On Sun, May 17, 2009 at 9:43 PM, Bartek Dolewski <doles2@xxxxxxxxx> wrote:
> Thanks guys for help. Now I`ve rewrited whole code based on
> xt_iprange.c file from net/netfilter/
> There is still some error messages, which does not provide me any
> usefull information. For example
> this is my file xt_ipaddr.c:
>
> /*********START******************/
> #include <linux/module.h>
> #include <linux/init.h>
> #include <linux/kernel.h>
> #include <linux/netfilter.h>
> #include <linux/inet.h>
> #include <linux/ip.h>
> #include <linux/ipv6.h>
> #include <linux/netfilter/x_tables.h>
> #include <linux/netfilter/xt_ipaddr.h>
> #include <net/dsfield.h>
> #include <linux/skbuff.h>
>
>
> static bool ipaddr_mt_check(const struct xt_mtchk_param *par)
> {
> const struct xt_ipaddr_mtinfo* info = par->matchinfo;
>
> printk(KERN_INFO "xt_ipaddr: Added a rule with -m ipaddr in"
> "the %s table; this rule is reachable through"
> "hooks 0x%x\n",
> par->table, par->hook_mask);
>
> if( !(info->flags & (XT_IPADDR_SRC | XT_IPADDR_DST))) {
> printk(KERN_INFO "xt_ipaddr: testing for nothing\n");
> return false;
> }
>
> if(ntohl(info->src.ip) == 0xDEADBEEF) {
> printk(KERN_INFO "xt_ipaddr: I just thought I do not"
> "wanto to let you match on 222.173.190.239\n");
> return false;
> }
>
> }
>
> static void ipaddr_mt_destroy( const struct xt_match_param *par, void
> *matchinfo)
> {
> const struct xt_ipaddr_mtinfo *info = par->matchinfo;
> printk(KERN_INFO "Test for address %081X removed\n", info->src.ip);
> }
>
> static bool ipaddr_mt4(const struct sk_buff* skb, const struct
> xt_match_param *par)
> {
> const struct xt_ipadr_mtinfo* info = par->matchinfo;
> const struct iphdr* iph = ip_hdr(skb);
>
> printk(KERN_INFO
> "xt_ipaddr: IN=%s OUT=%s"
> "SRC=" NIPQUAD_FMT " DST=" NIPQUAD_FMT "\n",
> (par->in != NULL) ? par->in->name : "",
> (par->out != NULL) ? par->out->name : "",
> NIPQUAD(iph->saddr), NIPQUAD(iph->daddr),
> NIPQUAD(info->src), NIPQUAD(info->dst));
>
> if(info->flags & XT_IPADDR_SRC)
> if( (iph->saddr != info->src.ip) ^ !!(info->flags & XT_IPADDR_SRC_INV) )
> {
> printk(KERN_NOTICE "src IP - no match\n");
> return false;
> }
>
> if(info->flags & XT_IPADDR_DST)
> if( (iph->daddr != info->dst.ip) ^ !!(info->flags & XT_IPADDR_DST_INV) )
> {
> printk(KERN_NOTICE "dst IP - no match\n");
> return false;
> }
> return true;
>
> }
>
> static bool ipaddr_mt6(const struct sk_buff* skb, const struct
> xt_match_param *par)
> {
> const struct xt_ipadr_mtinfo *info = par->matchinfo;
> const struct ipv6hdr* iph = ipv6_hdr(skb);
>
> printk(KERN_INFO
> "xt_ipaddr: IN=%s OUT=%s"
> "SRC=" NIPQUAD_FMT " DST=" NIPQUAD_FMT "\n",
> (par->in != NULL) ? par->in->name : "",
> (par->out != NULL) ? par->out->name : "",
> NIPQUAD(iph->saddr), NIPQUAD(iph->daddr),
> NIPQUAD(info->src), NIPQUAD(info->dst));
>
> if(info->flags & XT_IPADDR_SRC)
> if((ipv6_addr_cmp(&iph->saddr, &info->src.in6) != 0) ^
> !!(info->flags & XT_IPADDR_SRC_INV) )
> {
> printk(KERN_NOTICE "src IP - no match\n");
> return false;
> }
>
> if(info->flags & XT_IPADDR_DST)
> if((ipv6_addr_cmp(&iph->daddr, &info->dst.in6) != 0) ^
> !!(info->flags & XT_IPADDR_DST_INV) )
> {
> printk(KERN_NOTICE "drc IP - no match\n");
> return false;
> }
> return true;
>
> }
>
> static struct xt_match ipaddr_mt_reg[] __read_mostly = {
> {
> .name = "ipaddr",
> .revision = 0,
> .family = NFPROTO_IPV4,
> .match = ipaddr_mt4,
> .checkentry = ipaddr_mt_check,
> .destroy = ipaddr_mt_destroy,
> .matchsize = XT_ALIGN(sizeof(struct xt_ipaddr_mtinfo)),
> .me = THIS_MODULE,
> },
>
> {
> .name = "ipaddr",
> .revision = 0,
> .family = NFPROTO_IPV6,
> .match = ipaddr_mt6,
> .matchsize = XT_ALIGN(sizeof(struct xt_ipaddr_mtinfo)),
> .me = THIS_MODULE,
> },
> };
>
> static int __init ipaddr_mt_init(void)
> {
> return xt_register_matches(ipaddr_mt_reg, ARRAY_SIZE(ipaddr_mt_reg));
> }
>
> static void __exit ipaddr_mt_exit(void)
> {
> xt_unregister_matches(ipaddr_mt_reg, ARRAY_SIZE(ipaddr_mt_reg));
> }
>
> module_init(ipaddr_mt_init);
> module_exit(ipaddr_mt_exit);
> MODULE_LICENSE("GPL");
> MODULE_AUTHOR("Bartosz Dolewski <doles2@xxxxxxxxx>");
> MODULE_DESCRIPTION("Xtables: catch selected IP address");
> MODULE_ALIAS("xt_ipaddr");
> MODULE_ALIAS("xt_ipaddr");
> /*********************END************************/
>
> When type make net/netfilter there is plenty of errors:
>
> net/netfilter/xt_ipaddr.c: In function 'ipaddr_mt4':
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:53: warning: too many arguments for format
> net/netfilter/xt_ipaddr.c:55: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:56: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:56: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:62: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:63: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:63: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c: In function 'ipaddr_mt6':
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:83: warning: too many arguments for format
> net/netfilter/xt_ipaddr.c:85: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:86: error: implicit declaration of function
> 'ipv6_addr_cmp'
> net/netfilter/xt_ipaddr.c:86: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:86: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:92: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:93: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c:93: error: dereferencing pointer to incomplete type
> net/netfilter/xt_ipaddr.c: At top level:
> net/netfilter/xt_ipaddr.c:109: warning: initialization from
> incompatible pointer type
> make[1]: *** [net/netfilter/xt_ipaddr.o] Error 1
> make: *** [net/netfilter/] Error 2
>
> Here are lines 53, 56, 62, 63, 83 86 93:
> 53: NIPQUAD(info->src), NIPQUAD(info->dst));
> 56: if( (iph->saddr != info->src.ip) ^ !!(info->flags & XT_IPADDR_SRC_INV) )
> 63: if( (iph->daddr != info->dst.ip) ^ !!(info->flags & XT_IPADDR_DST_INV) )
> 83: NIPQUAD(info->src), NIPQUAD(info->dst));
> 86: if((ipv6_addr_cmp(&iph->saddr, &info->src.in6) != 0) ^
> !!(info->flags & XT_IPADDR_SRC_INV) )
> 93: if((ipv6_addr_cmp(&iph->daddr, &info->dst.in6) != 0) ^
> !!(info->flags & XT_IPADDR_DST_INV) )
>
> Why those structures are "incomplete" ? Did I forget to include some
> headers ? And what is NIPQUAD() macro ?
Probably yes. Compiler does not know what is the type of the structure
? So perhaps you need to give it proper header files or
do a forward declaration to be safe.
Also NIPQUAD is there to convert an IP address to usual format of aa.bb.cc.dd .
