C iptables扩展模块给出的参数无效
我安装了一个iptables模块来匹配Modbus协议,编译运行良好,我用insmod命令集成了.ko模块,现在当我键入iptables-m Modbus时,直到现在一切都很好,但是当我尝试执行iptables过滤器时,它不起作用C iptables扩展模块给出的参数无效,c,linux,kernel,iptables,C,Linux,Kernel,Iptables,我安装了一个iptables模块来匹配Modbus协议,编译运行良好,我用insmod命令集成了.ko模块,现在当我键入iptables-m Modbus时,直到现在一切都很好,但是当我尝试执行iptables过滤器时,它不起作用 aa@ubuntu:~$ sudo iptables -A INPUT -p tcp -m modbus --unitid 11 iptables: Invalid argument. Run `dmesg' for more information. aa@ubu
aa@ubuntu:~$ sudo iptables -A INPUT -p tcp -m modbus --unitid 11
iptables: Invalid argument. Run `dmesg' for more information.
aa@ubuntu:~$ dmesg
[ 3692.909462] ip_tables: modbus match: invalid size 0 != 40
我认为这是我代码的match函数中的一个问题,我进行了检查,但我无法找出问题所在,我只是在匹配中验证了我的数据包的TCP头:
/*
Triggers when a packet comes in matching the register match
*/
static int match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,int offset,
const void *hdr, u_int16_t datalen,
int *hotdrop)
{
const struct iphdr *iph;
const struct tcphdr *tcph;
u_int8_t tcplen;
/* Examine the TCP header, which is 32 bytes after the IP
header. "hdr" points to just after IP header */
const struct modbus_tcp *modbus;
const struct ipt_modbus *modbusinfo = matchinfo;
const struct modbus_data *data;
iph = ip_hdr(skb);
tcph = (void *)iph + iph->ihl*4;
/* TCP header length caluculation*/
tcplen = tcph->doff*4;
/* Match our structure to the data part */
modbus = hdr+tcplen;
/* If length is less then the total of IP and TCP header, that
should be part of three way handshake .. allow it */
if (ntohs(iph->tot_len) == 20+tcplen) {
if(modbusinfo->allow_tcp == 1)
return 1;
else
return 0;
}
else
{
/* Return the "OR"s of all the parameters given. If any
of the given parameters is true, the whole thing is true */
return (func_code_check(modbusinfo->funccode_flags,(modbus->modbus_d).func_code, modbusinfo->func_code[0],modbusinfo->func_code[1], modbusinfo->invflags_funccode) || unitid_check(modbusinfo->unitid_flags,(modbus->modbus_d).unit_id, modbusinfo->unit_id,modbusinfo->invflags_unitid) || refnum_check(modbusinfo->refnum_flags,(modbus->modbus_d).ref_num, modbusinfo->ref_num,modbusinfo->invflags_refnum) || length_check(modbusinfo->length_flags,(modbus->modbus_h).length, modbusinfo->length[0],modbusinfo->length[1], modbusinfo->invflags_length));
}
}
注册匹配模块的代码是什么?这个函数没有问题。只是一个简单的insmod xt_modbus.ko这是我复制函数的代码:不,我的意思是,在内核模块中,你是如何注册这个匹配的?比如代码xt_register_match(…)或其他什么?xt_register_match(&modbus_match);