实验防火墙代码编译出错,请大家帮忙看看,多谢了!

Dopilas

我想主要是头文件的顺序问题搞不定,就象hello模块的头文件必须把module.h方在kernel.h前一样.  
谁能告诉我该怎么做啊?本人将非常感激.
代码如下:


//mytestfirewall.c 阻止某个特定IP对我机器的ftp服务器的访问
#define MODULE
#include <linux/module.h>
#define __KERNEL__
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h>     /* For IP header */
#include <linux/tcp.h>    /* For TCP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

/* 用于注册函数的数据结构 */
static struct nf_hook_ops nfho;

/* 丢弃的数据包来自的地址，网络字节序 */
unsigned char *deny_ip = "\x7f\x00\x00\x01";  /* 127.0.0.1 */
static int check_ip_packet(struct sk_buff *skb)
{
        /* We don't want any NULL pointers in the chain to
         * the IP header. */
        if (!skb )return NF_ACCEPT;
        if (!(skb->nh.iph)) return NF_ACCEPT;
        if (skb->nh.iph->saddr == *(unsigned int *)deny_ip)
        {
                return NF_DROP;
        }
        return NF_ACCEPT;
}
/* 丢弃的数据包的目的端口，网络字节序 */
unsigned char *deny_port = "\x00\x50";   /* port 80 */
static int check_tcp_packet(struct sk_buff *skb)
{
        struct tcphdr *thead;
        /* We don't want any NULL pointers in the chain
         * to the IP header. */
        if (!skb ) return NF_ACCEPT;
        if (!(skb->nh.iph)) return NF_ACCEPT;
        /* Be sure this is a TCP packet first */
        if (skb->nh.iph->protocol != IPPROTO_TCP)
        {
                return NF_ACCEPT;
        }
        thead = (struct tcphdr *)(skb->data+(skb->nh.iph->ihl * 4));
        /* Now check the destination port */
        if ((thead->dest) == *(unsigned short *)deny_port)
        {
                return NF_DROP;
        }
        return NF_ACCEPT;
}


/* 注册的hook函数的实现 */
unsigned int hook_func(unsigned int hooknum,
                       struct sk_buff **skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *))
{
        struct sk_buff *sb = *skb;
        if((check_ip_packet(skb)==NF_ACCEPT)&&(check_tcp_packet(skb)==NF_ACCEPT))
        {
                return NF_ACCEPT;
        }
        else
        {
                printk("Dropped packet from... %d.%d.%d.%d\n",*deny_ip, *(deny_ip + 1),*(deny_ip + 2), *(deny_ip + 3));
                printk("Dropped packet's destination port is %d\n\n",*deny_port);
                return NF_DROP;
        }
}

/* 初始化程序 */
int init_module()
{
    /* 填充hook数据结构 */
    nfho.hook     = hook_func;         /* 处理函数 */
    nfho.hooknum  = NF_IP_PRE_ROUTING;  /* 使用IPv4的第一个hook */
    nfho.pf       = PF_INET;
    nfho.priority = NF_IP_PRI_FIRST;    /* 让函数首先执行 */

    nf_register_hook(&nfho);
    printk("加载成功!\n");

    return 0;
}

/* 清除程序 */
void cleanup_module()
{
    nf_unregister_hook(&nfho);
    printk("卸载成功!\n");
}:help :help :help

Dopilas

以下摘自/usr/src/linux/version.h,请问/boot/vmlinuz.version.h指什么啊?这步的意图是什么啊?令人郁闷的是/boot下没有vmlinuz.version.h
(我的是mandrake 9.2)

#error "To build kernel modules please do the following:"
#error ""
#error " o Have the kernel sources installed"
#error ""
#error " o Make sure that the symbolic link"
#error "   /lib/modules/`uname -r`/build exists and points to"
#error "   the matching kernel source directory"
#error ""                  ___________________
#error " o Now copy /boot/vmlinuz.version.h to"
                              -------------------------
#error "   /lib/modules/`uname -r`/build/include/linux/version.h"
#error ""
#error " o When compiling, make sure to use the following"
#error "   compiler option to use the correct include files:"
#error ""
#error "   -I/lib/modules/`uname -r`/build/include"
#error ""
#error "   instead of"
#error ""
#error "   -I/usr/include/linux"
#error ""
#error "   Please adjust the Makefile accordingly."
#error "======================================================="