Hi All,
We are working on packet filter.I am attaching
filter.c which actually does the packet filtering.
Everything is working fine except the filter for
ports.
We are testing a simple tcpclient and tcpserver (echo
server).
Server is running on 10000 port.
But in packet filter we always get some 4135 port but
not
10000.
Client and server are running on different machines .
We are not using any NAT addresses.
Help appricited!!
Thanks.
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources//*
* filter.c for monitoring some incoming package information
*/
#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include "ourmon.h"
__u32 in_aton(const char *str) {
unsigned long l;
unsigned int val;
int i;
l = 0;
for (i = 0; i < 4; i++) {
l <<= 8;
if (*str != '\0') {
val = 0;
while (*str != '\0' && *str != '.') {
val *= 10;
val += *str - '0';
str++;
}
l |= val;
if (*str != '\0')
str++;
}
}
return(htonl(l));
}
int filter_pktcount(struct sk_buff *skb, int flag_inorout)
{
if(flag_inorout == 1)
{
if(skb->nh.iph->protocol == IPPROTO_TCP)
{
unbaked.incoming.tcp_pktcount++;
/*Check For TCP Port count*/
PDEBUG("Before Calling Check For TCP Port count");
filter_tcp_port(skb,1);
filter_for_portprobe(skb,1);
}
else if(skb->nh.iph->protocol == IPPROTO_UDP)
unbaked.incoming.udp_pktcount++;
else if(skb->nh.iph->protocol == IPPROTO_ICMP)
unbaked.incoming.icmp_pktcount++;
else
unbaked.incoming.otherproto_pktcount++;
}
if(flag_inorout ==2)
{
if(skb->nh.iph->protocol == IPPROTO_TCP)
{
unbaked.outgoing.tcp_pktcount++;
/*Check For TCP Port count*/
filter_tcp_port(skb,2);
filter_for_portprobe(skb,2);
}
else if(skb->nh.iph->protocol == IPPROTO_UDP)
unbaked.outgoing.udp_pktcount++;
else if(skb->nh.iph->protocol == IPPROTO_ICMP)
unbaked.outgoing.icmp_pktcount++;
else
unbaked.outgoing.otherproto_pktcount++;
}
PDEBUG("ourmon:filter finished\n");
return TRUE;
}
int filter_bytecount(struct sk_buff *skb, int flag_inorout)
{
if(flag_inorout == 1)
{
if(skb->nh.iph->protocol == IPPROTO_TCP)
{
unbaked.incoming.tcp_bytescount+=skb->len;
}
else if(skb->nh.iph->protocol == IPPROTO_UDP)
{
unbaked.incoming.udp_bytescount+=skb->len;
}
else if(skb->nh.iph->protocol == IPPROTO_ICMP)
{
unbaked.incoming.icmp_bytescount+=skb->len;
}
else
{
unbaked.incoming.otherproto_bytescount+=skb->len;
}
}
if(flag_inorout == 2)
{
if(skb->nh.iph->protocol == IPPROTO_TCP)
{
unbaked.outgoing.tcp_bytescount+=skb->len;
}
else if(skb->nh.iph->protocol == IPPROTO_UDP)
{
unbaked.outgoing.udp_bytescount+=skb->len;
}
else if(skb->nh.iph->protocol == IPPROTO_ICMP)
{
unbaked.outgoing.icmp_bytescount+=skb->len;
}
else
{
unbaked.outgoing.otherproto_bytescount+=skb->len;
}
}
return TRUE;
}
int filter_for_portprobe(struct sk_buff *skb,int flag_inorout)
{
struct tcphdr *tcp_header;
if (!(skb->nh.iph)) return FALSE;
tcp_header = (struct tcphdr *)(skb->data +
(skb->nh.iph->ihl * 4));
if(flag_inorout==1)/*Incoming Packets*/
{
/* Now check the destination port */
if ((tcp_header->dest) == 21) {
PDEBUG("Got Packet for defined Port:%d:Destined Port:21",tcp_header->dest);
unbaked.incoming.port21_pktcount++;
}
if ((tcp_header->dest) == 23)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:23",tcp_header->dest);
unbaked.incoming.port23_pktcount++;
}
if ((tcp_header->dest) == 24)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:24",tcp_header->dest);
unbaked.incoming.port24_pktcount++;
