This is what I suspected, but thanks for the confirmation. I have come
up with a work around by opening a raw socket in user space,
intercepting it using netfilter, and grabbing the 'struct sock'. I
think it is a kludge, but it is working and probably safer than sticking
my nose where it doesn't belong--and I'm using netfilter anyhow, so it
isn't too ugly.
Later . . . Jim
Peter Teoh wrote:
Well.....all that u are trying to do is not really allowed, as inside
af_inet.c the variable inetsw_array is defined as static:
/* Upon startup we insert all the elements in inetsw_array[] into
* the linked list inetsw.
*/
static struct inet_protosw inetsw_array[] =
and so only those functions within af_inet.c can access it, not
anywhere else, kernel module in particular.
But as a hacker, anything IS POSSIBLE....but u have to be aware of
access contention. At startup the elements inside inetsw_arrray is
passed to inet_register_protosw() via ptr:
void inet_register_protosw(struct inet_protosw *p)
{
struct list_head *lh;
struct inet_protosw *answer;
int protocol = p->protocol;
struct list_head *last_perm;
spin_lock_bh(&inetsw_lock);
And u noticed the spin lock inetsw_lock is used whenever accessing the
"p" inet_protosw ptr is needed. Another example:
void inet_unregister_protosw(struct inet_protosw *p)
{
if (INET_PROTOSW_PERMANENT & p->flags) {
printk(KERN_ERR
"Attempt to unregister permanent protocol %d.\n",
p->protocol);
} else {
spin_lock_bh(&inetsw_lock);
list_del_rcu(&p->list);
spin_unlock_bh(&inetsw_lock);
synchronize_net();
}
And so u must therefore call spin lock in your code whenever u want to
access the "p" ptr.
How to access the inetsw_array, or spin lock variable in another
function, or in an external kernel module?
BY ADDRESS.
Looking into /proc/kallsyms:
cat /proc/kallsyms |grep inetsw_
c07fb640 d inetsw_array
c0972628 b inetsw_lock
So it is in kernel memory, just set up a ptr to point there, and u are
accessing the variable. This is generally used to bypass the
"exported symbols" not available problem......: - (.
On Tue, Jun 29, 2010 at 10:37 AM, Jim Sansing <jjsansing@xxxxxxxxxxx> wrote:
I am trying to send a Raw packet from my kernel module. I found what I
hoped was a good example, but it came with the warning that allocating the
'struct sock' was the tricky part, which is where I am now. I want to use
sk_alloc, which is defined as:
struct sock *sk_alloc(struct net *net, int family, gfp_t priority, struct
proto *prot);
I have been looking for how to get to the Raw 'struct proto', but it is
buried in at least one list, maybe more, and I haven't been able to find how
to get to it directly. The only place I have seen it being accessed is in
af_inet.c, which steps thru the 'struct inet_protosw' queue, checking the
protocol field (Raw uses the int, IPPROTO_IP). But the inet_protosw queue
is not an Exported Symbol. Is there a way to get the Raw 'struct proto',
perhaps using the IPPROTO_IP int?
Also, are there any gotchas as far as the 'struct sock' after it has been
allocated?
Thanks.
Later . . . Jim
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
