>> Hey all, >> >> I am writing a linux firewall kernel module (something a bit specific) >> using Netfilter, in C. I extract the >> TCP header and the IP header using the functions tcp_hdr() and ip_hdr() >> on the skb. I extract the source and >> destination IPs without any problem, yet, when I try to see the source >> port and the destination port i get wrong >> values. >> >> sport = ntohs(tcp_hdr(skb)->source); >> dport= ntohs(tcp_hdr(skb)->dest); > >Just guessing: maybe ntohs has already been applied to source and dest, so try it w/o ntohs()... Nope, ports or addresses is never swapped. Your hook is to early i.e the header ptr is at the IP header 17680 is 4510h which is the start of an IPv4 header (The "transport header" is set to point at L4 much later.) Have a look at xt_tcpudp.c and use something like this : th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph); > >> I use printk to send the info to the syslog and >> printk(KERN_INFO "got data on port %hu from source port %hu\n", dport, >> sport); >> >> the result i get is >> "got data on port 17680 from port 84" >> "got data on port 17680 from port 84" >> "got data on port 17680 from port 100" >> >> while netstat shows me that the right values for these ports are dport = >> 56188 and sport = 22. >> >> I must be doing something wrong or missing something of the bigger >> picture, I would apreciate any insight >> on why this behavior is generated. >> >> Thank you all, >> A. > Regards Hans -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