HTH
Thanks,
> I was looking in Google, but there`s no answer, I was looking in linux
> code too but, heh I like to play with code, generally i like kernel
> programming but it seems that code doesn`t like me :/
>
> W dniu 22 kwietnia 2009 10:49 użytkownik pradeep singh
> <pradeep.rautela@xxxxxxxxx> napisał:
>> On Wed, Apr 22, 2009 at 12:55 PM, Vishal Thanki <vishalthanki@xxxxxxxxx> wrote:
>>> There should not be "st_mtdtor" in line 102, it should be "xt_mtdtor" (i
>>> think). Apart from there, I suggest you use proper typecast when you
>>> dereferenct void *. For example, in line 80, you should assign
>>> "par->matchinfo" to "info" with proper typecasting (of type struct
>>> xt_ipaddr_mtinfo *). Hope that helps.
>>
>> It should work just fine without explicit typecasting here.
>> Assignment will take care of it.
>>
>> Rest as Vishal suggested you should change the st_mtdtor to xtmtdtor.
>> Also make sure that all the header files needed are included as
>> incomplete type messages sometimes
>> are a result of not including proper header files.
>>
>> Thanks,
>> --Pradeep
>>>
>>> Vishal
>>> Bartek Dolewski wrote:
>>>>
>>>> Hi there,
>>>> I guess this is more "c programming trouble" than kernel code but
>>>> maybe I`m wrong.
>>>> I`ve started with Netfilter/Xtables stuff so I write below code using
>>>> some resources. When I type "make" I can see these error messages:
>>>>
>>>> LD /media/ubuntu/home/bartek/Moduły/iptables/built-in.o
>>>> CC [M] /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.o
>>>> In file included from
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:1:
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.h:32: warning:
>>>> 'struct xt_mtdtor' declared inside parameter list
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.h:32: warning: its
>>>> scope is only this definition or declaration, which is probably not
>>>> what you want
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:13: warning:
>>>> initialization from incompatible pointer type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c: In function
>>>> 'ipaddr_mt':
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:59: warning: too
>>>> many arguments for format
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:61: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:62: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:62: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:68: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:69: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:69: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c: In function
>>>> 'ipaddr_mt_check':
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:87: error:
>>>> expected ')' before '{' token
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:98: error:
>>>> expected expression before '}' token
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c: At top level:
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:100: warning:
>>>> 'struct st_mtdtor' declared inside parameter list
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:100: error:
>>>> conflicting types for 'ipaddr_mt_destroy'
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.h:32: error:
>>>> previous declaration of 'ipaddr_mt_destroy' washere
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c: In function
>>>> 'ipaddr_mt_destroy':
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:102: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c: In function
>>>> 'ipaddr_mt6':
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:119: warning:
>>>> too many arguments for format
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:121: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:122: error:
>>>> implicit declaration of function 'ipv6_addr_cmp'
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:122: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:122: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:128: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:129: error:
>>>> dereferencing pointer to incomplete type
>>>> /media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.c:129: error:
>>>> dereferencing pointer to incomplete type
>>>> make[2]: *** [/media/ubuntu/home/bartek/Moduły/iptables/xt_ipaddr.o] Error
>>>> 1
>>>> make[1]: *** [_module_/media/ubuntu/home/bartek/Moduły/iptables] Error 2
>>>> make[1]: Leaving directory `/usr/src/linux-2.6.28-gentoo-r4'
>>>> make: *** [all] Error 2
>>>>
>>>> In my opinion everything is ok with code, i just can`t find any bugs.
