[问题求助]实在没办法了才来求救一下的（关于iptables的问题） [复制链接]

我写了一个ipta.bles模块.，但是在执行的时候出现如下情况，实在不知道是为什么了：外贸
问题：
#iptables -I FORWARD . -m httpmethod --httpm.ethod GET -j TREND_MICRO健康

iptables v1.4.0: Couldn't load match `httpmethod'null)http://upload.bbs.csuboy.com/Mon_1004/126_6943_893987e7a18c182.gif[/img][成人用品]

Try `iptables -.h' or 'ip.tables --help' for more information..


我的程序文件如下：
文件目录： \build\iptables-1.4..0\exten.sions服务器
文件名称： libipt_httpmethod..c              乙肝

/* Sha.red library add-on to iptables to add. string matching support. --- 印刷
*
* Copyright (C) 2000 Emmanuel Roger  <winfie.ld@freega.tes.be>           鲜花
*
* ChangeLog
*     27.01.2001: Gi.anni Tedesco <gianni@ecs.c.co.uk>教育
*             Change.d --tos. to --string in save(). Also.
*             updated. to work. with slightly modified投资
*             .ipt._httpmethod_info.            杀毒
*/
#include <stdio..h>.
#i.nclude <netdb.h>           建材
#in.clude <string.h>--- 印刷
#i.nclude <stdlib.h>.
#include .<getopt.h>.
#include <ctype..h>.

#include <ipt.ables.h>.
#include <linux/netfil.t.er_ipv4/ip_tables.h>    美容
#i.nclude <linux/netfilter._ipv4/ipt_httpMETHOD.h><性病>

/* Funct.io.n which prints out usage message. */.
    .static void教育
help(void)
{
    printf(
            "Http me.thod match v%s options:\n\n."投资
            "--httpmethod [!] httpmethod  . M.atch method in a .http packet\n\n",.
          .  IPTABL.ES_VERSION);           鲜花
}

static struct option. opt.s[] = {             汽车
    { "httpmeth.od.", 1, 0, '1' },
    {0}
};
    
/* Function which pars.es command options; retur.ns true if it           女人
   ate an .option */(        游戏          )
static int
parse(int. c, char **argv, in.t invert, unsigned int *flags,(        游戏          )
                     . const void *entry, struct xt_entry_target **.target)            杀毒

{
    struct ipt_httpmet.hod_info *httpmeth.odinfo = .(struct ipt_httpmethod_info *)(*target)->data;电脑
              .          .        .
        if (.check_i.nverse(optarg, &invert, &optind, 0))            杀毒
                exit_error(.PARAMETER._PROBLEM,--- 印刷
                                "HTTPMETHOD: unexpected `!'";http://upload.bbs.csuboy.com/Mon_1004/126_6943_94b8e503d334f2e.gif[/img].
  .                      .        学习
    switch (c.) {    健康
    .    case '1':  .
                    printf("parse :after parse_string\n";http://upload.bbs.csuboy.com/Mon_1004/126_6943_94b8e503d334f2e.gif[/img]<性病>
            i.f (invert)           建材
                h.ttpmet.hodinfo->invert = 1;--------------彩票
            httpmet.hodinfo->len = strlen((ch.ar *)&httpmethodinfo->string);教育
        .    *flags = 1;外贸
     .       break;--------------彩票

   .     default:           建材
           . return 0;             电子
    }
    return 1;
}

/* Final check; must have specif..ied --string. */教育
   . static void投资
final._check(unsigned i.nt flags).
{
    if (!f.lags)             电子
        exit_.error(PARAMETER_.PROBLEM,.
                "http method match: You must specify `--httpmethod'";http://upload.bbs.csuboy.com/Mon_1004/126_6943_94b8e503d334f2e.gif[/img]    外汇
}

/* P.rints out the. matchinfo. */服务器
static v.oid print(const void *ip, con.s.t struct xt_entry_match *match, int numeric)        .
{
    printf("http method match ";http://upload.bbs.csuboy.com/Mon_1004/126_6943_94b8e503d334f2e.gif[/img].
}

/* Saves t.he union ip.t_matchinfo in parsable form to stdout. */          婚庆
static void save(const void *ip, const struct xt_entry_matc..h *match)             汽车
{
    printf("--httpmethod ";http://upload.bbs.csuboy.com/Mon_1004/126_6943_94b8e503d334f2e.gif[/img](        游戏          )
}


static
str.uct iptables_target httpmethod.学习

= {
    .    .na.me                = "httpmethod",域名
        .ver.sion = IPTABLES_VERSIO.N,.
      . . .size                = IPT_ALIG.N(sizeof(struct ipt_httpmethod_info)),投资
        .userspacesize   .     .= IPT_ALIGN(sizeof(stru.ct ipt_httpmethod_info)),             电子
  .      ..help                = help,           鲜花
      .  .parse      .          = parse,    健康
   .     .f.inal_check        = final_check,    美容
      .  .extra_opts        = opt.s--------------彩票
};

void _in.it(void)(        游戏          )
{    
    reg.ister_target(&httpmethod).;域名
      
}

先谢谢大侠了，为什么这个httpmethod模块添加的时候说是.空的呢？. 外贸
不知道还需要.做什么！以前在1.2.8里面是可以的，现在移到1.4.0里做了相应修改变形成现.在这样就不行了。郁闷！.

