|
printk incorrect output from ntohs(tcp_hdr(skb)->source)
I am messing around with linux kernel modules while I learn C. I wrote a LKM that has sucessfully been sniffing IP Packets Source/Destination, and writing that to /var/log/messages with printk, but when I try to access the TCP header source/dest, and write it to the log I am not getting the correct values.
The dest should be 80(http), but the log is saying 40. Is there some other conversion of "tcp_hdr(skb)->dest" I need to do for it to print the correct value? I know the value should be 80 so I expect that the source value I am getting is also incorrect, but have not used Wireshark to deteremine that its actual value is. Code:
printk(KERN_ALERT "Source: %d.%d.%d.%d:%d. Destination: %d.%d.%d.%d:%d\n", NIPQUAD(ip_hdr(skb)->saddr), ntohs(tcp_hdr(skb)->source), NIPQUAD(ip_hdr(skb)->daddr), ntohs(tcp_hdr(skb)->dest)); |
Need to pull the tcp header to read the tcp ports.
Code:
struct tcphdr *tcph; |
Hello !!
I tried to run this module but i got the following error ‘skb’ undeclared (first use in this function)" Then i added the following ... const struct sk_buff *skb; I got the warnings .. warning: unused variable ‘iph’ warning: ‘skb’ is used uninitialized in this function Please help me out !! I want print the IP header information..... |
You have to use this code from a netfilter hook. I made a post about using netfilter hooks in my blog on this site.
|
It's the same ;^)
Hehe ;^) Nice code, but...
Looks like it does the same thing to me. Doesn't tcp_hdr(skb) also pull data from the skb? Anyways that's the results I'm getting. Just FYI (I know the thread is old, but, still ;^) I'm working in the sch_red.ko module. On the host PC tcp_hdr(skb) works as expected. On the router it always seems to generate the same (wrong) source and dest port. Your neat little piece of code does the same thing. I suspect that my router is doing something funny ;^) ...Daniel |
Yes,
tcp_hdr(skb) should pull the correct data but the linux kernel I was using at the time it would not work. All my development was with CentOS 5 being based on RHEL its a little behind when it comes to the latest linux kernel. I have a full example of using netfilter hooks but it was for an older kernel so might not work now. http://opennop.svn.sourceforge.net/v...lpha%200.2.56/ Here is a much simpler kernel driver that I think works with newer kernels. At least the latest kernel used by openSuse & RHEL. http://opennop.svn.sourceforge.net/v.../module/trunk/ You can see I am still using my original method in the userspace daemon to map the pointer to the correct tcp_header. I could probably try using the simpler tcp_hdr(skb) and see if it works. http://opennop.svn.sourceforge.net/v...73&view=markup Justin. |
Hi Justin,
Netfilter hook blog? Could you shoot me a link to that? For a networking scientist I know embarrassingly little about netfilter hooks and the proper way of doing things in the kernel. I just sort of found the kernel code and started messing around with it's brains. It might be worthwhile for me to learn how everybody else does things ;^) ...Daniel |
| All times are GMT -5. The time now is 04:51 PM. |