>>>> There is my source code
>>>> /********* xt_ipaddr.c **********/
>>>> #include "xt_ipaddr.h"
>>>>
>>>> /*MODULE_LICENSE("GPL"); */
>>>>
>>>>
>>>>
>>>> static struct xt_match ipaddr_mt4_reg = {
>>>> .name = "ipaddr",
>>>> .revision = 0,
>>>> .family = NFPROTO_IPV4,
>>>> .match = ipaddr_mt,
>>>> .checkentry = ipaddr_mt_check,
>>>> .destroy = ipaddr_mt_destroy,
>>>> .matchsize = XT_ALIGN(sizeof(struct
>>>> xt_ipaddr_mtinfo)),
>>>> .me = THIS_MODULE,
>>>> };
>>>>
>>>> static struct xt_match ipaddr_mt6_reg = {
>>>> .name = "ipaddr",
>>>> .revision = 0,
>>>> .family = NFPROTO_IPV6,
>>>> .match = ipaddr_mt6,
>>>> .matchsize = XT_ALIGN(sizeof(struct
>>>> xt_ipaddr_mtinfo)),
>>>> .me = THIS_MODULE,
>>>> };
>>>>
>>>> static int __init ipaddr_mt_init(void)
>>>> {
>>>> int ret;
>>>> ret = xt_register_match(&ipaddr_mt4_reg);
>>>> if(ret < 0)
>>>> return ret;
>>>>
>>>> ret = xt_register_match(&ipaddr_mt6_reg);
>>>> if(ret < 0) {
>>>> xt_unregister_match(&ipaddr_mt4_reg);
>>>> return ret;
>>>> }
>>>> return 0;
>>>> }
>>>>
>>>> static void __exit ipaddr_mt_exit(void)
>>>> {
>>>> xt_unregister_match(&ipaddr_mt4_reg);
>>>> }
>>>>
>>>> static bool ipaddr_mt(const struct sk_buff* skb,
>>>> const struct xt_match_param* par)
>>>> {
>>>> const struct xt_ipadr_mtinfo* info = par->matchinfo;
>>>> const struct iphdr* iph = ip_hdr(skb);
>>>>
>>>> printk(KERN_INFO
>>>> "xt_ipaddr: IN=%s OUT=%s"
>>>> "SRC=" NIPQUAD_FMT " DST=" NIPQUAD_FMT "\n",
>>>> (par->in != NULL) ? par->in->name : "",
>>>> (par->out != NULL) ? par->out->name : "",
>>>> NIPQUAD(iph->saddr), NIPQUAD(iph->daddr),
>>>> NIPQUAD(info->src), NIPQUAD(info->dst));
>>>>
>>>> if(info->flags & XT_IPADDR_SRC)
>>>> if( (iph->saddr != info->src.ip) ^ !!(info->flags &
>>>> XT_IPADDR_SRC_INV) )
>>>> {
>>>> printk(KERN_NOTICE "src IP - no match\n");
>>>> return false;
>>>> }
>>>>
>>>> if(info->flags & XT_IPADDR_DST)
>>>> if( (iph->daddr != info->dst.ip) ^ !!(info->flags &
>>>> XT_IPADDR_DST_INV) )
>>>> {
>>>> printk(KERN_NOTICE "dst IP - no match\n");
>>>> return false;
>>>> }
>>>> return true;
>>>>
>>>> }
>>>>
>>>> static bool ipaddr_mt_check(const struct xt_mtchk_param* par)
>>>> {
>>>> const struct xt_ipaddr_mtinfo* info = par->matchinfo;
>>>>
>>>> printk(KERN_INFO "xt_ipaddr: Added a rule with -m ipaddr in"
>>>> "the %s table; this rule is reachable through"
>>>> "hooks 0x%x\n",
>>>> par->table, par->hook_mask);
>>>>
>>>> if( !(info->flags & (XT_IPADDR_SRC | XT_IPADDR_DST) ) {
>>>> printk(KERN_INFO "xt_ipaddr: testing for
>>>> nothing\n");
>>>> return false;
>>>> }
>>>>
>>>> if(ntohl(info->src.ip) == 0xDEADBEEF) {
>>>> printk(KERN_INFO "xt_ipaddr: I just thought I do not"
>>>> "wanto to let you match on
>>>> 222.173.190.239\n");
>>>> return false;
>>>> }
>>>>
>>>> }
>>>>
>>>> static void ipaddr_mt_destroy(const struct st_mtdtor *par)
>>>> {
>>>> const struct xt_ipaddr_mtinfo *info = par->matchinfo;
