On Thursday 2009-01-22 14:53, Кобылянский Владимир wrote:
>Sorry.
>There are my sources.
>(As I undestood mail-list don't support attachments. Am I write?)
Inline is easier to reply on:
># define IP_PRINTF(addr) ((addr) & 0xff), (((addr) >> 8) & 0xff), (((addr) >> 16) & 0xff), (((addr) >> 24) & 0xff)
Use NIPQUAD and NIPQUAD_FMT.
>int ip_packet_from_local_host(struct iphdr *iph)
>{
> struct net_device *dev = NULL;
> struct in_device *in_dev = NULL;
> struct in_ifaddr *ifaddr = NULL;
>
> for (dev = dev_base; dev; dev = dev->next)
> {
> if (!dev->ip_ptr)
> {
> continue;
> }
> in_dev = (struct in_device *)dev->ip_ptr;
Don't cast this.
> ifaddr = in_dev->ifa_list;
> while (ifaddr)
> {
> if (iph->saddr == ifaddr->ifa_address)
> {
> return 1;
> }
> ifaddr = ifaddr->ifa_next;
> }
> }
>
> return 0;
>}
>
>struct net_device* ip_packet_to_local_host(struct iphdr *iph)
>{
> struct net_device *dev = NULL;
> struct in_device *in_dev = NULL;
> struct in_ifaddr *ifaddr = NULL;
>
> for (dev = dev_base; dev; dev = dev->next)
> {
> if (!dev->ip_ptr)
> {
> continue;
> }
> in_dev = (struct in_device *)dev->ip_ptr;
Nor this.
> ifaddr = in_dev->ifa_list;
> while (ifaddr)
> {
> if (iph->daddr == ifaddr->ifa_address)
> {
> return dev;
> }
> ifaddr = ifaddr->ifa_next;
> }
> }
> return NULL;
>}
>
>static unsigned int check_packet(struct sk_buff *skb, short in_out)
>{
> if(skb->nh.iph->protocol == IPPROTO_TCP)
> {
> struct tcphdr *tcp;
> char *tcp_data=NULL;
> char tcp_flags[4];
> unsigned int tcp_data_off=0;
>
> tcp = (struct tcphdr *)((char*)skb->nh.iph + skb->nh.iph->ihl * 4);
> tcp_data_off = (tcp->doff)*4;
> tcp_data = (char *)tcp + tcp_data_off;
> tcp_flags[0]=' ';
> tcp_flags[1]=' ';
> tcp_flags[2]=' ';
> tcp_flags[3]='\0';
>
> if(tcp->syn)
> tcp_flags[0] = 'S';
> if(tcp->ack)
> tcp_flags[1] = 'A';
> if(tcp->psh)
> tcp_flags[2] = 'P';
> info("=== HOOK_PACKET: packet src_addr=%u.%u.%u.%u:%u dst_addr=%u.%u.%u.%u:%u [%s] protocol=%u, IN_OUT=%d, DATA_OFF = %u",
> IP_PRINTF(skb->nh.iph->saddr),ntohs(tcp->source),IP_PRINTF(skb->nh.iph->daddr),ntohs(tcp->dest),
> tcp_flags, skb->nh.iph->protocol, in_out, tcp_data_off);
> if(tcp->psh && ntohs(tcp->dest) == 80)
> {
> info("=== HOOK_PACKET: DATA=%02x %02x %02x %02x %02x %02x", tcp_data[0],tcp_data[1],tcp_data[2],tcp_data[3],tcp_data[4],tcp_data[5]);
>// return NF_DROP;
> }
> }
Now consider this - tcp_data[0] invokes undefined behavior when
* there is no payload
* or the packet is fragmented (a corner case, though)
Most likely the former is your case.
>unsigned int hook_func(unsigned int hooknum,
> struct sk_buff **pskb,
> const struct net_device *in,
> const struct net_device *out,
> int (*okfn)(struct sk_buff *))
>{
> struct sk_buff * skb = * pskb;
> int ret;
> if(skb == NULL){
> info("HOOK skb==NULL");
> return NF_DROP;
> }
> ret = check_packet(skb, (short)1); //1 - out
Do not do redundant casts.
> return(ret);
>}
>
>unsigned int hook_func_in(unsigned int hooknum,
> struct sk_buff **pskb,
> const struct net_device *in,
> const struct net_device *out,
> int (*okfn)(struct sk_buff *))
>{
> struct sk_buff * skb = * pskb;
> int ret;
> if(skb == NULL){
> info("HOOK_IN skb==NULL");
> return NF_DROP;
> }
> if(skb->pkt_type == PACKET_OUTGOING)
> ret = check_packet(skb, (short)1); //1 - out
> else
> ret = check_packet(skb, (short)0); //0 - in
Stop it! >:)
> return(ret);
>}
>
>
>Jan 22 11:35:52 FW_EXT kernel: my_fw: fw_init(): Driver my_fw started
>Jan 22 11:35:54 FW_EXT kernel: my_fw: check_packet(): === HOOK_PACKET: packet src_addr=192.168.0.198:41924 dst_addr=192.168.0.132:80 [S ] protocol=6, IN_OUT=1, DATA_OFF = 40
>Jan 22 11:35:54 FW_EXT kernel: my_fw: check_packet(): === HOOK_PACKET: packet src_addr=192.168.0.132:80 dst_addr=192.168.0.198:41924 [SA ] protocol=6, IN_OUT=0, DATA_OFF = 40
>Jan 22 11:35:54 FW_EXT kernel: my_fw: check_packet(): === HOOK_PACKET: packet src_addr=192.168.0.198:41924 dst_addr=192.168.0.132:80 [ A ] protocol=6, IN_OUT=1, DATA_OFF = 32
>Jan 22 11:35:54 FW_EXT kernel: my_fw: check_packet(): === HOOK_PACKET: packet src_addr=192.168.0.198:41924 dst_addr=192.168.0.132:80 [ AP] protocol=6, IN_OUT=1, DATA_OFF = 32
>Jan 22 11:35:54 FW_EXT kernel: my_fw: check_packet(): === HOOK_PACKET: DATA=02 00 01 00 01 00
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
