C - Linux - kernel module - TCP header -
i'm trying create linux kernel module, inspect incoming packets. @ moment, i'm in process of extracting tcp header of packet , reading source , destination port -> i'm getting incorrect values. have hook function:
unsigned int hook_func(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { struct iphdr *ipp = (struct iphdr *)skb_network_header(skb); struct tcphdr *hdr; /* using filter data machine */ unsigned long ok_ip = 2396891328; /* problem, empty network packet. stop now. */ if (!skb) return nf_accept; /* track packets coming 1 ip */ if (ipp->saddr != ok_ip) return nf_accept; /* incomming packet tcp */ if (ipp->protocol == ipproto_tcp) { hdr = (struct tcphdr *) skb_transport_header(skb); printk(" tcp ports: source: %d, dest: %d .\n", ntohs(hdr->source), ntohs(hdr->dest)); } } now, when try telnet port 21(not listening there get):
[ 4252.961912] tcp ports: source: 17664, dest: 52 . [ 4253.453978] tcp ports: source: 17664, dest: 52 . [ 4253.953204] tcp ports: source: 17664, dest: 48 . and when telnet port 22 - ssh deamon listening there:
[ 4299.239940] tcp ports: source: 17664, dest: 52 . [ 4299.240527] tcp ports: source: 17664, dest: 40 . [ 4299.552566] tcp ports: source: 17664, dest: 40 . as visible output i'm getting weird results, has idea problem coming from? when compile module have no errors / warnings. version of kernel(headers): 3.7.10 . not using selinux or similar.
i had same problem writing small firewall networking class found out problem having. casting tcp header wrong. try casting tcp accessing port.
here code snippet of working
struct iphdr *ip_header; // ip header struct struct tcphdr *tcp_header; // tcp header struct struct udphdr *udp_header; // udp header struct struct sk_buff *sock_buff; unsigned int sport , dport; sock_buff = skb; if (!sock_buff) return nf_accept; ip_header = (struct iphdr *)skb_network_header(sock_buff); if (!ip_header) return nf_accept; //if tcp packet if(ip_header->protocol==ipproto_tcp) { //tcp_header = (struct tcphdr *)skb_transport_header(sock_buff); //doing cast way gave me same problem tcp_header= (struct tcphdr *)((__u32 *)ip_header+ ip_header->ihl); //this fixed problem sport = htons((unsigned short int) tcp_header->source); //sport has source port dport = htons((unsigned short int) tcp_header->dest); //dport has dest port }
Comments
Post a Comment