Hi, First of all I want to tell you what I am trying to do: I want to realize TCP packet filtering by a specific port number and depending on the payload, other kernel code should be executed. For this task I am writing a kernel module that uses a netfilter hook function to filter packets. The netfilter hook function - registered at NF_INET_LOCAL_IN - provides me access to a sk_buff structure, skb. At this point I encounter the first problem: As the IP header is reachable fine via ip_hdr(skb), the TCP equivalent helper function tcp_hdr(skb) is *not* and instead points to the IP header (the offsets skb->network_header and skb->transport_header are the same). Is this intentional behaviour? Although, the TCP header can also be accessed by: tcp_header = (tcphdr *)(skb->data + ip_hdr(skb)->ihl * 4) This way I can successfully read the destination port. My second problem lies in calculating the starting address of the TCP payload as reading from the address skb->data + ip_hdr(skb)->ihl * 4 + tcp_header->doff * 4 does not show up the expected data. For debugging purposes I print out the values for skb->data_len, tcp_header- >doff * 4, ip_hdr(skb)->ihl * 4, and if I add up all these values, the result equals ip_hdr(skb)->tot_len, which should be correct. Maybe you could tell me, what I am doing wrong here? With best regards Mario
Attachment:
signature.asc
Description: This is a digitally signed message part.
