-
-
[原创]linux下netfilter使用的问题
-
发表于:
2016-12-29 09:47
5621
-
我想使用netfilter进行开发,写了一个非常简单的测试例子,如下:
#include <stdio.h>
#include <linux/netfilter.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netfilter_ipv4.h>
#include <linux/ip.h>
#include <linux/inet.h>
/**
* Hook function to be called.
* We modify the packet's src IP.
*/
unsigned int my_hookfn(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *iph;
iph = ip_hdr(skb);
/* log the original src IP */
printk(KERN_INFO"src IP %pI4\n", &iph->saddr);
/* modify the packet's src IP */
iph->saddr = in_aton("8.8.8.8");
return NF_ACCEPT;
}
/* A netfilter instance to use */
static struct nf_hook_ops nfho = {
.hook = my_hookfn,
.pf = PF_INET,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST,
.owner = THIS_MODULE,
};
static int __init sknf_init(void)
{
if (nf_register_hook(&nfho))
{
printk(KERN_ERR"nf_register_hook() failed\n");
return -1;
}
return 0;
}
static void __exit sknf_exit(void)
{
nf_unregister_hook(&nfho);
}
module_init(sknf_init);
module_exit(sknf_exit);
MODULE_AUTHOR("test");
MODULE_LICENSE("GPL");
static int test(int argc, char*argv[])
{
printf("--start test--,%d, %s\n",argc, argv[1]);
printf("--end test--\n");
return 0;
}
对应的makefile大致如下:
CC = gcc
LD = ld
CFLAGS = -I src/include/ -I /usr/src/linux-headers-4.4.0-57/include -I /usr/src/linux-headers-4.4.0-57/arch/x86/include -I /usr/src/linux-headers-4.4.0-57-generic/include -I /usr/src/linux-headers-4.4.0-57-generic/arch/x86/include/generated -c -fno-builtin -w -fno-stack-protector
LDFLAGS = -Map proc.map $(LOBJS_UBUNTU)
# This Program
PROC = dst/test
OBJS = $(OBJS_TEST)
LOBJS_UBUNTU = /usr/lib/x86_64-linux-gnu/crt1.o\
/usr/lib/x86_64-linux-gnu/crti.o\
/usr/lib/gcc/x86_64-linux-gnu/5.4.0/crtbegin.o\
-lc /usr/lib/gcc/x86_64-linux-gnu/5.4.0/crtend.o\
/usr/lib/x86_64-linux-gnu/crtn.o\
-dynamic-linker /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
OBJS_TEST = src/main/test.o
all : realclean everything clean
realclean :
rm -f $(OBJS)
clean :
rm -f $(OBJS)
everything : $(PROC) $(OBJS)
$(PROC) : $(OBJS) $(LIB)
$(LD) $(LDFLAGS) -o $(PROC) $^
src/main/test.o: src/main/test.c
$(CC) $(CFLAGS) -o $@ $<
得到的编译错误提示如下:
In file included from src/main/test.c:29:0:
src/include/linux/init.h:142:13: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘load_default_modules’
void __init load_default_modules(void);
^
src/include/linux/init.h:147:8: error: unknown type name ‘bool’
extern bool initcall_debug;
^
In file included from src/include/linux/module.h:9:0,
from src/main/test.c:30:
src/include/linux/list.h: In function ‘INIT_LIST_HEAD’:
src/include/linux/list.h:27:6: error: dereferencing pointer to incomplete type ‘struct list_head’
list->next = list;
^
src/include/linux/thread_info.h: At top level:
src/include/linux/thread_info.h:24:4: error: unknown type name ‘u32’
u32 __user *uaddr;
^
src/include/linux/thread_info.h:28:4: error: unknown type name ‘u64’
u64 time;
^
src/include/linux/thread_info.h:33:4: error: unknown type name ‘clockid_t’
clockid_t clockid;
^
.......
.......
make: *** [src/main/test.o] Error 1
我baidu了一下,但网上的资料众说纷纭,有的说“头文件”里少了个分号,有的说将bool改为int就好等等。但我觉得这些似乎不是主要的(因为linux已经很成熟了,这些如果是bug,早就patch了),至于原因是什么,还要请教各位
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
头文件里面少分号
