parse error before numeric constant
/usr/include/bits/socket.h:216: redefinition of `struct msghdr'
/usr/include/bits/socket.h:231: redefinition of `struct cmsghdr'
/usr/include/bits/socket.h:258: conflicting types for `__cmsg_nxthdr'
/lib/modules/2.4.20-8/build/include/linux/socket.h:104: previous declaration of
`__cmsg_nxthdr'
/usr/include/bits/socket.h:286: parse error before numeric constant
/usr/include/bits/socket.h:298: redefinition of `struct ucred'
/usr/include/bits/socket.h:310: redefinition of `struct linger'
In file included from nftest7.c:18:
/usr/include/netinet/in.h:217: redefinition of `struct sockaddr_in'
/usr/include/netinet/in.h:231: redefinition of `struct sockaddr_in6'
/usr/include/netinet/in.h:241: redefinition of `struct ipv6_mreq'
In file included from /usr/include/netinet/in.h:250,
from nftest7.c:18:
/usr/include/bits/in.h:74: redefinition of `struct ip_mreq'
/usr/include/bits/in.h:81: redefinition of `struct ip_mreqn'
/usr/include/bits/in.h:89: redefinition of `struct in_pktinfo'
In file included from nftest7.c:18:
/usr/include/netinet/in.h:362: redefinition of `struct in6_pktinfo'
nftest7.c:42: confused by earlier errors, bailing out
(报错完毕)
尝试把#include <linux/in.h> "去掉也会报相同的错误,不知道是什么原因,下面是我的代码:
#define __KERNEL__
#define MODULE
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/in.h>
#include <linux/skbuff.h> ;
#include <linux/if_ether.h> ;
#include <net/tcp.h> ;
#include <asm/checksum.h> ;
MODULE_LICENSE( "GPL ");
#define TCP_HEADER_LEN 20
/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;
unsigned char *trans_port = "x01xbb"; /* port 443 */
static int check_tcp_packet(struct sk_buff *skb)
{
struct tcphdr *thead;
/* We don't want any NULL pointers in the chain
* to the IP header. */
if (!skb ) return NF_ACCEPT;
if (!(skb->nh.iph)) return NF_ACCEPT;
/* Be sure this is a TCP packet first */
if (skb->nh.iph->protocol != IPPROTO_TCP) {
return NF_ACCEPT;
}
thead = (struct tcphdr *)(skb->data +
(skb->nh.iph->ihl * 4));
/* Now check the destination port */
if ((thead->dest) == *(unsigned short *)trans_port) {
//--------------------------------------------------------------------------
thead->check = 0;
thead->check = tcp_v4_check(thead, skb->len - (skb->nh.iph->ihl * 4) ,
skb->nh.iph->saddr,
skb->nh.iph->daddr,
csum_partial((char*)thead, skb->len - (skb->nh.iph->ihl * 4),0));
//--------------------------------------------------------------------------
return NF_ACCEPT;
}
return NF_ACCEPT;
}
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
check_tcp_packet(sb);
}
int init_module()
{
nfho.hook = hook_func;
nfho.hooknum = NF_IP_LOCAL_IN;
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho);
return 0;
}
void cleanup_module()
{
nf_unregister_hook(&nfho);
}
看看到底是哪里出了问题?很多天的尝试都没有办法解决,谁能帮忙,多谢多谢!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
http://blog.csdn.net/jinnie/archive/2004/10/17/139672.aspx
不知道这个对LZ会不会有用,呵呵