Netfilter-like kernel module for receiving source and destination addresses

Question

Netfilter-like kernel module for receiving source and destination addresses

I read this guide to write a kernel module for simple network filtering.

Firstly, I have no idea what this means below, and what is the difference between incoming and outgoing data packets (transport layer)?

When a packet passes from the explorer, it moves from the physical layer, the data is the connection layer, the network layer is up, so it may not pass the functions defined in netfilter for skb_transport_header to work.

Secondly, I hate magic numbers, and I want to replace 20(the length of a typical IP header) with any function from the Linux kernel utilities ( source file ).

Any help would be appreciated.

+1

linux linux-kernel kernel-module

schemacs Apr 15 '15 at 16:42

source share

1 answer

Sam Protsenko · Accepted Answer · 2015-04-16T00:59:52+0000

This article is a bit outdated. Text that you do not understand applies only to kernel versions below 3.11.

For new kernels (> = 3.11)

If you are sure that your code will only be used with kernels> = 3.11, you can use the following code for input and output :

udp_header = (struct udphdr *)skb_transport_header(skb);

Or more elegantly:

udp_header = udp_hdr(skb);

This is because the transport header is already configured for you in ip_rcv () :

skb->transport_header = skb->network_header + iph->ihl*4;

This change was caused by this commit .

For older kernels (<3.11)

Outgoing Packages ( `NF_INET_POST_ROUTING`)

.transport_header sk_buffer, (UDP/TCP). , :

udp_header = (struct udphdr *)skb_transport_header(skb);

( ):

udp_header = udp_hdr(skb);

(`NF_INET_PRE_ROUTING`)

.

.transport_header (UDP TCP) sk_buffer ( hook netfilter). .transport_header IP ( ).

, . IP (.. IP .transport_header). :

udp_header = (struct udphdr *)(skb_transport_header(skb) + 20);

, 20 IP.

:

struct iphdr *iph;
struct udphdr *udph;

iph = ip_hdr(skb);

/* If transport header is not set for this kernel version */
if (skb_transport_header(skb) == (unsigned char *)iph)
    udph = (unsigned char *)iph + (iph->ihl * 4); /* skip IP header */
else
    udph = udp_hdr(skb);

IP ( iph->ihl * 4, ) 20.

- 17 :

if (ip_header->protocol == 17) {

IPPROTO_UDP 17:

#include <linux/udp.h>

if (ip_header->protocol == IPPROTO_UDP) {

/ Netfilter

netfilter, . .

:

[1]: GitHub

[2]: "Linux Kernel Networking: "

[3]:

Netfilter-like kernel module for receiving source and destination addresses

For new kernels (> = 3.11)

For older kernels (<3.11)

Outgoing Packages ( NF_INET_POST_ROUTING)

(NF_INET_PRE_ROUTING)

/ Netfilter

More articles:

Outgoing Packages ( `NF_INET_POST_ROUTING`)

(`NF_INET_PRE_ROUTING`)