>>>> printk(KERN_INFO "Test for address %081X removed\n", info->src.ip);
>>>> }
>>>>
>>>> /* here are routines for IPv6 */
>>>>
>>>> static bool ipaddr_mt6(const struct sk_buff* skb, const struct
>>>> xt_match_param* par)
>>>> {
>>>> const struct xt_ipadr_mtinfo *info = par->matchinfo;
>>>> const struct ipv6hdr* iph = ipv6_hdr(skb);
>>>>
>>>> printk(KERN_INFO
>>>> "xt_ipaddr: IN=%s OUT=%s"
>>>> "SRC=" NIPQUAD_FMT " DST=" NIPQUAD_FMT "\n",
>>>> (par->in != NULL) ? par->in->name : "",
>>>> (par->out != NULL) ? par->out->name : "",
>>>> NIPQUAD(iph->saddr), NIPQUAD(iph->daddr),
>>>> NIPQUAD(info->src), NIPQUAD(info->dst));
>>>>
>>>> if(info->flags & XT_IPADDR_SRC)
>>>> if((ipv6_addr_cmp(&iph->saddr, &info->src.in6) != 0) ^
>>>> !!(info->flags & XT_IPADDR_SRC_INV) )
>>>> {
>>>> printk(KERN_NOTICE "src IP - no match\n");
>>>> return false;
>>>> }
>>>>
>>>> if(info->flags & XT_IPADDR_DST)
>>>> if((ipv6_addr_cmp(&iph->daddr, &info->dst.in6) != 0) ^
>>>> !!(info->flags & XT_IPADDR_DST_INV) )
>>>> {
>>>> printk(KERN_NOTICE "drc IP - no match\n");
>>>> return false;
>>>> }
>>>> return true;
>>>>
>>>> }
>>>>
>>>> module_init(ipaddr_mt_init);
>>>> module_exit(ipaddr_mt_exit);
>>>>
>>>> /********** xt_ipaddr.h *************/
>>>> #ifndef _LINUX_NETFILTER_XT_IPADDR_H
>>>> #define _LINUX_NETFILTER_XT_IPADDR_H
>>>>
>>>> #include <linux/module.h>
>>>> #include <linux/init.h>
>>>> #include <linux/kernel.h>
>>>> #include <linux/netfilter.h>
>>>> #include <linux/inet.h>
>>>> #include <linux/ip.h>
>>>> #include <linux/ipv6.h>
>>>> #include <linux/netfilter/x_tables.h>
>>>> #include <net/dsfield.h>
>>>> #include <linux/skbuff.h>
>>>>
>>>>
>>>>
>>>> enum {
>>>> XT_IPADDR_SRC = 1 << 0,
>>>> XT_IPADDR_DST = 1 << 1,
>>>> XT_IPADDR_SRC_INV = 1 << 2,
>>>> XT_IPADDR_DST_INV = 1 << 3,
>>>> };
>>>>
>>>> struct xt_ipaddr_mtinfo {
>>>> union nf_inet_addr src, dst;
>>>> __u8 flags;
>>>> };
>>>>
>>>> /*declarations of functions */
>>>> static bool ipaddr_mt(const struct sk_buff* skb, const struct
>>>> xt_match_param* par);
>>>> static bool ipaddr_mt_check(const struct xt_mtchk_param* par);
>>>> static void ipaddr_mt_destroy(const struct xt_mtdtor* par);
>>>>
>>>> /* IPv6 */
>>>> static bool ipaddr_mt6(const struct sk_buff* skb, const struct
>>>> xt_match_param* par);
>>>>
>>>> #endif /* _LINUX_NETFILTER_XT_IPADDR_H */
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list: send an email with
>>> "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
>>> Please read the FAQ at http://kernelnewbies.org/FAQ
>>>
>>>
>>
>>
>>
>> --
>> Pradeep
>>
>
>
>
> --
> -----BEGIN GEEK CODE BLOCK-----
> GCS d- s:- a--- C+++ P L+++>+++++ E---- W+ N+ o? K- w--- O- M-
> V? PS++ PE++ Y PGP++ t--- 5? X R tv-- b+ DI+ D- G++ e- h!
> !r(--) !z+
> ------END GEEK CODE BLOCK------
>
--
Pradeep
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
