LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 03-21-2009, 07:14 PM   #1
Kunsheng
Member
 
Registered: Mar 2009
Posts: 82

Rep: Reputation: 16
Problem on 'iphdr->saddr' in Netfilter


Hello everyone, I got some trouble in differentiate the ip source address using Netfilter.

I put the following code in both PRE_ROUTING_HOOK and POST_ROUTING.

My code is as below, the 'print_string' is a some function output log into tty:


char *ip_address="152.1.226.10";


unsigned int inet_addr(char *ip)
{
int a,b,c,d;
sscanf(ip,"%d.%d.%d.%d",&a,&b,&c,&d);
char arr[4];
arr[0]=a;arr[1]=b;arr[2]=c;arr[3]=d;

return *(unsigned int*)arr;
}

unsigned int main_hook(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
print_string("Enter hook...\n");
struct iphdr *my_ipheader;
struct tcphdr *tcpheader;
struct udphdr *udpheader;


struct sk_buff *sock_buff=skb;
if(!sock_buff)
{
print_string("PRE_ROUTING: Error in sock_buff.\n");
return NF_ACCEPT;

}

if(!((sock_buff)->network_header))
{
print_string("PRE_ROUTING: Error in Network Header.\n");
return NF_ACCEPT;
}

my_ipheader = ip_hdr(sock_buff);

unsigned int ipaddr=inet_addr(ip_address);



if(my_ipheader->protocol == IPPROTO_UDP)
{

if(my_ipheader->saddr==ipaddr)
{
print_string("PRE_ROUTING: Reject UDP Packets!\n");
return NF_DROP;
}
else
{
print_string("PRE_ROUTING: Accept UDP Packets!\n");
}

}


print_string("Leaving Hook...\n");
return NF_ACCEPT;

}


I used 'ping 152.1.226.10' to ping the host after insmod the module. It was supposed to output 'PRE_ROUTING: Reject UDP Packets!' but it outputted 'PRE_ROUTING: Accept UDP Packetes!' instead.


I am not sure whether there is some issues in 'inet_addr' I wrote or I put the function in a wrong hook.

I am using kernel 2.6.24.1 under Ubuntu.


Does anyone got some idea on it ? Any help is appreciated.


-Kunsheng
 
Old 04-28-2009, 10:15 AM   #2
Kunsheng
Member
 
Registered: Mar 2009
Posts: 82

Original Poster
Rep: Reputation: 16
A follow up

The reply is just a follow-up for the question I posted here before:

The function inet_addr() here is working to convert ip address from dot format into heximal in network bytes order.

For example, you could compare whether the address is somewhat you need by:

If ( Myipheader->saddr == inet_addr(“127.0.0.1”))

The problem I had with it before, was because I missed the concept that when I schedule a ‘ping’ command to a host, the first hook I encounter would be post_route other than pre_route, in which the value of ‘myIpheader->sAddr ‘ is the public ip address of my machine other than the host I ping.

Hope this helps for future comers.


-Kun
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem on a gateway: SNAT, DNAT and netfilter zahikel Linux - Networking 1 11-15-2008 04:27 AM
netfilter patch-o-matic problem Ronin_tekorei Linux - Software 2 02-04-2008 05:02 AM
Netfilter Help rajaashok Linux - Kernel 1 11-22-2007 12:41 AM
netfilter hook problem mihirsevak Linux - Networking 2 10-21-2007 01:17 AM
Netfilter recent patch problem ~=gr3p=~ Linux - Security 2 07-16-2006 08:32 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration