IPP2P模块修改版，最新0.99.16

luojm_24680

export IPTABLES_SRC="$your_iptables_patch" KERNEL_SRC="$your_kernel_patch",所谓的your_iptables_patch是iptables-p2p-0.3.0a,your_kernel_patch是netfilter-layer7-v2.14吗,不知我理解的对不对

我这种理解好像不对,这样指定出现:
cat: netfilter-layer7-v2.14,/Makefile: No such file or directory
cat: netfilter-layer7-v2.14,/Makefile: No such file or directory
make: Nothing to be done for `all'.

指定成ipp2p-0.99.3也不对
指定成下面:
# export KERNEL_DIR=/usr/src/linux-2.6.19
# export IPTABLES_DIR=/usr/src/iptables-1.3.8
现在也无法只出现:
make: Nothing to be done for `all'.

出现的也是:
cat: /usr/src/linux-2.6.19,/Makefile: No such file or directory
cat: /usr/src/linux-2.6.19,/Makefile: No such file or directory
make: Nothing to be done for `all'.

这可怎么办呀,请做过教给我详细的步骤,谢谢啦

dzb_01

KERNEL_DIR  IPTABLES_DIR
KERNEL_SRC IPTABLES_SRC
跟ＤＩＲ、ＳＲＣ有关吗??

ShadowStar

应该没什么关系，指的都是源代码的path

luojm_24680

看到ShadowStar圣骑士,说只要在makefile指定好就OK。我还是不会在makefile中指定,请
ShadowStar 圣骑士帮助我,请给出详细步骤,谢谢!我的IPP2P-0.99.3目录下的Makefile内容如下:

[root@sushe ipp2p-0.99.3]# more Makefile
ifneq ($(KERNELRELEASE),)
obj-m := ipt_ipp2p.o

else
#KERNEL_SRC = /usr/src/linux
KERNEL_SRC ?= $(firstword $(wildcard /lib/modules/$(shell uname -r)/build /usr/s
rc/linux))
ifeq ($(KERNEL_SRC),)
$(error You need to define KERNEL_SRC)
endif

ifneq ($wildcard $(KERNEL_SRC)/include/linux/modversions.h),)
MODVERSIONS = -DMODVERSIONS
endif

_KVER = $(strip $(shell cat $(KERNEL_SRC)/Makefile | grep -e '^VERSION' | cut -d
"=" -f2))
_KPL = $(strip $(shell cat $(KERNEL_SRC)/Makefile | grep -e '^PATCHLEVEL' | cut
-d"=" -f2))
_KSUB = $(strip $(shell cat $(KERNEL_SRC)/Makefile | grep -e '^SUBLEVEL' | cut -
d"=" -f2))
KERNEL_SERIES=$(_KVER).$(_KPL)

ifeq ($(KERNEL_SERIES), 2.6)
        TARGET=ipt_ipp2p.ko
else
        TARGET=ipt_ipp2p.o
endif

SED = sed
IPTABLES_BIN = iptables
ifndef $(IPTABLES_SRC)
IPTVER = \
        $(shell $(IPTABLES_BIN) --version | $(SED) -e 's/^iptables v//')
IPTABLES_SRC = $(wildcard /usr/src/iptables-$(IPTVER))
#IPTABLES_SRC = /var/tmp/portage/net-firewall/iptables-1.3.8-r1/work/iptables-1.
3.8
endif

ifeq ($(IPTABLES_SRC),)
$(warning You need to install iptables sources and maybe set IPTABLES_SRC)
endif

IPTABLES_INCLUDE = -I$(IPTABLES_SRC)/include

ifneq ($(IPTVER),)
        IPTABLES_VERSION = $(IPTVER)
else
        IPTABLES_VERSION = $(shell cat $(IPTABLES_SRC)/Makefile | grep -e '^IPTA
BLES_VERSION:=' | cut -d"=" -f2)
endif

IPTABLES_OPTION = -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\"

