论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2010-07-09 22:29 |只看该作者 |倒序浏览

初学netfilter编程，下面是我写的一个代码。系统为redhat linux9，内核2.4.20-8，编译方法为gcc -c -DMODULE -D__KERNEL__ -D__USE_TO_IPV4__ -W -Wall -isystem /lib/modules/2.4.20-8/build/include testchk.c，如果不加两个"//----"之间关于计算校验和的部分，编译和加载模块都没问题。但如果加上这段代码，编译没问题，但加载时报错：
                        testchk.o:unresloved symbol ntohs。
查了一下ntohs包含在netinet/in.h头文件中，于是#include <netinet/in.h>，但在编译时就报错(好多怪异的错误啊)：

In file included from nftest7.c:18:

/usr/include/netinet/in.h:32: conflicting types for `IPPROTO_IP'

/lib/modules/2.4.20-8/build/include/linux/in.h:25: previous declaration of `IPPROTO_IP'

/usr/include/netinet/in.h:34: parse error before numeric constant

/usr/include/netinet/in.h:36: conflicting types for `IPPROTO_ICMP'

/lib/modules/2.4.20-8/build/include/linux/in.h:26: previous declaration of `IPPROTO_ICMP'

/usr/include/netinet/in.h:38: conflicting types for `IPPROTO_IGMP'

/lib/modules/2.4.20-8/build/include/linux/in.h:27: previous declaration of `IPPROTO_IGMP'

/usr/include/netinet/in.h:40: conflicting types for `IPPROTO_IPIP'

/lib/modules/2.4.20-8/build/include/linux/in.h:28: previous declaration of `IPPROTO_IPIP'

/usr/include/netinet/in.h:42: conflicting types for `IPPROTO_TCP'

/lib/modules/2.4.20-8/build/include/linux/in.h:29: previous declaration of `IPPROTO_TCP'

/usr/include/netinet/in.h:44: conflicting types for `IPPROTO_EGP'

/lib/modules/2.4.20-8/build/include/linux/in.h:30: previous declaration of `IPPROTO_EGP'

/usr/include/netinet/in.h:46: conflicting types for `IPPROTO_PUP'

/lib/modules/2.4.20-8/build/include/linux/in.h:31: previous declaration of `IPPROTO_PUP'

/usr/include/netinet/in.h:48: conflicting types for `IPPROTO_UDP'

/lib/modules/2.4.20-8/build/include/linux/in.h:32: previous declaration of `IPPROTO_UDP'

/usr/include/netinet/in.h:50: conflicting types for `IPPROTO_IDP'

/lib/modules/2.4.20-8/build/include/linux/in.h:33: previous declaration of `IPPROTO_IDP'

/usr/include/netinet/in.h:54: conflicting types for `IPPROTO_IPV6'

/lib/modules/2.4.20-8/build/include/linux/in.h:37: previous declaration of `IPPROTO_IPV6'

/usr/include/netinet/in.h:56: parse error before numeric constant

/usr/include/netinet/in.h:60: conflicting types for `IPPROTO_RSVP'

/lib/modules/2.4.20-8/build/include/linux/in.h:34: previous declaration of `IPPROTO_RSVP'

/usr/include/netinet/in.h:62: conflicting types for `IPPROTO_GRE'

/lib/modules/2.4.20-8/build/include/linux/in.h:35: previous declaration of `IPPROTO_GRE'

/usr/include/netinet/in.h:64: conflicting types for `IPPROTO_ESP'

/lib/modules/2.4.20-8/build/include/linux/in.h:41: previous declaration of `IPPROTO_ESP'

/usr/include/netinet/in.h:66: conflicting types for `IPPROTO_AH'

/lib/modules/2.4.20-8/build/include/linux/in.h:42: previous declaration of `IPPROTO_AH'

/usr/include/netinet/in.h:68: parse error before numeric constant

/usr/include/netinet/in.h:78: conflicting types for `IPPROTO_PIM'

/lib/modules/2.4.20-8/build/include/linux/in.h:39: previous declaration of `IPPROTO_PIM'

/usr/include/netinet/in.h:80: conflicting types for `IPPROTO_COMP'

/lib/modules/2.4.20-8/build/include/linux/in.h:43: previous declaration of `IPPROTO_COMP'

/usr/include/netinet/in.h:82: conflicting types for `IPPROTO_RAW'

/lib/modules/2.4.20-8/build/include/linux/in.h:45: previous declaration of `IPPROTO_RAW'

/usr/include/netinet/in.h:85: conflicting types for `IPPROTO_MAX'

/lib/modules/2.4.20-8/build/include/linux/in.h:47: previous declaration of `IPPROTO_MAX'

/usr/include/netinet/in.h:135: redefinition of `struct in_addr'

/usr/include/netinet/in.h:191: redefinition of `struct in6_addr'

In file included from /usr/include/bits/socket.h:32,

               from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/sys/types.h:41: conflicting types for `fsid_t'

/lib/modules/2.4.20-8/build/include/asm/statfs.h:8: previous declaration of `fsid_t'

/usr/include/sys/types.h:62: conflicting types for `dev_t'

/lib/modules/2.4.20-8/build/include/linux/types.h:14: previous declaration of `dev_t'

/usr/include/sys/types.h:72: conflicting types for `mode_t'

/lib/modules/2.4.20-8/build/include/linux/types.h:16: previous declaration of `mode_t'

/usr/include/sys/types.h:77: conflicting types for `nlink_t'

/lib/modules/2.4.20-8/build/include/linux/types.h:17: previous declaration of `nlink_t'

