Iptables extension loading error

All of lore.kernel.org
 help / color / mirror / Atom feed

From: John <jfastabe@up.edu>
To: netfilter-devel@lists.netfilter.org
Subject: Iptables extension loading error
Date: Wed, 25 Aug 2004 13:12:06 +0000	[thread overview]
Message-ID: <412C9026.6050703@up.edu> (raw)

I am having trouble getting an iptables extension to work. I compile the 
shared library with the commands,

$ gcc -02 -Wall -Wunused -I /root/iptables/include/ -fPIC -o 
libipt_CHANGEIP.o -c                   libipt_CHANGEIP.c

$ ld -shared -o libipt_CHANGEIP.so libipt_CHANGEIP.o

The above commands give no errors, but when I try to run iptables with 
my new target extension i get the following error.

$ iptables iptables -I INPUT -j CHANGEIP
iptables v1.2.9: Couldn't load target `CHANGEIP'

I know the module is loaded correctly because when I remove the module I 
get a different error and the shared library is also in the correct 
directory because when i move it i get a different error then this.  I 
am at a loss for what I should start to do to look for this error.  
Below is the code to my shared library and module.  If anyone could give 
me advice on where to start looking to fix this problem that would be 
greatly appreciated.  The system I am using is,

Linux nitbit 2.4.22-gentoo-r5 #4 SMP Tue Jan 20 01:33:31 UTC 2004 i686 
Intel(R) Celeron(R) CPU 2.30GHz GenuineIntel GNU/Linux

If more information is needed to help please let me know thank you for 
your time,
john

/* Shared library add-on to iptables to add CHANGEIP target support.
 */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
#include <netinet/in.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include "ipt_CHANGEIP.h"

#define NOCLOBBER 0
#define CLOBBER   1

/* Function that prints out usage message */
static void
help(void)
{
    printf(
     "ChangeIP target v \n"
     "     --dip     \tip \t\t Change destination IP\n"
     "     --sip     \tip \t\t Change source IP\n"
     "     --continue\t   \t\t Let packet continue traversal\n"
     "\n");
}

static struct option opts[] = {
    {"dip", 1, 0, '1' },
    {"sip", 1, 0, '2' },
    {"clobber",0,0,'3'},
    { 0 }
};

static void init
(struct ipt_entry_target *t , unsigned int *nfcache ){
    struct ipt_changeip_target_info *ipinfo =
               (struct ipt_changeip_target_info*)t->data;
    printf("hi\n");
    ipinfo->clobber = NOCLOBBER;
    ipinfo->dip = NULL;
    ipinfo->sip = NULL;

 }



static int parse(int c, char **argv, int invert,
         unsigned int *flags,
         const struct ipt_entry *entry,
         struct ipt_entry_target **target)
{          printf("hello\n");
    struct ipt_changeip_target_info *ipinfo =
                     (struct ipt_changeip_target_info *)(*target)->data;

    //if(entry->ip.proto != IPT_IP)
    //    exit_error(PARAMETER_PROBLEM, "Needs to be an ip packet");
    switch (c){
    case '1':
        if(*flags) exit_error(PARAMETER_PROBLEM,
            "Only one destination ip allowed");
        ipinfo->dip = optarg;
                //inet_aton(optarg, ipinfo->dip.s_addr );
        *flags =1;
            break;               
    case '2':
        if(*flags) exit_error(PARAMETER_PROBLEM,
              "Only one src ip allowed");
        ipinfo->sip = optarg;
                //inet_aton(optarg, ipinfo->sip.s_addr);
        *flags = 1;
        break;
    case '3':
         if(*flags) exit_error(PARAMETER_PROBLEM,
            "Syntax messed up");
        ipinfo->clobber = 1;
        break;

    default: return 0;
    }

    return 1;
}

static void final_check(unsigned int flags){
    if(!flags)
        exit_error(PARAMETER_PROBLEM,
            "Must have either source or destination ip to change");
   
}


static void print (const struct ipt_ip *ip,
           const struct ipt_entry_target *target,
           int numeric)
{
        printf("hello\n");
    const struct ipt_changeip_target_info *ipinfo
             = (const struct ipt_changeip_target_info *)target->data;
    printf("Changing IP");          
}

static void save(const struct ipt_ip *ip, const struct ipt_entry_target 
*target)
{

}

static struct iptables_target changeip = { NULL,
    "CHANGEIP",
    "1.2.9",
    IPT_ALIGN(sizeof(struct ipt_changeip_target_info) ),
    IPT_ALIGN(sizeof(struct ipt_changeip_target_info) ),
    &help,
    &init,
    &parse,
    &final_check,
    &print,
    &save,
    opts
};

void _init(void)
{
        printf("hello\n");
    register_target(&changeip);
}





//and finally the module code
#include <linux/module.h>
#include <linux/skbuff.h>
#include "ipt_CHANGEIP.h"
#include <linux/netfilter_ipv4/ip_tables.h>
        
          #include <linux/kernel.h>
          #include <linux/ip.h>                  /* For IP header */
          #include <linux/netfilter.h>
          #include <linux/netfilter_ipv4.h>

MODULE_AUTHOR("John Fastabend");
MODULE_DESCRIPTION("Changes ip addresses");
MODULE_LICENSE("GPL");


static unsigned int
ipt_changeip_target(struct sk_buff **pskb,
            unsigned int hooknum,
            const struct net_device *in,
            const struct net_device *out,
            const void *targinfo,
            void *userinfo)
{
    const struct ipt_changeip_target_info *ipinfo = targinfo;
        struct sk_buff *sb = *pskb;

    if(skb_cloned(*pskb) && !(*pskb)->sk){
        struct sk_buff *nskb 
                            = skb_copy(*pskb, GFP_ATOMIC);
        if(!pskb) return NF_DROP;
        kfree_skb(*pskb);
        *pskb = nskb;
        sb->nh.iph = (*pskb)->nh.iph;
    }
   
    if( ipinfo->clobber == 0 /*NOCLOBBER*/ ){
            struct sk_buff *origskb
                     = skb_copy(*pskb, GFP_ATOMIC);
        skb_insert(origskb,*pskb);
    }
   

        sb->nh.iph->daddr = ipinfo->dip;
   
       
    sb->nh.iph->saddr = ipinfo->sip;


    return IPT_CONTINUE;
}

static int ipt_changeip_checkentry( const char *tablename,
                    const struct ipt_entry *e,
                    void *targinfo,
                    unsigned int targinfosize,
                    unsigned int hook_mask)
{
return 1;
}

static struct ipt_target ipt_changeip_reg =  { {NULL, NULL},
                        "CHANGEIP",
                        ipt_changeip_target,
                        ipt_changeip_checkentry,
                        NULL,
                        THIS_MODULE };

static int  __init init(void){
    return ipt_register_target(&ipt_changeip_reg);
}

static void __exit fini(void){
    return ipt_unregister_target(&ipt_changeip_reg);
}

module_init(init);
module_exit(fini);




PS. sorry if this email is too long I didnt have anywhere to post the 
code online.

                 reply	other threads:[~2004-08-25 13:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=412C9026.6050703@up.edu \
    --to=jfastabe@up.edu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.