lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 12 Jul 2019 11:51:35 +0530
From:   Rakesh Beck <beckrakesh@...il.com>
To:     netdev@...r.kernel.org
Subject: Help required in a part of transport layer

Hi,
I am looking for some help.

I am trying to intercept packet using netfilter hooks
(NF_IP_LOCAL_OUT) and using source port and destination port from
SK_BUFF, to figure out which processes are using it but I am unable to
do so.

I am only concerned about packets which are sent and received locally.
Therefore, I looked into __udp4_lib_rcv (net/ipv4/udp.c) to see how
packet is assigned to socket and from socket to infer which process is
using it (For receiver). I called udp4_lib_lookup_skb from netfilter
hook but it causes kernel null pointer deference.
For sender, I was thinking to add sending  process pid to sk_buff's secmark.

Is this the correct way to do or is there any other way? kindly point
me to resources which will help me achieve my goal.

Thanks,
Rakesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