Ç - Linux的 - 内核模块 - TCP报头 [英] C - Linux - kernel module - TCP header
问题描述
我试图创建Linux内核模块,这将检查传入数据包。此刻,我在提取数据包的TCP报头和阅读源和目的端口的过程 - >但是我得到不正确的值。我有钩子函数:
I'm trying to create linux kernel module, that will inspect incoming packets. At the moment, I'm in process of extracting TCP header of packet and reading source and destination port -> However I'm getting incorrect values. I have hook function:
unsigned int hook_func(unsigned int hooknum, struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *ipp = (struct iphdr *)skb_network_header(skb);
struct tcphdr *hdr;
/* Using this to filter data from another machine */
unsigned long ok_ip = 2396891328;
/* Some problem, empty network packet. Stop it now. */
if (!skb)
return NF_ACCEPT;
/* Just to track only packets coming from 1 IP */
if (ipp->saddr != ok_ip)
return NF_ACCEPT;
/* Incomming packet is TCP */
if (ipp->protocol == IPPROTO_TCP) {
hdr = (struct tcphdr *) skb_transport_header(skb);
printk(" TCP ports: source: %d, dest: %d .\n", ntohs(hdr->source),
ntohs(hdr->dest));
}
}
现在,当我尝试telnet端口的 21 (不听那里我获得):
Now, when I try to telnet port 21(not listening there I get):
[ 4252.961912] TCP ports: source: 17664, dest: 52 .
[ 4253.453978] TCP ports: source: 17664, dest: 52 .
[ 4253.953204] TCP ports: source: 17664, dest: 48 .
而当我telnet端口的 22 - SSH守护进程听力有:
And when I telnet port 22 - SSH deamon listening there:
[ 4299.239940] TCP ports: source: 17664, dest: 52 .
[ 4299.240527] TCP ports: source: 17664, dest: 40 .
[ 4299.552566] TCP ports: source: 17664, dest: 40 .
由于从输出中可见,我变得非常奇怪的结果,任何人有问题的地方是来自想法?当我编译模块,我没有错误/警告。内核(头)版本:3.7.10。不使用SELinux的或相似的。
As visible from output I'm getting very weird results, anyone has idea where problem is coming from? when I compile module I have no errors / warnings. Version of kernel(headers): 3.7.10 . Not using SELinux or similar.
推荐答案
我有同样的问题写一个小防火墙联网类我刚刚发现我有这个问题。我是铸造TCP报头错误的。尝试铸造然后,TCP访问端口。
I had the same problem writing a small firewall for a networking class I just found out the problem I was having. I was casting the tcp header wrong. Try casting to tcp then accessing the port.
下面是工作它的code段
Here is a code snippet of it working
struct iphdr *ip_header; // ip header struct
struct tcphdr *tcp_header; // tcp header struct
struct udphdr *udp_header; // udp header struct
struct sk_buff *sock_buff;
unsigned int sport ,
dport;
sock_buff = skb;
if (!sock_buff)
return NF_ACCEPT;
ip_header = (struct iphdr *)skb_network_header(sock_buff);
if (!ip_header)
return NF_ACCEPT;
//if TCP PACKET
if(ip_header->protocol==IPPROTO_TCP)
{
//tcp_header = (struct tcphdr *)skb_transport_header(sock_buff); //doing the cast this way gave me the same problem
tcp_header= (struct tcphdr *)((__u32 *)ip_header+ ip_header->ihl); //this fixed the problem
sport = htons((unsigned short int) tcp_header->source); //sport now has the source port
dport = htons((unsigned short int) tcp_header->dest); //dport now has the dest port
}
这篇关于Ç - Linux的 - 内核模块 - TCP报头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!