}
if ((tcp_header->dest) == 25)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:25",tcp_header->dest);
unbaked.incoming.port25_pktcount++;
}
if ((tcp_header->dest) == 80)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:80",tcp_header->dest);
unbaked.incoming.port80_pktcount++;
}
}
if(flag_inorout==2)
{
/* Now check the destination port */
if ((tcp_header->source) == 21) {
PDEBUG("Got Packet for defined Port:%d:Destined Port:21",tcp_header->dest);
unbaked.outgoing.out_port21_pktcount++;
}
if ((tcp_header->source) == 23)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:23",tcp_header->dest);
unbaked.outgoing.out_port23_pktcount++;
}
if ((tcp_header->source) == 24)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:24",tcp_header->dest);
unbaked.outgoing.out_port24_pktcount++;
}
if ((tcp_header->source) == 25)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:25",tcp_header->dest);
unbaked.outgoing.out_port25_pktcount++;
}
if ((tcp_header->source) == 80)
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:80",tcp_header->dest);
unbaked.outgoing.out_port80_pktcount++;
}
}
return TRUE;
}
int filter_tcp_port(struct sk_buff *skb,int flag_inorout)
{
struct tcphdr *tcp_header;
if (!(skb->nh.iph)) return FALSE;
PDEBUG("Abhijeet Kolekar Filter TCP PORT :%d",tcp_port);
tcp_header = (struct tcphdr *)(skb->data +
(skb->nh.iph->ihl * 4));
if(flag_inorout==1)/*Incoming Packets*/
{
/* Now check the destination port */
if ((tcp_header->dest) == tcp_port) {
PDEBUG("TCP PORT: Got Packet for defined Port:%d:Destined Port:%d",tcp_header->dest,tcp_port);
unbaked.incoming.tcpport_pktcount++;
PDEBUG("Count:%ld",unbaked.incoming.tcpport_pktcount);
}
else
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:%d",tcp_header->dest,tcp_port);
unbaked.incoming.otherport_pktcount++;
}
}
if(flag_inorout==2)
{
/* Now check the destination port */
if ((tcp_header->dest) == tcp_port) {
PDEBUG("Port 80 Just Added:Got Packet for defined Port:%d:Destined Port:%d",tcp_header->dest,tcp_port);
unbaked.outgoing.tcpport_pktcount++;
}
else
{
PDEBUG("Got Packet for defined Port:%d:Destined Port:%d",tcp_header->dest,tcp_port);
unbaked.outgoing.otherport_pktcount++;
}
}
return TRUE;
}
int filter_for_network(struct sk_buff *skb,int flag_inorout)
{
unsigned long inFileIp;
inFileIp=in_aton(network_ip);
if(flag_inorout==1)
{
//actualIp=in_aton(skb->nh.iph->saddr);
if (skb->nh.iph->saddr == inFileIp) {
PDEBUG("Got packet from defined network... %s\n",
network_ip);
unbaked.incoming.ournetwork_pktcount++;
}
else
{
/*packet is not from our defined netwrok.*/
unbaked.incoming.othernetwork_pktcount++;
}
}
if(flag_inorout==2)
{
//actualIp=in_aton(skb->nh.iph->daddr);
if (skb->nh.iph->daddr==inFileIp) {
PDEBUG("Got packet from defined network... %s\n",
network_ip);
unbaked.outgoing.ournetwork_pktcount++;
}
else
{
/*packet is not from our defined netwrok.*/
unbaked.outgoing.othernetwork_pktcount++;
}
}
return TRUE;
}
int filter_in(struct sk_buff *skb)
{
filter_pktcount(skb,1);
filter_bytecount(skb,1);
/*Check For Particular Network Packet*/
filter_for_network(skb,1);
PDEBUG("ourmon:filter in finished\n");
return TRUE;
}
int filter_out(struct sk_buff *skb)
{
filter_pktcount(skb,2);
filter_bytecount(skb,2);
/*Check For Particular Network Packet*/
filter_for_network(skb,2);
PDEBUG("ourmon:filter out finished\n");
return TRUE;
}
