lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Aug 2008 18:02:07 +0100 From: Ben Hutchings <bhutchings@...arflare.com> To: Thiago Lacerda <thiagotbl@...il.com> Cc: Tobias Koeck <tobias.koeck@...il.com>, netdev@...r.kernel.org Subject: Re: Questions about Linux kernel network programming Thiago Lacerda wrote: > Thanks for your replay Tobias. > > But, doing it as a netfilter module I'm going to interfere in all the > traffic of my PC. > I don't want to do it that way. I want to capture the packets at > kernel and then decide if they will be analyzed by my DPI tool at user > land. My module would act like a filter for my classifier, cause I > want to don't spend time with unncessary copies of packets to user > space memory (like libpcap does, it copies every packets). netfilter modules don't just accept or deny packets. For example there is a LOG module which logs some brief information about any packets it receives. > I'm doing like this: > > * registered a protocol handler with dev_add_pack > * in the function in packet_type struct I'm doing some operations with > the packet, but I'm not passing it to user land yet > > Is that a good way of doing such task? > Does occur any copy of packets during this operation (the copy I know > is that one from the NIC to kernel memory, does any other occur?)? Depends on the driver. > BTW, anyone knows the right way of get a tcp port number in human readable form? > I'm doing like this: > > struct tcphdr* tcp = tcp_hdr(my_sk_buff) > > unsigned short src_port = ntohs(tcp->source) > > And it isn't working, the numbers that I get are not right. Until the packet has gone through the network protocol handler (IP), the transport header pointer will not be set correctly and tcp_hdr() will return a pointer to the start of the packet. Ben. -- Ben Hutchings, Senior Software Engineer, Solarflare Communications Not speaking for my employer; that's the marketing department's job. They asked us to note that Solarflare product names are trademarked. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists