Discussion:
ETH_P_ALL and tcp ports
Felipe Dias
2013-06-02 15:44:04 UTC
Permalink
Hi, someone might try to tell me what I'm doing wrong, please?

I have a simple module and I registered one packet handler, in init function:
---
pseudo_proto.type = htons(ETH_P_ALL);
pseudo_proto.dev = NULL;
pseudo_proto.func = packet_handler;
dev_add_pack(&pseudo_proto);
---

My packet_handler, is a simple function just to print in dmesg info
about the packet, its check if protocol is TCP or UDP before.

The problem is with TCP headers. I'm trying to get tcp ports with:

ntohs(tcp_hdr(skb)->dest);

But always come strange ports numbers.

My question is: Are the TCP headers filled at this stage ?
Or I have to register another packet_handler with dev_add_pack() after
TCP code have done the heavy work?

Best regards,
Felipe
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
Silviu Popescu
2013-06-03 08:36:30 UTC
Permalink
Post by Felipe Dias
Hi, someone might try to tell me what I'm doing wrong, please?
---
pseudo_proto.type = htons(ETH_P_ALL);
pseudo_proto.dev = NULL;
pseudo_proto.func = packet_handler;
dev_add_pack(&pseudo_proto);
---
My packet_handler, is a simple function just to print in dmesg info
about the packet, its check if protocol is TCP or UDP before.
ntohs(tcp_hdr(skb)->dest);
But always come strange ports numbers.
My question is: Are the TCP headers filled at this stage ?
Or I have to register another packet_handler with dev_add_pack() after
TCP code have done the heavy work?
1. I'm not sure if you should be converting form network to host order
when using the TCP destination port. Try both ways, see what works.

2. Your concern regarding to filled TCP headers is a good hunch. You
would be better off using a netfilter hook (actually two) for this
job. You would need a netfilter hook that intercepts outgoing packets
originated from you machine (which have the TCP header set) and
another hook for outgoing packets (which have the TCP header set a
little bit later).

The way you would do this is by defining two netfilter hook
structures similar to:
static struct nf_hook_ops my_nfho = {
.owner = THIS_MODULE,
.hook = my_nf_hookfn,
.hooknum = NF_INET_LOCAL_IN,
.pf = PF_INET,
.priority = NF_IP_PRI_FIRST
};
The hooknum field tells netfilter where to intercept packets.
NF_INET_LOCAL_IN means incoming packets, NF_INET_LOCAL_OUT means
outgoing.

The hook field tells netfilter what function to run on intercepted
packets. It should have a header similar to:
static unsigned int my_nf_hookfn(unsigned int hooknum, struct sk_buff
*skb, const struct net_device *in, const struct net_device *out, int
(*okfn)(struct sk_buff *))
The parameters will be populated by netfilter, but I think you are
only interested in hooknum and skb. hooknum will be NF_INET_LOCAL_IN
or similar, so you could use the same function for both filters.

You also have to register/unregister the hooks using
nf_register_hook()/nf_unregister_hook(). Browse the kernel source or
google to find out exactly how to glue these elements together.

Good luck!
Silviu Popescu
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
Felipe Dias
2013-06-03 14:39:21 UTC
Permalink
Thank you for your reply, but I cant use netfilter hooks for another reasons.

On Mon, Jun 3, 2013 at 5:36 AM, Silviu Popescu
Post by Silviu Popescu
Post by Felipe Dias
Hi, someone might try to tell me what I'm doing wrong, please?
---
pseudo_proto.type = htons(ETH_P_ALL);
pseudo_proto.dev = NULL;
pseudo_proto.func = packet_handler;
dev_add_pack(&pseudo_proto);
---
My packet_handler, is a simple function just to print in dmesg info
about the packet, its check if protocol is TCP or UDP before.
ntohs(tcp_hdr(skb)->dest);
But always come strange ports numbers.
My question is: Are the TCP headers filled at this stage ?
Or I have to register another packet_handler with dev_add_pack() after
TCP code have done the heavy work?
1. I'm not sure if you should be converting form network to host order
when using the TCP destination port. Try both ways, see what works.
2. Your concern regarding to filled TCP headers is a good hunch. You
would be better off using a netfilter hook (actually two) for this
job. You would need a netfilter hook that intercepts outgoing packets
originated from you machine (which have the TCP header set) and
another hook for outgoing packets (which have the TCP header set a
little bit later).
The way you would do this is by defining two netfilter hook
static struct nf_hook_ops my_nfho = {
.owner = THIS_MODULE,
.hook = my_nf_hookfn,
.hooknum = NF_INET_LOCAL_IN,
.pf = PF_INET,
.priority = NF_IP_PRI_FIRST
};
The hooknum field tells netfilter where to intercept packets.
NF_INET_LOCAL_IN means incoming packets, NF_INET_LOCAL_OUT means
outgoing.
The hook field tells netfilter what function to run on intercepted
static unsigned int my_nf_hookfn(unsigned int hooknum, struct sk_buff
*skb, const struct net_device *in, const struct net_device *out, int
(*okfn)(struct sk_buff *))
The parameters will be populated by netfilter, but I think you are
only interested in hooknum and skb. hooknum will be NF_INET_LOCAL_IN
or similar, so you could use the same function for both filters.
You also have to register/unregister the hooks using
nf_register_hook()/nf_unregister_hook(). Browse the kernel source or
google to find out exactly how to glue these elements together.
Good luck!
Silviu Popescu
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Loading...