ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been playing around with sk_buff(skb), and reading/writing data to IP packets in the kernel. I have accessed the ip header, and tcp header, but the tcp header seems to be missing the seq field. When I try to access it in the strucutre tcph->seq it always returning random data. According the to structure in include/linux/tcp.h it should be there.
I thought that the seq might not be there in syn packets so I tried accessing it for all tcp packets, and it still is just random data.
Code:
/* Packet Handler Function */
// static int packetprocessor_func(struct sk_buff *skb, struct device *dv, struct packet_type *pt)
static int packetprocessor_func(struct sk_buff *skb){
struct iphdr *iph;
struct tcphdr *tcph;
/*
* Process the packet only if it
* is not NULL,
* was intended for this host,
* and is an IP packet.
*
* This limits processing packets to in-bound IP traffic only!
*
*/
if ((skb != NULL) && (skb->pkt_type == PACKET_HOST) && (skb->protocol == htons(ETH_P_IP))) {
iph = ip_hdr(skb); // access ip header.
if (iph->protocol == IPPROTO_TCP) {
tcph = (struct tcphdr *)(skb_network_header(skb) + ip_hdrlen(skb)); // access tcp header.
/*
printk(KERN_ALERT "Source: %d.%d.%d.%d:%d. Destination: %d.%d.%d.%d:%d\n",
NIPQUAD(iph->saddr), ntohs(tcph->source),
NIPQUAD(iph->daddr), ntohs(tcph->dest));
*/
/*
* Here we identify new sessions
*/
if ((tcph->syn == 1) && (tcph->ack == 0)) {
printk(KERN_ALERT "Opening new session to: %d.%d.%d.%d:%d.\n",
NIPQUAD(iph->daddr), ntohs(tcph->dest));
printk(KERN_ALERT "MSS is: %llu.\n",
__get_tcp_option(skb,2,4));
printk(KERN_ALERT "SEQ is: %u.\n",
ntohl(tcph->seq));
}
}
}
kfree_skb(skb);
return 0;
}
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
1. The active open is performed by the client sending a SYN to the server. It sets the segment's sequence number to a random value.
2. In response, the server replies with a SYN-ACK. The acknowledgement number is set to one more than the received sequence number, and the sequence number is random.
3. Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value, and the acknowledgement number is set to one more than the received sequence number.
At this point, both the client and server have received an acknowledgement of the connection.
Watching Wireshark you can see the TCP SYN packet leaving the host with SEQ = 0. I will have to look at the server to see what it receives, and why Wireshark would say the SEQ=0 if in fact its something else.
Well I found why I was getting such random numbers in my module. WireShark by default makes the SEQ/ACK numbers relative to the first SYN packet sent. My module was showing the actual SEQ correctly.
In my project i want to send data in the options field of the tcp header. Do you know how it will be possible??In what .c files i should make change?
I have downloaded kernel source code.But do not know what should i do further.
Please help me....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.