lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080828170206.GJ7908@solarflare.com>
Date:	Thu, 28 Aug 2008 18:02:07 +0100
From:	Ben Hutchings <bhutchings@...arflare.com>
To:	Thiago Lacerda <thiagotbl@...il.com>
Cc:	Tobias Koeck <tobias.koeck@...il.com>, netdev@...r.kernel.org
Subject: Re: Questions about Linux kernel network programming

Thiago Lacerda wrote:
> Thanks for your replay Tobias.
> 
> But, doing it as a netfilter module I'm going to interfere in all the
> traffic of my PC.
> I don't want to do it that way. I want to capture the packets at
> kernel and then decide if they will be analyzed by my DPI tool at user
> land. My module would act like a filter for my classifier, cause I
> want to don't spend time with unncessary copies of packets to user
> space memory (like libpcap does, it copies every packets).

netfilter modules don't just accept or deny packets.  For example there is
a LOG module which logs some brief information about any packets it
receives.

> I'm doing like this:
> 
> * registered a protocol handler with dev_add_pack
> * in the function in packet_type struct I'm doing some operations with
> the packet, but I'm not passing it to user land yet
> 
> Is that a good way of doing such task?
> Does occur any copy of packets during this operation (the copy I know
> is that one from the NIC to kernel memory, does any other occur?)?

Depends on the driver.

> BTW, anyone knows the right way of get a tcp port number in human readable form?
> I'm doing like this:
> 
> struct tcphdr* tcp = tcp_hdr(my_sk_buff)
> 
> unsigned short src_port = ntohs(tcp->source)
> 
> And it isn't working, the numbers that I get are not right.

Until the packet has gone through the network protocol handler (IP), the
transport header pointer will not be set correctly and tcp_hdr() will return
a pointer to the start of the packet.

Ben.

-- 
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