我的libipt_httpmethod.so也已经连接到了，为什么还说我的module没有load成功了？请帮忙了！

modprobe下你的模块

大哥能说一下具体怎么做吗！？

命令行下执行modprobe httpmethod试试

QUOTE:原帖由 heizi_liu 于 2008-12-18 08:56 发表
我写了一个iptables模块，但是在执行的时候出现如下情况，实在不知道是为什么了：
问题：
#iptables -I FORWARD  -m httpmethod --httpmethod GET -j TREND_MICRO

iptables v1.4.0: Couldn't load match  ...

你是.c的源代码要编译成.o或.ko模块文件后再加载！

在iptables 1.4.0里面我编出来的就两个文件，一个是libipt_httpmethod_sh.o , 一个叫libipt_httpmethod.so.
我发现这个1.2.8完全不一样的做法，我不知道应该怎么确认为是否需要加入这个模块！还有别的方法吗！谢谢了

[ 本帖最后由 heizi_liu 于 2008-12-18 10:09 编辑 ]

你的模块没有添加上
Couldn't load match `httpmethod'null
你的编译过程时候有问题
将编译过程放上了看看

我把代码改成现在的这样子：
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
#include <ctype.h>

#include <iptables.h>
#include "ipt_httpmethod.h"

/* Function which prints out usage message. */
    static void
help(void)
{
    printf(
            "Http method match v%s options:\n"
            "--httpmethod [!] httpmethod             Match method in a http packet\n",
            IPTABLES_VERSION);

}

static struct option opts[] = {
    { "httpmethod", 1, 0, '1' },
    {0}
};

    static void
parse_string(const unsigned char *s, struct ipt_httpmethod_info *info)
{        
        info->string[0] = 'g';
}

/* Function which parses command options; returns true if it
   ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
        const struct ipt_entry *entry,
        unsigned int *nfcache,
        struct ipt_entry_match **match)
{
    struct ipt_httpmethod_info *httpmethodinfo = (struct ipt_httpmethod_info *)(*match)->data;

    switch (c) {
        case '1':
            check_inverse(optarg, &invert, &optind, 0);
            parse_string(argv[optind-1], httpmethodinfo);
            if (invert)
                httpmethodinfo->invert = 1;
            httpmethodinfo->len = strlen((char *)&httpmethodinfo->string);
            *flags = 1;
            break;

        default:
            return 0;
    }
    return 1;
}

    static void
print_string(char string[], int invert, int numeric)
{

    if (invert)
        fputc('!', stdout);
    printf("%s ",string);
}

/* Final check; must have specified --string. */
    static void
final_check(unsigned int flags)
{
    if (!flags)
        exit_error(PARAMETER_PROBLEM,
                "http method match: You must specify `--httpmethod'");
}

/* Prints out the matchinfo. */
static void
print(const struct ipt_ip *ip,
        const struct ipt_entry_match *match,
        int numeric)
{
    printf("http method match ");
    print_string(((struct ipt_httpmethod_info *)match->data)->string,
            ((struct ipt_httpmethod_info *)match->data)->invert, numeric);
}

/* Saves the union ipt_matchinfo in parsable form to stdout. */
    static void
save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
    printf("--httpmethod ");
    print_string(((struct ipt_httpmethod_info *)match->data)->string,
            ((struct ipt_httpmethod_info *)match->data)->invert, 0);
}

static
struct iptables_match httpmethod
= {
    .name          = "httpmethod",
    .version       = IPTABLES_VERSION,
    .size          = IPT_ALIGN(sizeof(struct ipt_httpmethod_info)),
    .userspacesize = IPT_ALIGN(sizeof(struct ipt_httpmethod_info)),
    .help          = help,
    .parse         = parse,
    .print         = print,
    .save          = save,
    .extra_opts    = opts
};

void _init(void)
{
    register_match(&httpmethod);
}



编译信息：
de -I/home/heizi/rv200w/src/linux//kernel_2.6/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.4.0\"  -fPIC -o extensions/libipt_httpmethod_sh.o -c extensions/libipt_httpmethod.c
extensions/libipt_httpmethod.c: In function 'parse':
extensions/libipt_httpmethod.c:46: warning: pointer targets in passing argument 1 of 'parse_string' differ in signedness
extensions/libipt_httpmethod.c: At top level:
extensions/libipt_httpmethod.c:105: warning: initialization from incompatible pointer type
extensions/libipt_httpmethod.c:106: warning: initialization from incompatible pointer type
extensions/libipt_httpmethod.c:107: warning: initialization from incompatible pointer type
extensions/libipt_httpmethod.c:71: warning: 'final_check' defined but not used
mips64-octeon-linux-gnu-gcc -shared -mabi=n32 -Os -fomit-frame-pointer -o extensions/libipt_httpmethod.so extensions/libipt_httpmethod_sh.o
mips64-octeon-linux-gnu-gcc -mabi=n32 -Os -fomit-frame-pointer -Wall -Wunused -I/home/heizi/rv200w/src/linux//kernel_2.6/linux/include -I/home/heizi/rv200w/src/linux//kernel_2.6/linux/inc

现在的问题是走到  info->string[0] = 'g'; 这一句就会出现Segmentation fault, 继续往上追的话发现是拿这个info这个结构的时候发现是空的了，我估计是这样！
帮看看是什么回事

static int
parse(int c, char **argv, int invert, unsigned int *flags,
        const struct ipt_entry *entry,
        unsigned int *nfcache,
        struct ipt_entry_match **match)
{
    struct ipt_httpmethod_info *httpmethodinfo = (struct ipt_httpmethod_info *)(*match)->data;

   //为什么我拿的这个httpmethodinfo 不能使用呢，使用的话就会出现Segmentation fault
    难道是我的netfilter里面的相应模块没有加成功吗！？？？
}

[ 本帖最后由 heizi_liu 于 2008-12-18 11:30 编辑 ]