ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to get IDs of the first ten packets which payload is more than 1300 but instead of this I can see all ids in the output. What I am doing wrong? Thank you for help.
Code:
/*
* TT.c
*
* compile: gcc -Wall TT.c -o TT -lipq
*/
#include <netinet/in.h>
#include <libipq.h>
#include <linux/netfilter.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#define BUFSIZE 65536
static void die(struct ipq_handle *h) {
ipq_perror("passer");
ipq_destroy_handle(h);
}
void start_packet_engine() {
int status;
unsigned char buf[BUFSIZE];
struct ipq_handle *h;
printf("\nWaiting for packets\n");
h = ipq_create_handle(0, PF_INET);
if (!h)
die(h);
status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
die(h);
do {
status = ipq_read(h, buf, BUFSIZE, 0);
if (status < 0)
die(h);
switch (ipq_message_type(buf)) {
case NLMSG_ERROR: {
fprintf(stderr, "Received error message %d\n",
ipq_get_msgerr(buf));
break;
}
case IPQM_PACKET:
{
ipq_packet_msg_t *m = ipq_get_packet(buf);
/* Cast the IP Header from the raw packet */
struct iphdr *iph = ((struct iphdr *)m->payload);
/* Cast the TCP Header from the raw packet */
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
/* calculate the length of the payload */
int unsigned payload_length = (unsigned int) ntohs(iph->tot_len) -
((iph->ihl << 2) + (tcp->doff << 2));
if (payload_length > 1300) {
int j;
int jmax = 10;
for (j=0; j < jmax; j++) {
printf("id: %u\n",(unsigned int) m->packet_id);
}
}
status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
break;
}
}
}
while (1);
printf("Engine Stopped...\n");
ipq_destroy_handle(h);
}
int main() {
start_packet_engine();
return 0;
}
I took main body of this example from libipq man page: http://linux.die.net/man/3/libipq and it works fine for me. Padeen, I think you could be right. How can I reconstruct this loop that it would give me wanted effect? I take packets from buffer with this function "ipq_packet_msg_t *m = ipq_get_packet(buf);" and put them back with "status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);".
block, you are creating new variables j and jmax. Those variables are lost when you leave the block. This means each new time that you process a packet of length > 1300, you are starting afresh with new j and jmax.
You may want to move j and jmax somewhere outside the block so they remain in scope the entire time that you are looking at packets. Hint: you probably don't want a for... construction. Instead, an if... break or exit() may work better.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
