nfq_get_payload 如何构造它的返回数据? [英] How does nfq_get_payload structure its return data?
问题描述
Primarily, I'm trying to get the source address and dest port from the payload of a Netfilter queue payload (The payload is retrieved using the nfq_get_payload function). The following question asks the same thing and gets a correct answer:
How to extract source and destination port number from packet in queue of iptables
Unfortunately, there's no explanation as to why adding 20 and 22 to the address puts you in the right spot to read the info. I assume this is because of the structure of the data (obviously), but if there's a defined structure, what is it?
The documentation doesn't explicitly explain how the data is formatted, only that 'type of data retrieved by this function will depend on the mode set with the nfq_set_mode() function', but then the docs for set_mode don't mention anything about data type and the source doesn't immediately reveal anything.
I feel like this must be something very central to common network programming structs that I'm missing or not understanding.
Notes: nfq_get_payload function: http://www.netfilter.org/projects/libnetfilter_queue/doxygen/group__Parsing.html#gaf79628558c94630e25dbfcbde09f2933
I managed to figure this out and I'll leave this here for others to find.
The payload starts with an iphdr struct. The iphdr struct has a protocol field, for example tcp, if it is tcp then the data after the iphdr struct is a tcphdr struct, if it is udp, then there's another struct hdr for that, etc for icmp etc.
To access port, assume q_data is a pointer to a nfq_data struct:
unsigned char *data;
nfq_get_payload(q_data, (unsigned char**)&data);
struct iphdr * ip_info = (struct iphdr *)data;
if(ip_info->protocol == IPPROTO_TCP) {
struct tcphdr * tcp_info = (struct tcphdr*)(data + sizeof(*ip_info));
unsigned short dest_port = ntohs(tcp_info->dest);
} else if(ip_info->protocol == IPPROTO_UDP) {
//etc etc
}
这篇关于nfq_get_payload 如何构造它的返回数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
