如何在 ubuntu 18.04 中安装我的 netfilter 模块
[英]how to insmod my netfilter module in ubuntu 18.04
问题描述
I try to write a simple linux module based on netfilter hooks.
我尝试编写一个基于 netfilter 钩子的简单 linux 模块。 My code (pcap.c) is shown as follows:我的代码(pcap.c)如下所示:
#include <linux/time.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/netfilter_ipv4.h>
#include <linux/net.h>
#include <net/ip.h>
#include <linux/if_ether.h>
#include <net/protocol.h>
#include <net/icmp.h>
#include <net/tcp.h>
#include <linux/if_vlan.h>
struct net *net;
static unsigned int pcap_func (void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
{
printk(KERN_INFO "hook\n");
return NF_DROP;
}
static struct nf_hook_ops nfho = {
.hook = pcap_func,
.hooknum = 1,
.pf = PF_INET,
.priority = NF_IP_PRI_FIRST,
};
static int __init pcap_init(void)
{
if (nf_register_net_hook(net, &nfho)) {
printk(KERN_ERR "nf_register_hook() failed\n");
return -1;
}
return 0;
}
static void __exit pcap_exit(void)
{
printk(KERN_INFO "unregister pcap module.\n");
nf_unregister_net_hook(net, &nfho);
}
module_init(pcap_init);
module_exit(pcap_exit);
MODULE_LICENSE("GPL");
My makefile is shown as follows:我的makefile如下图所示:
obj-m := pcap.o
KERNELDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
modules:
$(MAKE) -C $(KERNELDIR) M=$(PWD) modules
modules_install:
$(MAKE) -C $(KERNELDIR) M=$(PWD) modules_install
install:
insmod pcap.ko
uninstall:
-rmmod pcap.ko
rm -rf *.o *.ko *.mod.o *.mod.c *.symvers *.order *.mod
I cannot insmod my module.我无法安装我的模块。
And the dmesg shows: Netfilter: version magic '4.18.11 SMP mod_unload ' should be '5.3.0-59-generic SMP mod_unload '并且 dmesg 显示: Netfilter: version magic '4.18.11 SMP mod_unload ' 应该是 '5.3.0-59-generic SMP mod_unload '
I cannot fix this problem.我无法解决这个问题。 Please help me.请帮我。 Thanks a lot.非常感谢。
1 个解决方案
解决方案1
1 2020-06-23 03:17:06
I fixed the problem.我解决了这个问题。 The problem is caused because of the namespace of network device.该问题是由于网络设备的命名空间引起的。 At first, we should delete the following code:首先,我们应该删除以下代码:
struct net *net;
Then correct the nf_register_net_hook and nf_unregister_net_hook functions as follows:然后更正nf_register_net_hook和nf_unregister_net_hook函数如下:
nf_register_net_hook(&init_net, &nfho);
nf_unregister_net_hook(&init_net, &nfho);
My final code is shown as follows:我的最终代码如下所示:
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/ip.h>
#include <net/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
static struct nf_hook_ops *nfho = NULL;
unsigned int hook_func(void *priv, struct sk_buff *skb, const struct nf_hook_state *state)
{
printk(KERN_INFO "hook\n");
return NF_DROP;
}
static int __init pcap_init(void)
{
nfho = (struct nf_hook_ops*) kcalloc(1, sizeof(struct nf_hook_ops), GFP_KERNEL);
nfho->hook = (nf_hookfn*) hook_func;
nfho->hooknum = NF_INET_PRE_ROUTING;
nfho->pf = PF_INET;
nfho->priority = NF_IP_PRI_FIRST;
nf_register_net_hook(&init_net, nfho);
return 0;
}
static void __exit pcap_exit(void)
{
nf_unregister_net_hook(&init_net, nfho);
kfree(nfho);
}
module_init(pcap_init);
module_exit(pcap_exit);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.