实验防火墙代码编译出错,请大家帮忙看看,多谢了!

Dopilas

我想主要是头文件的顺序问题搞不定,就象hello模块的头文件必须把module.h方在kernel.h前一样.
谁能告诉我该怎么做啊?本人将非常感激.
代码如下:


//mytestfirewall.c 阻止某个特定IP对我机器的ftp服务器的访问
#define MODULE
#include <linux/module.h>
#define __KERNEL__
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /* For IP header */
#include <linux/tcp.h> /* For TCP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

/* 用于注册函数的数据结构 */
static struct nf_hook_ops nfho;

/* 丢弃的数据包来自的地址，网络字节序 */
unsigned char *deny_ip = "\x7f\x00\x00\x01"; /* 127.0.0.1 */
static int check_ip_packet(struct sk_buff *skb)
{
/* We don't want any NULL pointers in the chain to
* the IP header. */
if (!skb )return NF_ACCEPT;
if (!(skb->nh.iph)) return NF_ACCEPT;
if (skb->nh.iph->saddr == *(unsigned int *)deny_ip)
{
return NF_DROP;
}
return NF_ACCEPT;
}
/* 丢弃的数据包的目的端口，网络字节序 */
unsigned char *deny_port = "\x00\x50"; /* port 80 */
static int check_tcp_packet(struct sk_buff *skb)
{
struct tcphdr *thead;
/* We don't want any NULL pointers in the chain
* to the IP header. */
if (!skb ) return NF_ACCEPT;
if (!(skb->nh.iph)) return NF_ACCEPT;
/* Be sure this is a TCP packet first */
if (skb->nh.iph->protocol != IPPROTO_TCP)
{
return NF_ACCEPT;
}
thead = (struct tcphdr *)(skb->data+(skb->nh.iph->ihl * 4));
/* Now check the destination port */
if ((thead->dest) == *(unsigned short *)deny_port)
{
return NF_DROP;
}
return NF_ACCEPT;
}


/* 注册的hook函数的实现 */
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
if((check_ip_packet(skb)==NF_ACCEPT)&&(check_tcp_packet(skb)==NF_ACCEPT))
{
return NF_ACCEPT;
}
else
{
printk("Dropped packet from... %d.%d.%d.%d\n",*deny_ip, *(deny_ip + 1),*(deny_ip + 2), *(deny_ip + 3));
printk("Dropped packet's destination port is %d\n\n",*deny_port);
return NF_DROP;
}
}

/* 初始化程序 */
int init_module()
{
/* 填充hook数据结构 */
nfho.hook = hook_func; /* 处理函数 */
nfho.hooknum = NF_IP_PRE_ROUTING; /* 使用IPv4的第一个hook */
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; /* 让函数首先执行 */

nf_register_hook(&nfho);
printk("加载成功!\n");

return 0;
}

/* 清除程序 */
void cleanup_module()
{
nf_unregister_hook(&nfho);
printk("卸载成功!\n");
} :help :help :help