|
|
有一个防火墙示例模块的代码如下:
// MyFirewall.c
#ifndef __KERNEL__
# define __KERNEL__ //按内核模块编译
#endif
#ifndef MODULE
# define MODULE //按设备驱动程序模块编译
#endif
#include //最基本的内核模块头文件
#include
#include //最基本的内核模块头文件
#include
#include
#include
#include
#include
#include
#include
#include
#define SOL_ICMP 1
#define PERMIT_PORT 80 //只允许访问TCP的80端口
int zzl_input(struct firewall_ops *this,
int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//每当收到一个网络报时,此函数将被内核调用
struct tcphdr *tcph; //TCP的头指针
struct iphdr *iph; //IP头指针
struct sk_buff *skb=*pskb;
if (skb->protocol==htons(ETH_P_ARP)){
printk("\nPermit a ARP Packet");
return FW_ACCEPT;//允许地址解析协议报
}
if(skb->protocol==htons(ETH_P_RARP)){
printk("\nPermit a RARP Packet");
return FW_ACCEPT;//允许反向地址解析协议报
}
if(skb->protocol==htons(ETH_P_IP))
{
iph=skb->nh.iph;
if (iph->protocol==SOL_ICMP)
{
printk("\nPermit a ICMP Packet");
return FW_ACCEPT;//允许网络控制报
}
if(iph->protocol==SOL_TCP){
tcph=skb->h.th;
if(tcph->dest==PERMIT_PORT){
printk("\nPermit a valid access");
return FW_ACCEPT;//允许对TCP端口80的访问
}
}
}
return FW_REJECT;//禁止对本计算机的所有其它访问
}
int zzl_output(struct fi
rewall_ops *this,int pf,struct d
evice *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_output is called ");
return FW_SKIP;
}
int zzl_foreward(struct firewall_ops *th
is,int pf,struct device *dev,
void *phdr,void *arg,struct sk_buff **pskb)
{//程序编写方法同zzl_input函数模块
printk("\nzzl_foreward is called ");
return FW_SKIP;
}
struct firewall_ops zzl_ops=
{
NULL,
zzl_foreward,
zzl_input,
zzl_output,
PF_INET,
01
};
int init_module(void)
{
if(register_firewall(PF_INET,&zzl_ops)!=0)
{
printk("\nunable register firewall");
return -1;
}
printk("\nzzl_ops=%p",&zzl_ops);
return 0;
}
void cleanup_module(void)
{
printk("unload\n");
unregister_firewall(PF_INET,&zzl_ops);
}
这个示例程序好象是在linux-2.4.20下的代码,如果是在2.4.20-8下如何做调整才能够编译成功并且加载成功?(我选择了几个/usr/src/linux-2.4.20-8/include/linux 下的头文件加入以上代码,编译总是通不过。我还发现
/usr/src/linux-2.4.20-8/include/linux/netfilter_ipv4/compat_firewall.h
文件:
/* Minor modifications to fit on compatibility framework:
Rusty.Russell@rustcorp.com.au
*/
#ifndef __LINUX_FIREWALL_H
#define __LINUX_FIREWALL_H
/*
* Definitions for loadable firewall modules
*/
#define FW_QUEUE 0
#define FW_BLOCK 1
#define FW_ACCEPT 2
#define FW_REJECT (-1)
#define FW_REDIRECT 3
#define FW_MASQUERADE 4
#define FW_SKIP 5
struct firewall_ops
{
struct firewall_ops *next;
int (*fw_forward)(struct firewall_ops *this, int pf,
struct net_device *dev, void *phdr, void *arg,
struct sk_buff **pskb);
int (*fw_input)(struct firewall_ops *this, int pf,
struct net_device *dev, void *phdr, void *arg,
struct sk_buff **pskb);
int (*fw_output)(struct firewall_ops *this, int pf,
struct net_device *dev, void *phdr, void *arg,
struct sk_buff **pskb);
/* These may be NULL. */
int (*fw_acct_in)(struct firewall_ops *this, int pf,
struct net_device *dev, void *phdr, void *arg,
struct sk_buff **pskb);
int (*fw_acct_out)(struct firewall_ops *this, int pf,
struct net_device *dev, void *phdr, void *arg,
struct sk_buff **pskb);
};
extern int register_firewall(int pf, struct firewall_ops *fw);
extern int unregister_firewall(int pf, struct firewall_ops *fw);
extern int ip_fw_masq_timeouts(void *user, int len);
#endif /* __LINUX_FIREWALL_H */
中的firewall_ops 结构和示例中firewall_ops 结构的第五第六个域不同!)
怎样改写代码,添加什么头文件才能够在2.4.20-8下 编译添加模块成功,并且演示得出来啊?
哪位帮帮我啊?多谢了!
:ask :ask :ask |
|
IP卡
狗仔卡
发表于 2004-4-4 20:49:05
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