Fatal编程技术网
  • c/
  • C iptables扩展模块给出的参数无效

C iptables扩展模块给出的参数无效

c linux kernel

C iptables扩展模块给出的参数无效,c,linux,kernel,iptables,C,Linux,Kernel,Iptables,我安装了一个iptables模块来匹配Modbus协议,编译运行良好,我用insmod命令集成了.ko模块,现在当我键入iptables-m Modbus时,直到现在一切都很好,但是当我尝试执行iptables过滤器时,它不起作用 aa@ubuntu:~$ sudo iptables -A INPUT -p tcp -m modbus --unitid 11 iptables: Invalid argument. Run `dmesg' for more information. aa@ubu

我安装了一个iptables模块来匹配Modbus协议,编译运行良好,我用insmod命令集成了.ko模块,现在当我键入iptables-m Modbus时,直到现在一切都很好,但是当我尝试执行iptables过滤器时,它不起作用

aa@ubuntu:~$ sudo iptables -A INPUT -p tcp -m modbus --unitid  11
iptables: Invalid argument. Run `dmesg' for more information.
aa@ubuntu:~$ dmesg
[ 3692.909462] ip_tables: modbus match: invalid size 0 != 40
我认为这是我代码的match函数中的一个问题,我进行了检查,但我无法找出问题所在,我只是在匹配中验证了我的数据包的TCP头:

/* 
Triggers when a packet comes in matching the register match 
*/

static int match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const void *matchinfo,int offset,
      const void *hdr, u_int16_t datalen,
      int *hotdrop)
{

  const struct iphdr *iph;
  const struct tcphdr *tcph;
  u_int8_t tcplen;

  /* Examine the TCP header, which is 32 bytes after the IP
     header.  "hdr" points to just after IP header */
  const struct modbus_tcp *modbus;
  const struct ipt_modbus *modbusinfo = matchinfo;
  const struct modbus_data *data;

  iph = ip_hdr(skb);

  tcph = (void *)iph + iph->ihl*4;

  /* TCP header length caluculation*/
  tcplen = tcph->doff*4;

  /* Match our structure to the data part */
  modbus = hdr+tcplen;

  /* If length is less then the total of IP and TCP header, that
     should be part of three way handshake .. allow it */
  if (ntohs(iph->tot_len) == 20+tcplen) {
    if(modbusinfo->allow_tcp == 1)
      return 1;
    else
      return 0;
  }

  else
    {

  /* Return the "OR"s of all the parameters given.  If any
     of the given parameters is true, the whole thing is true */       

      return (func_code_check(modbusinfo->funccode_flags,(modbus->modbus_d).func_code, modbusinfo->func_code[0],modbusinfo->func_code[1], modbusinfo->invflags_funccode) || unitid_check(modbusinfo->unitid_flags,(modbus->modbus_d).unit_id, modbusinfo->unit_id,modbusinfo->invflags_unitid) || refnum_check(modbusinfo->refnum_flags,(modbus->modbus_d).ref_num, modbusinfo->ref_num,modbusinfo->invflags_refnum) || length_check(modbusinfo->length_flags,(modbus->modbus_h).length, modbusinfo->length[0],modbusinfo->length[1], modbusinfo->invflags_length));

    }
}
注册匹配模块的代码是什么?这个函数没有问题。只是一个简单的insmod xt_modbus.ko这是我复制函数的代码:不,我的意思是,在内核模块中,你是如何注册这个匹配的?比如代码xt_register_match(…)或其他什么?xt_register_match(&modbus_match);