#CC = /usr/bin/x86_64-pc-linux-gnu-gcc-4.1.2
CC = gcc
CFLAGS = -O3 -Wall



all: modules libipt_ipp2p.so

modules: $(TARGET)

ipt_ipp2p.o: ipt_ipp2p.h ipt_ipp2p.c
        $(CC) $(CFLAGS) -I$(KERNEL_SRC)/include -c ipt_ipp2p.c -D__KERNEL__ -DMO
DULE $(MODVERSIONS)

ipt_ipp2p.ko: ipt_ipp2p.h ipt_ipp2p.c
        $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules


libipt_ipp2p.so: libipt_ipp2p.c ipt_ipp2p.h
        $(CC) $(CFLAGS) $(IPTABLES_OPTION) $(IPTABLES_INCLUDE) -fPIC -c libipt_i
pp2p.c
        $(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o

clean:
        -rm -f *.o *.so *.ko .*.cmd *.mod.c
endif
[root@sushe ipp2p-0.99.3]#


我以前都是按照一些文章做的,当环境有变化就不会解决了,请ShadowStar 圣骑士帮我解决这个问题,盼望您好久了,谢谢!

ShadowStar

你的内核的源代码目录在哪？
还有iptables的源代码目录？

luojm_24680

iptables是iptables1.3.8,源码在/usr/src/iptables-1.3.8目录下
kernel源码在/usr/src/linux-2.6.19

luojm_24680

iptables是iptables1.3.8,源码在/usr/src/iptables-1.3.8目录下
kernel源码在/usr/src/linux-2.6.19

