Question

我正在ubuntu 12.04上编写一个网络过滤内核模块，内核版本是3.2.0-23-generic。

我的代码是。

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#undef __KERNEL__
#include <linux/netfilter_ipv4.h>
#define __KERNEL__

#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/fs.h>

static struct nf_hook_ops nfho;
MODULE_LICENSE("Proprietary");
MODULE_AUTHOR("vikas");

unsigned int hook_func(unsigned int hooknum, struct sk_buff * skb,
        const struct net_device * in, const struct net_device * out,
        int (*okfn)(struct sk_buff *))
{
    if (skb)
    {
        struct iphdr *iph = ip_hdr(skb);

        if (iph && iph->protocol && (iph->protocol == IPPROTO_TCP))
        {
            int index;
            char cValue[101];
            char *data;

            struct tcphdr *tcph = tcp_hdr(skb);

            data = (char *) ((unsigned char*) tcph + (tcph->doff * 4));

            printk(KERN_INFO "\n\ntcp hader address = %u", tcph);
            printk(KERN_INFO "TCP source : %hu, TCP  dest : %hu\n", ntohs(tcph->source), ntohs(tcph->dest));
            printk(KERN_INFO "TCP seq : %u, TCP ack_seq : %u\n", ntohl(tcph->seq), ntohl(tcph->ack_seq));
            printk(KERN_INFO "TCP doff : %d, TCP window : %hu\n", tcph->doff * 4, ntohs(tcph->window));
            printk(KERN_INFO "TCP check : 0x%hx, TCP urg_ptr : %hu\n", ntohs(tcph->check), ntohs(tcph->urg_ptr));
            printk(KERN_INFO "FLAGS=%c%c%c%c%c%c\n",
                    tcph->urg ? 'U' : '-',
                    tcph->ack ? 'A' : '-',
                    tcph->psh ? 'P' : '-',
                    tcph->rst ? 'R' : '-',
                    tcph->syn ? 'S' : '-',
                    tcph->fin ? 'F' : '-');
            printk(KERN_INFO "sending packet to : %pI4\n", &iph->daddr);
            //printk(KERN_INFO "data len : %d\n", (int) strlen(data));
            printk(KERN_INFO "DATA : %s\n", data);
            printk(KERN_INFO "tcp headerlen = %d\n", tcp_hdrlen(skb));
            unsigned char *tail = skb_tail_pointer(skb);
            unsigned char *end = skb_end_pointer(skb);
            printk(KERN_INFO "skb->head  = %u\n", skb->head);
            printk(KERN_INFO "skb->data  = %u\n", skb->data);
            printk(KERN_INFO "tail pointer  = %u\n", tail);
            printk(KERN_INFO "end pointer  = %u\n", end);
            printk(KERN_INFO "packet len  = %d\n", (int)skb->len);
            printk(KERN_INFO "skb data len  = %d\n", (int)skb->data_len);
            printk(KERN_INFO "header len  = %d\n", (int)skb->hdr_len);

            return NF_ACCEPT;
        }
    }
    return NF_ACCEPT;
}
        int init_module()
        {
            printk(KERN_INFO "Loading packet filter module...\n");
            nfho.hook = (nf_hookfn *) hook_func;
            nfho.hooknum = NF_INET_LOCAL_OUT;
            nfho.pf = PF_INET;
            nfho.priority = NF_IP_PRI_FIRST;

            if (nf_register_hook(&nfho))
            {
                printk(KERN_INFO "Error while registering packet filter.\n");
                return 1;
            }
            printk(KERN_INFO "The packet filter has been laoded successfully.\n");
            return 0;
        }

        void cleanup_module()
        {
            nf_unregister_hook(&nfho);
        printk(KERN_INFO "The packet filter has been un-laoded successfully.\n");
    }

