- 论坛徽章:
- 0
|
谢谢, 请问能快点告诉我吗?email:qiaoling0826.student@sina.com
qq:83827109
原程序如下:
/*#ifdef __KERNEL__
#define __KERNEL__
#endif
#ifdef MODULE
#define MODULE
#endif*/
#include<linux/module.h>;
#include<linux/netfilter.h>;
#include<linux/list.h>;
#include<linux/netfilter_ipv4/ip_tables.h>;
/*#include<linux/icmp.h>;*/
#include<linux/ip.h>;
/*#include<linux/tcp.h>;*/
/*#include<linux/udp.h>;*/
#include<linux/netdevice.h>;
/*#include<linux/config.h>;*/
#include<linux/net.h>;
#include<linux/skbuff.h>;
#include<linux/netfilter_ipv4.h>;
static unsigned int input(unsigned int hooknum,struct sk_buff **skb,
const struct net_device *in,const struct packet_type *pt,
int(*okfn)(struct sk_buff *))
{
struct iphdr *iph;
struct tcphdr *tcph;
struct udphdr *udph;
/*get zhe packet head*/
iph=(*skb)->;nh.iph;
if((*skb)->;pkt_type==PACKET_OTHERHOST)
{
printk("otherhost packet drop\n" ;
return NF_DROP;
}
if((*skb)->;len<sizeof(struct ihdr)||(*skb)->;len<(iph->;ihl<<2))
{
printk("check packet length failed\n";
return NF_DROP;
}
if(iph->;ihl<5||iph->;version!=4||ip_fast_csum((u8*)iph,iph->;ihl)!=0)
{
printk("check zhe head ,version and csum failed\n";
return NF_DROP;
}
/*unsigned int proto=iph->;protocol;*/
if(iph->;protocol==1||iph->;protocol==6||iph->;protocol==17)
{
printk("tcp or udp or icmp packet was allowed\n";
/* Reassemble IP fragment*/
if(iph->;frag_off&htons(IP_MF|IP_OFFSET))
skb=ip_defrag(skb);
return NF_ACCEPT;
}
else{
printk("others are not allowed\n";
return NF_DROP;
}
}
static unsigned int forward(unsigned int hooknum,struct sk_buff **skb,
const struct net_device *in,const struct net_device *out,
int(*okfn)(struct sk_buff*))
{
printk("forward is called\n";
return NF_ACCEPT;
}
static unsigned int output(unsigned int hooknum,struct sk_buff **skb,
const struct net_device *out,int (*okfn)(struct sk_buff *))
{
struct rtable *rt;
struct iphdr *iph;
unsigned short mtu;
iph=(*skb)->;nh.iph;
rt=(struct rtable *)skb->;dst;
mtu=rt->;u.dest.pmtu;
/*wether fragment*/
if((*skb)->;len>;mtu)
ip_fragment(skb,ip_finish_output);
return ip_finish_output(skb);
}
static struct nf_hook_ops ipt_ops[]=
{
{
{NULL,NULL},
input,
PF_INET,
NF_IP_LOCAL_IN,
NF_IP_PRI_FILTER
},
{
{NULL,NULL},
forward,
PF_INET,
NF_IP_FORWARD,
NF_IP_PRI_FILTER
},
{
{NULL,NULL},
output,
PF_INET,
NF_IP_LOCAL_OUT,
NF_IP_PRI_FILTER
}
};
int init_module(void)
{
return nf_register_hook(&ipt_ops);
}
void cleanup_module(void)
{
nf_unregister_hook(&ipt_ops);
}
该程序在/opt/hardhat/devkit/ppc/8xx/bin,名为sfw.c
使用ppc_8xx-gcc -D__KERNEL__ -DMODULE -c sfw.c编译,结果为:
In file included from /opt/hardhat/devkit/ppc/8xx/bin/../target
/usr/include/asm/processor.h:18,
from /opt/hardhat/devkit/ppc/8xx/bin/../target
/usr/include/linux/prefetch.h:13
from /opt/hardhat/devkit/ppc/8xx/bin/../target
/usr/include/linux/list.h:6
from /opt/hardhat/devkit/ppc/8xx/bin/../target
/usr/include/linux/module.h:12
from sfw.c
/opt/hardhat/devkit/ppc/8xx/bin/../target
/usr/include/asm/mpc8xx.h:28:/platforms/rpxlite.h:No such file or directory
后来以为是路径问题
就改用ppc_8xx-gcc -D_KERNEL__-DMODULE -I/opt/hardhat/devkit/ppc/8xx/target/usr/include -c sfw.c
结果一样
请问到底是怎么回事
谢谢 |
|
免费注册
发表于 2003-05-28 16:40