- 论坛徽章:
- 0
|
以下是一段防火墙程序(书上和网上都可以找到,程序肯定没问题):
#ifndef __KERNEL__
#define __KERNEL__ //按内核模块编译
#endif
#ifndef MODULE
#define MODULE //按设备驱动程序模块编译
#endif
#include <linux/module.h>; //最基本的内核模块头文件
#include <linux/sched.h>;
#include <linux/kernel.h>; //最基本的内核模块头文件
#include <linux/netdevice.h>;
#include <linux/ip.h>;
#include <linux/tcp.h>;
#include <linux/skbuff.h>;
#include <linux/proc_fs.h>;
#include <linux/if.h>;
#include <linux/in.h>;
#include <linux/firewall.h>;
#define SOL_ICMP 1
#define PERMIT_PORT 80 //只允许访问TCP的80端口
int zzl_input(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//每当收到一个网络报时,此函数将被内核调用
struct tcphdr *tcph; //TCP的头指针
struct iphdr *iph; //IP头指针
struct sk_buff *skb=*pskb;
if (skb->;protocol==htons(ETH_P_ARP)){
printk("\nPermit a ARP Packet"
return FW_ACCEPT;//允许地址解析协议报
}
if(skb->;protocol==htons(ETH_P_RARP)){
printk("\nPermit a RARP Packet"
return FW_ACCEPT;//允许反向地址解析协议报
}
if(skb->;protocol==htons(ETH_P_IP))
{
iph=skb->;nh.iph;
if (iph->;protocol==SOL_ICMP)
{
printk("\nPermit a ICMP Packet"
return FW_ACCEPT;//允许网络控制报
}
if(iph->;protocol==SOL_TCP){
tcph=skb->;h.th;
if(tcph->;dest==PERMIT_PORT){
printk("\nPermit a valid access"
return FW_ACCEPT;//允许对TCP端口80的访问
}
}
}
return FW_REJECT;//禁止对本计算机的所有其它访问
}
int zzl_output(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_output is called "
return FW_SKIP;
}
int zzl_foreward(struct firewall_ops *this,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_foreward is called "
return FW_SKIP;
}
struct firewall_ops zzl_ops=
{
NULL,
zzl_foreward,
zzl_input,
zzl_output,
PF_INET,
01
};
int init_module(void)
{
if(register_firewall(PF_INET,&zzl_ops)!=0)
{
printk("\nunable register firewall"
return -1;
}
printk("\nzzl_ops=%p",&zzl_ops);
return 0;
}
void cleanup_module(void)
{
printk("unload\n"
unregister_firewall(PF_INET,&zzl_ops);
}
现我用以下命令编译:
gcc -Wall -O2 -c MyFireWall.c
发生错误. |
|