|
displaying STOLEN packets stolen using NF_STOLEN
Hi,
i have a simple netfilter program from which im trying to steal the packets passing accross the network im using NF_STOLEN and i need to display the stolen packets
my netfilter program:
//Filtering packets based on their source address
/* Sample code to install a Netfilter hook function that will
* drop all incoming packets from an IP address we specify */
// #define __KERNEL__
// #define MODULE
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /* For IP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;
/* IP address we want to drop packets from, in NB order */
static unsigned char *drop_ip = "\xac\x01\x02\x6a"; /*172.1.2.106*/
/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
if (sb->nh.iph->saddr ==*(unsigned int*) drop_ip) {
/*here im just tryng to print srcaddr and total length just for my refeence*/
printk("\n\nIP source address:%d",sb->nh.iph->saddr);
printk("\n\nTotal Length:%d",sb->nh.iph->tot_len);
/*printk("Dropped packet from... %d.%d.%d.%d\n",
*drop_ip, *(drop_ip + 1),
*(drop_ip + 2), *(drop_ip + 3));
return NF_DROP;*/
return NF_STOLEN;
} else {
return NF_ACCEPT;
}
}
/* Initialisation routine */
int init_module()
{
/* Fill in our hook structure */
nfho.hook = hook_func;
/* Handler function */
nfho.hooknum = NF_IP_PRE_ROUTING;/*First for IPv4 */
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; /* Make our func first */
nf_register_hook(&nfho);
return 0;
}
/* Cleanup routine */
void cleanup_module()
{
nf_unregister_hook(&nfho);
}
MODULE_LICENSE("GPL");
MODULE_AUTHOR("VENKAT");
then i compiled the above program using :
gcc -I/lib/modules/`uname -r`/build/include -D__KERNEL__ -DMODULE -DLINUX -O2 -c -o nfaddr.o nfaddr.c
compilation successfull.....
i inserted the module using:
insmod nfaddr.o
module insertion succesfull........
then next step was
ping 172.1.2.106
output on console was:
[root@localhost venki]# ping 172.1.2.106
PING 172.1.2.106 (172.1.2.106) 56(84) bytes of data.
--- 172.1.2.106 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2025ms
so this means that the packets are not received and they are stolen now where are these stolen packets and how do i display them on to console....
The below statements were just to check if module was successfull r not.
i cheacked the messages at /var/log/messages
Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:06 localhost kernel: IP source address:1778516396
Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:07 localhost kernel: Total Length:21504
Apr 6 11:37:07 localhost kernel:
Apr 6 11:37:07 localhost kernel: IP source address:1778516396
Apr 6 11:37:07 localhost kernel:
Apr 6 11:37:08 localhost kernel: Total Length:21504
Apr 6 11:37:08 localhost kernel:
Apr 6 11:37:08 localhost kernel: IP source address:1778516396
Apr 6 11:37:08 localhost kernel:
now how do i display the stolen packets
Last edited by venkatesh111; 04-05-2006 at 01:09 AM.
|