谢谢,圣骑士

5639863

原帖由 ShadowStar 于 2007-11-19 14:41 发表


把你的iptables-save的输出贴出来，我看看。

-A INPUT -m ipp2p --xunlei -j DROP
-A INPUT -i eth0 -j eth0_in
-A INPUT -i eth1 -j eth1_in
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j Drop
-A INPUT -j LOG --log-prefix "Shorewall:INPUTROP:" --log-level 6
-A INPUT -j DROP
-A FORWARD -s 91.14.47.0/255.255.255.0 -d 211.144.205.17 -p tcp -j ACCEPT
-A FORWARD -s 91.14.47.0/255.255.255.0 -j DROP
-A FORWARD -m ipp2p --xunlei -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -p tcp -m connlimit --connlimit-above 5 --connlimit-mask 32 -j DROP
-A FORWARD -m ipp2p --ipp2p -j DROP
-A FORWARD -p udp -m udp --dport 8000 -j ACCEPT
-A FORWARD -p udp -m udp --sport 8000 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -s 172.16.15.0/255.255.255.0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 172.16.14.0/255.255.255.0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 172.16.4.0/255.255.255.0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 1024:65535 -j DROP
-A FORWARD -s 172.16.15.0/255.255.255.0 -p tcp -m multiport --dports 21,22,25,53,80,110,443,8000,8080 -j ACCEPT
-A FORWARD -s 172.16.14.0/255.255.255.0 -p tcp -m multiport --dports 21,22,25,53,80,110,443,8000,8080 -j ACCEPT
-A FORWARD -s 172.16.4.0/255.255.255.0 -p tcp -m multiport --dports 21,22,25,53,80,110,443,8000,8080 -j ACCEPT
-A FORWARD -s 172.16.15.0/255.255.255.0 -j DROP
-A FORWARD -s 172.16.14.0/255.255.255.0 -j DROP
-A FORWARD -s 172.16.4.0/255.255.255.0 -j DROP
-A FORWARD -i eth0 -j eth0_fwd
-A FORWARD -i eth1 -j eth1_fwd
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j Drop
-A FORWARD -j LOG --log-prefix "Shorewall:FORWARDROP:" --log-level 6
-A FORWARD -j DROP
-A OUTPUT -m ipp2p --xunlei -j DROP
-A OUTPUT -o eth0 -j eth0_out
-A OUTPUT -o eth1 -j eth1_out
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j Drop
-A OUTPUT -j LOG --log-prefix "Shorewall:OUTPUTROP:" --log-level 6
-A OUTPUT -j DROP
-A Drop -p tcp -m tcp --dport 113 -j reject
-A Drop -j dropBcast
-A Drop -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A Drop -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A Drop -j dropInvalid
-A Drop -p udp -m multiport --dports 135,445 -j DROP
-A Drop -p udp -m udp --dport 137:139 -j DROP
-A Drop -p udp -m udp --sport 137 --dport 1024:65535 -j DROP
-A Drop -p tcp -m multiport --dports 135,139,445 -j DROP
-A Drop -p udp -m udp --dport 1900 -j DROP
-A Drop -p tcp -j dropNotSyn
-A Drop -p udp -m udp --sport 53 -j DROP
-A Reject -p tcp -m tcp --dport 113 -j reject
-A Reject -j dropBcast
-A Reject -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A Reject -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A Reject -j dropInvalid
-A Reject -p udp -m multiport --dports 135,445 -j reject
-A Reject -p udp -m udp --dport 137:139 -j reject
-A Reject -p udp -m udp --sport 137 --dport 1024:65535 -j reject
-A Reject -p tcp -m multiport --dports 135,139,445 -j reject
-A Reject -p udp -m udp --dport 1900 -j DROP
-A Reject -p tcp -j dropNotSyn
-A Reject -p udp -m udp --sport 53 -j DROP
-A dropBcast -m addrtype --dst-type BROADCAST -j DROP
-A dropBcast -d 224.0.0.0/240.0.0.0 -j DROP
-A dropInvalid -m state --state INVALID -j DROP
-A dropNotSyn -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A eth0_fwd -m state --state INVALID,NEW -j dynamic
-A eth0_fwd -o eth1 -j lan2wan
-A eth0_in -m state --state INVALID,NEW -j dynamic
-A eth0_in -j lan2fw
-A eth0_out -j fw2lan
-A eth1_fwd -m state --state INVALID,NEW -j dynamic
-A eth1_fwd -o eth0 -j wan2lan
-A eth1_in -m state --state INVALID,NEW -j dynamic
-A eth1_in -j wan2fw
-A eth1_out -j fw2wan
-A fw2lan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2lan -j ACCEPT
-A fw2wan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2wan -j ACCEPT
-A lan2fw -m state --state RELATED,ESTABLISHED -j ACCEPT
-A lan2fw -j ACCEPT
-A lan2wan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A lan2wan -j ACCEPT
-A logdrop -j DROP
-A logreject -j reject
-A reject -m addrtype --src-type BROADCAST -j DROP
-A reject -s 224.0.0.0/240.0.0.0 -j DROP
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A reject -j REJECT --reject-with icmp-host-prohibited
-A smurfs -s 0.0.0.0 -j RETURN
-A smurfs -m addrtype --src-type BROADCAST -j LOG --log-prefix "Shorewall:smurfsROP:" --log-level 6
-A smurfs -m addrtype --src-type BROADCAST -j DROP
-A smurfs -s 224.0.0.0/240.0.0.0 -j LOG --log-prefix "Shorewall:smurfsROP:" --log-level 6
-A smurfs -s 224.0.0.0/240.0.0.0 -j DROP
-A wan2fw -m state --state RELATED,ESTABLISHED -j ACCEPT
-A wan2fw -j Drop
-A wan2fw -j DROP
-A wan2lan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A wan2lan -j ACCEPT

ShadowStar

原帖由 luojm_24680 于 2007-11-19 22:01 发表
iptables是iptables1.3.8,源码在/usr/src/iptables-1.3.8目录下
kernel源码在/usr/src/linux-2.6.19

那你就修改Makefile中的KERNEL_SRC = /usr/src/linux-2.6.19，IPTABLES_SRC = /usr/src/iptables-1.3.8

ShadowStar

原帖由 5639863 于 2007-11-19 22:08 发表

-A INPUT -m ipp2p --xunlei -j DROP
-A INPUT -i eth0 -j eth0_in
-A INPUT -i eth1 -j eth1_in
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j Drop ...

没有帖全吧？
你不是说“iptables+squid的透明代理么？”

另外请看一下我29楼的回复，看看对不对。