lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 3 Jun 2013 15:30:22 +0100
From:	Ben Hutchings <bhutchings@...arflare.com>
To:	Felipe Dias <felipediassss@...il.com>
CC:	<netdev@...r.kernel.org>
Subject: Re: ETH_P_ALL and tcp ports

On Sun, 2013-06-02 at 12:42 -0300, Felipe Dias wrote:
> Hi, someone might try to tell me what I'm doing wrong, please?
> 
> I have a simple module and I registered one packet handler, in init function:
> ---
>      pseudo_proto.type = htons(ETH_P_ALL);
>      pseudo_proto.dev = NULL;
>      pseudo_proto.func = packet_handler;
>      dev_add_pack(&pseudo_proto);
> ---
> 
> My packet_handler, is a simple function just to print in dmesg info
> about the packet, its check if protocol is TCP or UDP before.
> 
> The problem is with TCP headers. I'm trying to get tcp ports with:
> 
> ntohs(tcp_hdr(skb)->dest);
> 
> But always come strange ports numbers.
> 
> My question is: Are the TCP headers filled at this stage ?
> Or I have to register another packet_handler with dev_add_pack() after
> TCP code have done the heavy work?

On the RX path, your packet handler is called before any network or
transport layer processing has been done.  You can only assume that the
network header pointer will be set.

On the TX path, TCP packets generated by the TCP stack will have the
transport header set.  But TCP packets that have been forwarded or
generated by a raw socket won't.

So in either case, you have to parse and validate the IP and TCP headers
yourself.

Ben.

-- 
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