In file included from /usr/include/sys/types.h:216,

               from /usr/include/bits/socket.h:32,

               from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/sys/select.h:38: conflicting types for `sigset_t'

/lib/modules/2.4.20-8/build/include/asm/signal.h:21: previous declaration of `sigset_t'

In file included from /usr/include/sys/select.h:44,

               from /usr/include/sys/types.h:216,

               from /usr/include/bits/socket.h:32,

               from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/time.h:119: redefinition of `struct timespec'

In file included from /usr/include/sys/select.h:46,

               from /usr/include/sys/types.h:216,

               from /usr/include/bits/socket.h:32,

               from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/bits/time.h:70: redefinition of `struct timeval'

In file included from /usr/include/sys/types.h:216,

               from /usr/include/bits/socket.h:32,

               from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/sys/select.h:78: conflicting types for `fd_set'

/lib/modules/2.4.20-8/build/include/linux/types.h:13: previous declaration of `fd_set'

In file included from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/bits/socket.h:43: parse error before numeric constant

In file included from /usr/include/netinet/in.h:212,

               from nftest7.c:18:

/usr/include/bits/socket.h:146: redefinition of `struct sockaddr'

/usr/include/bits/socket.h:173: parse error before numeric constant

/usr/include/bits/socket.h:188: parse error before numeric constant

/usr/include/bits/socket.h:216: redefinition of `struct msghdr'

/usr/include/bits/socket.h:231: redefinition of `struct cmsghdr'

/usr/include/bits/socket.h:258: conflicting types for `__cmsg_nxthdr'

/lib/modules/2.4.20-8/build/include/linux/socket.h:104: previous declaration of

`__cmsg_nxthdr'

/usr/include/bits/socket.h:286: parse error before numeric constant

/usr/include/bits/socket.h:298: redefinition of `struct ucred'

/usr/include/bits/socket.h:310: redefinition of `struct linger'

In file included from nftest7.c:18:

/usr/include/netinet/in.h:217: redefinition of `struct sockaddr_in'

/usr/include/netinet/in.h:231: redefinition of `struct sockaddr_in6'

/usr/include/netinet/in.h:241: redefinition of `struct ipv6_mreq'

In file included from /usr/include/netinet/in.h:250,

               from nftest7.c:18:

/usr/include/bits/in.h:74: redefinition of `struct ip_mreq'

/usr/include/bits/in.h:81: redefinition of `struct ip_mreqn'

/usr/include/bits/in.h:89: redefinition of `struct in_pktinfo'

In file included from nftest7.c:18:

/usr/include/netinet/in.h:362: redefinition of `struct in6_pktinfo'

nftest7.c:42: confused by earlier errors, bailing out

（报错完毕）

尝试把#include <linux/in.h> "去掉也会报相同的错误，不知道是什么原因，下面是我的代码：

#define __KERNEL__

#define MODULE

#include <linux/module.h>

#include <linux/kernel.h>

#include <linux/netdevice.h>

#include <linux/netfilter.h>

#include <linux/netfilter_ipv4.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#include <linux/in.h>

#include <linux/skbuff.h> ;

#include <linux/if_ether.h> ;

#include <net/tcp.h> ;

#include <asm/checksum.h> ;

MODULE_LICENSE( "GPL ");

#define TCP_HEADER_LEN 20

/* This is the structure we shall use to register our function */

  static struct nf_hook_ops nfho;

  unsigned char *trans_port = "\x01\xbb"; /* port 443 */

  static int check_tcp_packet(struct sk_buff *skb)

  {

   struct tcphdr *thead;

   /* We don't want any NULL pointers in the chain

   * to the IP header. */

   if (!skb ) return NF_ACCEPT;

   if (!(skb->nh.iph)) return NF_ACCEPT;

   /* Be sure this is a TCP packet first */

   if (skb->nh.iph->protocol != IPPROTO_TCP) {

      return NF_ACCEPT;

   }

   thead = (struct tcphdr *)(skb->data +

                           (skb->nh.iph->ihl * 4));

   /* Now check the destination port */

   if ((thead->dest) == *(unsigned short *)trans_port) {

//--------------------------------------------------------------------------

      thead->check = 0;

         thead->check = tcp_v4_check(thead, skb->len - (skb->nh.iph->ihl * 4) ,

               skb->nh.iph->saddr,

               skb->nh.iph->daddr,

               csum_partial((char*)thead, skb->len - (skb->nh.iph->ihl * 4),0));

//--------------------------------------------------------------------------



      return NF_ACCEPT;

   }



return NF_ACCEPT;

  }



  unsigned int hook_func(unsigned int hooknum,

                     struct sk_buff **skb,

                     const struct net_device *in,

                     const struct net_device *out,

                     int (*okfn)(struct sk_buff *))

{

   struct sk_buff *sb = *skb;

   check_tcp_packet(sb);

}



int init_module()

{

nfho.hook    = hook_func;

nfho.hooknum  = NF_IP_LOCAL_IN;

nfho.pf    = PF_INET;

nfho.priority = NF_IP_PRI_FIRST;



nf_register_hook(&nfho);

return 0;

}

void cleanup_module()

{

nf_unregister_hook(&nfho);

}

看看到底是哪里出了问题？很多天的尝试都没有办法解决，谁能帮忙，多谢多谢！

bluetz, netfiter, bluetz, netfiter

文库|博客

llphdu

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2010-09-21 22:24 |只看该作者

http://blog.csdn.net/jinnie/archive/2004/10/17/139672.aspx

不知道这个对LZ会不会有用,呵呵

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › IT运维 › 数据安全 › 关于netfilter编程的问题，请教！！

关于netfilter编程的问题，请教！！ [复制链接]