Re: track dns udp packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Oct 25, 2011 at 10:57 PM, ratheesh kannoth
<ratheesh.ksz@xxxxxxxxx> wrote:
> I wrote a  module to track the udp dns query. It is not working, what
> could be the problem ?
>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <net/netfilter/nf_conntrack.h>
> #include <net/netfilter/nf_conntrack_helper.h>
> #include <linux/ip.h>
> #include <net/netfilter/nf_conntrack_expect.h>
>
> MODULE_LICENSE("GPL");
>
>
> static const struct nf_conntrack_expect_policy my_expect_policy = {
>        .max_expected           = 1,
> };
>
> static int foo_help(struct sk_buff *skb,
>                    unsigned int protoff,
>                   struct nf_conn *ct,
>                    enum ip_conntrack_info conntrackinfo)
> {
>
>        printk (KERN_ALERT "A dns query is sent out \n");
>        return NF_ACCEPT;
> }
>
> static struct nf_conntrack_helper foo;
>
>
>
> int init_conntrack_module(void)
> {
>        int ret = -1;
>        memset(&foo, 0, sizeof(struct nf_conntrack_helper));
>        foo.name = "foo";
>        foo.me = THIS_MODULE;
>        foo.tuple.dst.protonum = IPPROTO_UDP;
>        foo.tuple.dst.u.udp.port = htons(53);
>        foo.help = foo_help;
>        foo.expect_policy = &my_expect_policy;
>        ret = nf_conntrack_helper_register(&foo);
>        printk ("Registration ret = %d\n", ret);
>        return ret;
> }
>
> void  fini_conntrack_module(void)
> {
>        nf_conntrack_helper_unregister(&foo);
> }
>
> module_init(init_conntrack_module);
> module_exit(fini_conntrack_module);
>

I looked into ftp connection tracking and made similar changes.
removed  below line
       foo.tuple.dst.u.udp.port = htons(53);
 added below lines
      foo.tuple.src.l3num = PF_INET;
      foo.tuple.src.u.udp.port = htons(53);

I could see  printks whenever  dns udp packets gets forwarded through
the machine.

1. I copied it blindly. I dont know why it works. Could anybody
explain why it started working please ?
2. This works only for packets gets forwarded through the linux
machine (where module is loaded ) ;
      it doesn't work for packets originating from the linux   machine . Why?

-Ratheesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux