Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Closed Thread
  Search this Thread
Old 04-01-2010, 07:30 AM   #1
LQ Newbie
Registered: May 2009
Posts: 5

Rep: Reputation: 0
netfilter hook---kernel module---skb_transport_header--- tcphdr fields wrong values


We are trying to implement a firewall as kernel module through netfilter hooking (in C).
In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet.

On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.

We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).

Please go through the code and point out the error.

static struct nf_hook_ops nfho;
struct sk_buff *sock_buff;

struct iphdr *ip_header;
struct tcphdr *tcp_header;

unsigned int hook_func(unsigned int hooknum, struct sk_buff **skb, const struct net_device *in, const struct net_device *out, int (*okfn) (struct sk_buff *))
printk("\nNew Packet Received:\t");
sock_buff = *skb;
ip_header = (struct iphdr *) skb_network_header(sock_buff);
tcp_header = (struct tcphdr *) skb_transport_header(sock_buff);
printk("Source:%u\tDestination:%u\n", tcp_header->source, tcp_header->dest);
return NF_ACCEPT;
return NF_DROP;

int init_module()
nfho.hook = hook_func; nfho.hooknum = NF_IP_PRE_ROUTING; = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; nf_register_hook(&nfho); return 0;

void cleanup_module(){nf_unregister_hook(&nfho);}
Old 04-01-2010, 08:07 AM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate of

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
netfilter hook---kernel module---skb_transport_header--- tcphdr fields wrong values abhishek@LQ Linux - Networking 4 05-26-2010 06:21 AM
Priorities on Netfilter hook and kernel socket Kunsheng Programming 0 05-01-2009 09:24 AM
netfilter hook problem mihirsevak Linux - Networking 2 10-21-2007 01:17 AM
netfilter hook forward packets tim24 Linux - Networking 3 03-27-2006 03:14 PM
netfilter hook function error jinxcat Programming 1 09-23-2005 04:24 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration