linux lover wrote:
Hello all,
While writing kernel module packet sniffer
at IP layer,i start with first accessing packets
length and its data part.so, to start i try to access packet
data first and copy it to other variable to dump
its contents but i am facing a problem while accessing
the packet's data. As i have studied i found that data in packet at any layer resides in
between data and tail pointers. So if i
have to print it or copy it in any unsigned string
then how to do that?
I tried with following example which
receives only loopback packet and print data part at IP layer. But it does not print also why am i getting
sb->len as 1 not actual size of packet at IP layer?
regards,
linux_lover
#define MODULE #define __KERNEL__
#include <linux/module.h> #include <linux/kernel.h> #include <linux/skbuff.h> #include <linux/ip.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/myh.h> #include <linux/string.h>
static struct nf_hook_ops nfho;
unsigned int cap_packet(unsigned int hooknum,struct
sk_buff **skb,const struct net_device *in,
const struct
net_device *out,int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
unsigned char *packet;
int buflen=0,i=0;
buflen=sb->len;
packet=kmalloc(buflen,GFP_USER);
memset(packet,'\0',buflen);
printk(KERN_DEBUG "Length of sb->data in hook
function = %d\n", buflen);
while(buflen>=0)
{
packet[i]=sb->data[i];
i++;
buflen--;
}
packet[i]='\0';
strcpy(packet,sb->data);
printk(KERN_DEBUG "packet contents of sb->data
in hook function = %s\n", packet);
If some bytes are zeros in this packet , then the %s format will stop to print packet contents, because 0x0 is "\0". You can use %X format and size of this packet .
Regards LWT
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
