nfq_get_payload如何构造其返回数据？ [英] How does nfq_get_payload structure its return data?

问题描述

主要是，我试图从Netfilter队列净荷的有效负载中获取源地址和dest端口（使用nfq_get_payload函数检索有效负载）。以下问题询问同样的问题并得到正确的答案：

Primarily, I'm trying to get the source address and dest port from the payload of a Netfilter queue payload (The payload is retrieved using the nfq_get_payload function). The following question asks the same thing and gets a correct answer:

How to extract source and destination port number from packet in queue of iptables

不幸的是，没有解释为什么在地址中添加20和22可以让你在正确的地方读取信息。我假设这是因为数据的结构（很明显），但是如果有一个定义的结构，它是什么？

Unfortunately, there's no explanation as to why adding 20 and 22 to the address puts you in the right spot to read the info. I assume this is because of the structure of the data (obviously), but if there's a defined structure, what is it?

文档没有明确解释数据的格式，只有通过此函数检索的数据类型将取决于使用nfq_set_mode（）函数设置的模式'，但是set_mode的文档没有提及任何关于数据类型的内容，并且源不会立即显示任何内容。

The documentation doesn't explicitly explain how the data is formatted, only that 'type of data retrieved by this function will depend on the mode set with the nfq_set_mode() function', but then the docs for set_mode don't mention anything about data type and the source doesn't immediately reveal anything.

我觉得这必须是非常中心的对我缺少或不了解的常见网络编程结构。

I feel like this must be something very central to common network programming structs that I'm missing or not understanding.

注意：nfq_get_payload函数： http://www.netfilter.org/projects/libnetfilter_queue/doxygen/group__Parsing.html#gaf79628558c94630e25dbfcbde09f2933

Notes: nfq_get_payload function: http://www.netfilter.org/projects/libnetfilter_queue/doxygen/group__Parsing.html#gaf79628558c94630e25dbfcbde09f2933

推荐答案

我设法弄清楚这一点，我会把这里留给别人找。

I managed to figure this out and I'll leave this here for others to find.

有效载荷以iphdr结构开始。 iphdr结构体有一个协议字段，例如tcp，如果是tcp，那么iphdr结构体之后的数据是一个tcphdr结构体，如果是udp，那么还有另一个结构体hdr，等于icmp等。

The payload starts with an iphdr struct. The iphdr struct has a protocol field, for example tcp, if it is tcp then the data after the iphdr struct is a tcphdr struct, if it is udp, then there's another struct hdr for that, etc for icmp etc.

要访问端口，假设q_data是指向nfq_data结构的指针：

To access port, assume q_data is a pointer to a nfq_data struct:

unsigned char *data;
nfq_get_payload(q_data, (unsigned char**)&data);
struct iphdr * ip_info = (struct iphdr *)data;
if(ipinfo->protocol == IPPROTO_TCP) {
  struct tcphdr * tcp_info = (struct * tcphdr)(data + sizeof(*ip_info));
  unsigned short dest_port = ntohs(tcp_info->dest);
} else if(ipinfo->protocol == IPPROTO_UDP) {
  // etc etc
}

这篇关于nfq_get_payload如何构造其返回数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！