Plz help me in the code

[tasamono]

can someone plz help me with the code:i just want to know about the sk_buff

#define __KERNEL__
#define MODULE
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
static struct nf_hook_ops netfilter_ops;
static unsigned char *ip_address = "\xC0\xA8\x00\x01";
static char *interface = "lo";
unsigned char *port = "\x00\x17";
struct sk_buff *sock_buff;
struct udphdr *udp_header;
unsigned int main_hook(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
if(strcmp(in->name,interface) == 0){ return NF_DROP; }

sock_buff = *skb;
if(!sock_buff){ return NF_ACCEPT; }
if(!(sock_buff->nh.iph)){ return NF_ACCEPT; }
if(sock_buff->nh.iph->saddr == *(unsigned int*)ip_address){ return NF_DROP; }


if(sock_buff->nh.iph->protocol != 17){ return NF_ACCEPT; }
udp_header = (struct udphdr *)(sock_buff->data + (sock_buff->nh.iph->ihl *4));
if((udp_header->dest) == *(unsigned short*)port){ return NF_DROP; }
return NF_ACCEPT;
}
int init_module()
{
netfilter_ops.hook = main_hook;
netfilter_ops.pf = PF_INET;
netfilter_ops.hooknum = NF_IP_PRE_ROUTING;
netfilter_ops.priority = NF_IP_PRI_FIRST;
nf_register_hook(&netfilter_ops);

return 0;
}
void cleanup_module() { nf_unregister_hook(&netfilter_ops); }

[Rubberman]

What do you want to know about it? It is the socket buffer. Basically, it is a member of a linked list of information about, and contents of, packets that are associated with each socket. I assume (not sure) that these can be either incoming (but undelivered to application) or outgoing (not yet on the wire) packets.

[tasamono]

THIS IS MY CODE

#define __KERNEL__
#define MODULE
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
static struct nf_hook_ops netfilter_ops;
static unsigned char *ip_address = "\xC0\xA8\x00\x01"; */ip address we want to block in network byte order/*
static char *interface = "lo"; */interface we want to block/*
unsigned char *port = "\x00\x17";
struct sk_buff *sock_buff;
struct udphdr *udp_header;
unsigned int main_hook(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
if(strcmp(in->name,interface) == 0){ return NF_DROP; }
sock_buff = *skb;
if(!sock_buff){ return NF_ACCEPT; }
if(!(sock_buff->nh.iph)){ return NF_ACCEPT; }
if(sock_buff->nh.iph->saddr == *(unsigned int*)ip_address){ return NF_DROP; }
if(sock_buff->nh.iph->protocol != 17){ return NF_ACCEPT; }
udp_header = (struct udphdr *)(sock_buff->data + (sock_buff->nh.iph->ihl *4));
if((udp_header->dest) == *(unsigned short*)port){ return NF_DROP; }
return NF_ACCEPT;
}
int init_module()
{
netfilter_ops.hook = main_hook;
netfilter_ops.pf = PF_INET;
netfilter_ops.hooknum = NF_IP_PRE_ROUTING;
netfilter_ops.priority = NF_IP_PRI_FIRST;
nf_register_hook(&netfilter_ops);
return 0;
}
void cleanup_module() { nf_unregister_hook(&netfilter_ops); }


when i compile i get the following messages



firewall.c:1:2: error: invalid preprocessing directive #define__KERNEL__
firewall.c:5:27: error: linux/module.h: No such file or directory
In file included from firewall.c:8:
/usr/include/linux/netfilter_ipv4.h:53: error: ‘INT_MIN’ undeclared here (not in a function)
/usr/include/linux/netfilter_ipv4.h:65: error: ‘INT_MAX’ undeclared here (not in a function)
firewall.c:9:35: error: linux/skbuff.h: No such file or directory
firewall.c:21: warning: ‘struct net_device’ declared inside parameter list
firewall.c:21: warning: its scope is only this definition or declaration, which is probably not what you want
firewall.c: In function ‘main_hook’:
firewall.c:23: error: dereferencing pointer to incomplete type
firewall.c:27: error: dereferencing pointer to incomplete type
firewall.c:28: error: dereferencing pointer to incomplete type
firewall.c:31: error: dereferencing pointer to incomplete type
firewall.c:32: error: dereferencing pointer to incomplete type
firewall.c:32: error: dereferencing pointer to incomplete type
firewall.c: In function ‘init_module’:
firewall.c:38: error: invalid use of undefined type ‘struct nf_hook_ops’
firewall.c:39: error: invalid use of undefined type ‘struct nf_hook_ops’
firewall.c:40: error: invalid use of undefined type ‘struct nf_hook_ops’
firewall.c:41: error: invalid use of undefined type ‘struct nf_hook_ops’




plzz tell me what to do

[JK3mp]

What exactly are you trying to do?

[tasamono]

i am trying to compile the code...but getting the error messages....cannot understand wht to do??

[ranjitcool]

i am trying to compile the code...but getting the error messages....cannot understand wht to do??

LMAO.. thats the dumbest reply I ever read.. "what are you trying to do?" Oh i am trying to compile the code.. well DUHHHHH..

what the heck is the code trying to do was the point u missed!!

RJ

[tasamono]

oops.....srry...i am trying to write a kernel module which will act as a basic firewall...basically i am using structyre variables of sk_buff that is the socket buffer to block certain user defined IP..i have written the coe...but i am gettin few errors i cannot resolve.....

[ranjitcool]

well lets see from the first two lines of errors.

firewall.c:1:2: error: invalid preprocessing directive #define__KERNEL__
firewall.c:5:27: error: linux/module.h: No such file or directory

it says the directive is incorrect, check for syntax.. maybe a space between define __kernel_ maybe?

second it cant module.h header file .. does it exist?

RJ

[tasamono]

well .... i think i need to set the path for GCC can u help in that...i have module.h in my include folder but still cannot use it

[ranjitcool]

path for gcc.. hmm did u complie gcc or yum install it? waht lin version u using?

to make things easier yum install gcc else try whereis gcc it gives its path.. lets see from there

RJ