我正在寻找只有传出的数据包，但没有从ack和push flag设置的数据包获得paylod。 skb的地址 - ＆gt; tail和skb-＆gt;数据相同。

我的系统日志结果是，

Feb 22 12:41:14 udesktop kernel: [ 6037.039999] tcp hader address = 3083234568
Feb 22 12:41:14 udesktop kernel: [ 6037.040019] TCP source : 48530, TCP  dest : 3127
Feb 22 12:41:14 udesktop kernel: [ 6037.040021] TCP seq : 2624763273, TCP ack_seq : 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040023] TCP doff : 40, TCP window : 14600
Feb 22 12:41:14 udesktop kernel: [ 6037.040025] TCP check : 0x8285, TCP urg_ptr : 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040027] FLAGS=----S-
Feb 22 12:41:14 udesktop kernel: [ 6037.040030] sending packet to : x.x.x.x
Feb 22 12:41:14 udesktop kernel: [ 6037.040031] DATA :
Feb 22 12:41:14 udesktop kernel: [ 6037.040033] tcp headerlen = 40
Feb 22 12:41:14 udesktop kernel: [ 6037.040034] skb->head  = 3083234304
Feb 22 12:41:14 udesktop kernel: [ 6037.040036] skb->data  = 3083234548
Feb 22 12:41:14 udesktop kernel: [ 6037.040037] tail pointer  = 3083234608
Feb 22 12:41:14 udesktop kernel: [ 6037.040039] end pointer  = 3083234944
Feb 22 12:41:14 udesktop kernel: [ 6037.040041] packet len  = 60
Feb 22 12:41:14 udesktop kernel: [ 6037.040042] skb data len  = 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040044] header len  = 304
Feb 22 12:41:14 udesktop kernel: [ 6037.040805]
Feb 22 12:41:14 udesktop kernel: [ 6037.040807]
Feb 22 12:41:14 udesktop kernel: [ 6037.040808] tcp hader address = 2515565840
Feb 22 12:41:14 udesktop kernel: [ 6037.040812] TCP source : 48530, TCP  dest : 3127
Feb 22 12:41:14 udesktop kernel: [ 6037.040816] TCP seq : 2624763274, TCP ack_seq : 1452430989
Feb 22 12:41:14 udesktop kernel: [ 6037.040820] TCP doff : 32, TCP window : 229
Feb 22 12:41:14 udesktop kernel: [ 6037.040824] TCP check : 0x827d, TCP urg_ptr : 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040827] FLAGS=-A----
Feb 22 12:41:14 udesktop kernel: [ 6037.040830] sending packet to : x.x.x.x
Feb 22 12:41:14 udesktop kernel: [ 6037.040833] DATA : ^A
Feb 22 12:41:14 udesktop kernel: [ 6037.040836] tcp headerlen = 32
Feb 22 12:41:14 udesktop kernel: [ 6037.040838] skb->head  = 2515565568
Feb 22 12:41:14 udesktop kernel: [ 6037.040841] skb->data  = 2515565820
Feb 22 12:41:14 udesktop kernel: [ 6037.040844] tail pointer  = 2515565872
Feb 22 12:41:14 udesktop kernel: [ 6037.040846] end pointer  = 2515566208
Feb 22 12:41:14 udesktop kernel: [ 6037.040849] packet len  = 52
Feb 22 12:41:14 udesktop kernel: [ 6037.040851] skb data len  = 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040854] header len  = 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040966]
Feb 22 12:41:14 udesktop kernel: [ 6037.040968] tcp hader address = 2515557984
Feb 22 12:41:14 udesktop kernel: [ 6037.040971] TCP source : 48530, TCP  dest : 3127
Feb 22 12:41:14 udesktop kernel: [ 6037.040975] TCP seq : 2624763274, TCP ack_seq : 1452430989
Feb 22 12:41:14 udesktop kernel: [ 6037.040979] TCP doff : 32, TCP window : 229
Feb 22 12:41:14 udesktop kernel: [ 6037.040982] TCP check : 0x833c, TCP urg_ptr : 0
Feb 22 12:41:14 udesktop kernel: [ 6037.040990] FLAGS=-AP---
Feb 22 12:41:14 udesktop kernel: [ 6037.040991] sending packet to : x.x.x.x
Feb 22 12:41:14 udesktop kernel: [ 6037.040993] DATA : ^A
Feb 22 12:41:14 udesktop kernel: [ 6037.040994] tcp headerlen = 32
Feb 22 12:41:14 udesktop kernel: [ 6037.040995] skb->head  = 2515557376
Feb 22 12:41:14 udesktop kernel: [ 6037.040996] skb->data  = 2515557964
Feb 22 12:41:14 udesktop kernel: [ 6037.040997] tail pointer  = 2515558016
Feb 22 12:41:14 udesktop kernel: [ 6037.040998] end pointer  = 2515558016
Feb 22 12:41:14 udesktop kernel: [ 6037.040999] packet len  = 243
Feb 22 12:41:14 udesktop kernel: [ 6037.041000] skb data len  = 191
Feb 22 12:41:14 udesktop kernel: [ 6037.041001] header len  = 640

可以帮助我从传出数据包中获得有效负载的正确方法。感谢。

修改的我以十六进制格式打印数据，从skb-＆gt;数据到skb-＆gt;尾部，如下所示：

ACK数据包中的数据： 45 0 0 34 4c 73 40 0 40 6 6b fa c0 a8 0 fc c0 a8 0 a c0 4e c 37 84 50 39 35 d8 88 93 77 80 10 0 e5 82 7d 0 0 1 1 8 a 0 3f 75 46 0 0 0 0

ACK + PUSH包中的数据： 45 0 0 d4 4c 74 40 0 40 6 6b 59 c0 a8 0 fc c0 a8 0 a c0 4e c 37 84 50 39 35 d8 88 93 77 80 18 0 e5 83 1d 0 0 1 1 8 a 0 3f 75 46 0 0 0 0

如何从netfilter内核模块linux

0 个答案: