Hello all,
While writing kernel module packet sniffer i
start with first accessing packets length
and its data part.so, to start i try to access packet
data first and copy it to other variable to dump
its contents but i am facing a problem while accessing
the packet's data. As i have studied i
found that data in packet at any layer resides in
between data and tail pointers. So if i
have to print it or copy it in any unsigned string
then how to do that?
I tried with following example which
receives packet and print data part at IP layer. But I
am not sure whether am i getting packet dump or
address of string packet?
Thanks in advance.
regards,
linux_lover
#define MODULE
#define __KERNEL__
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/string.h>
static struct nf_hook_ops nfho;
unsigned int hook_func(unsigned int hooknum,struct
sk_buff **skb,
const struct
net_device *in,
const struct
net_device *out,
int (*okfn)(struct
sk_buff *))
{
struct sk_buff *sb = *skb;
printk(KERN_DEBUG "calling hook_func at
NF_IP_LOCAL_OUT\n");
unsigned char *packet;
unsigned int buflen;
int i=0;
buflen=sb->len;
packet=kmalloc(buflen,GFP_USER);
memset(packet,'\0',buflen);
printk(KERN_DEBUG "Length of skb->data in hook
function = %d\n", buflen);
strncpy(packet,sb->data,buflen);
printk(KERN_DEBUG "packet contents of sb->data
in hook function = %x\n", packet);
return NF_ACCEPT;
}
static int __init init(void)
{
nfho.hook = hook_func;
nfho.hooknum = NF_IP_LOCAL_OUT;
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_hook(&nfho1);
return 0;
}
static void __exit fini(void)
{
nf_unregister_hook(&nfho1);
}
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");
__________________________________
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250