Greetings,

We are trying to implement a firewall as kernel module through netfilter hooking (in C).
In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet.

On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.

We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).

Please go through the code and point out the error.

static struct nf_hook_ops nfho;
struct sk_buff *sock_buff;

struct iphdr *ip_header;
struct tcphdr *tcp_header;

unsigned int hook_func(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
{
printk("\nNew Packet Received:\t");
sock_buff = *skb;
ip_header = (struct iphdr *) skb_network_header(sock_buff);
if(ip_header->protocol==6)
{
tcp_header = (struct tcphdr *) skb_transport_header(sock_buff);
printk("Source:%u\tDestination:%u\n", tcp_header->source, tcp_header->dest);
return NF_ACCEPT;
}
return NF_DROP;
}

int init_module()
{
nfho.hook = hook_func; nfho.hooknum = NF_IP_PRE_ROUTING; nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; nf_register_hook(&nfho); return 0;
}

void cleanup_module(){nf_unregister_hook(&nfho);}

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate of http://www.linuxquestions.org/questi...values-799355/.