想转发包到用户空间,但是nfq_unbind_pf()失败
注意,main()在root帐号下能够正常编译和运行,但是在非root帐号下,能正常编译但是不能正常运行,具体返回信息见下面int main(int argc, char *argv)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
struct nfnl_handle *nh;
int fd;
int rv;
char buf __attribute__ ((aligned));
printf("opening library handle\n");
h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
---->if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
printf("binding this socket to queue '0'\n");
qh = nfq_create_queue(h,0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("setting copy_packet mode\n");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "can't set packet_copy mode\n");
exit(1);
}
fd = nfq_fd(h);
终端输出是:
opening library handle
unbinding existing nf_queue handler for AF_INET (if any)
error during nfq_unbind_pf()
然后查看资料:
int nfq_unbind_pf(struct nfq_handle *h, u_int16_t pf)
{
return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf);
}
从这开始就不会了!!!!!!!!!!!!!!!!!
__build_send_cfg_msg(struct nfq_handle *h, u_int8_t command,
u_int16_t queuenum, u_int16_t pf)
{
char buf[NFNL_HEADER_LEN
+NFA_LENGTH(sizeof(struct nfqnl_msg_config_cmd))];
struct nfqnl_msg_config_cmd cmd;
struct nlmsghdr *nmh = (struct nlmsghdr *) buf;
nfnl_fill_hdr(h->nfnlssh, nmh, 0, AF_UNSPEC, queuenum,
NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK);
cmd.command = command;
cmd.pf = htons(pf);
nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_CMD, &cmd, sizeof(cmd));
return nfnl_talk(h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
}
到底为什么在非管理员的帐号下nfq_unbind_pf(h, AF_INET) < 0,请各位大神帮忙 那么多人在看,就没人回复吗 1. 出错的时候perror一下。
2. strace <你的程序>跟踪一下。 回复 3# Tinnal
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
if (nfq_unbind_pf(h, AF_INET) < 0) {
加了他------->perror("错误错误:\n");
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
终端输出:
opening library handle
unbinding existing nf_queue handler for AF_INET (if any)
错误错误:
: Operation not permitted
error during nfq_unbind_pf()
然后strace -o bbb ./aaa
bbb内容是:
execve("./aaa", ["./aaa"], [/* 49 vars */]) = 0
brk(0) = 0x933000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b582c0000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=115751, ...}) = 0
mmap(NULL, 115751, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0b582a3000
close(3) = 0
open("/lib64/libnetfilter_queue.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=27416, ...}) = 0
mmap(NULL, 2122224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0b5809c000
mprotect(0x7f0b580a2000, 2093056, PROT_NONE) = 0
mmap(0x7f0b582a1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f0b582a1000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\36\2\3054\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2100672, ...}) = 0
mmap(0x34c5000000, 3924576, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x34c5000000
mprotect(0x34c51b4000, 2097152, PROT_NONE) = 0
mmap(0x34c53b4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b4000) = 0x34c53b4000
mmap(0x34c53ba000, 16992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x34c53ba000
close(3) = 0
open("/lib64/libnfnetlink.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\30@\3064\0\0\0"..., 832) = 832
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b5809b000
fstat(3, {st_mode=S_IFREG|0755, st_size=29096, ...}) = 0
mmap(0x34c6400000, 2122096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x34c6400000
mprotect(0x34c6406000, 2093056, PROT_NONE) = 0
mmap(0x34c6605000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x34c6605000
close(3) = 0
open("/lib64/libmnl.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \34\0\3064\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=26248, ...}) = 0
mmap(0x34c6000000, 2117960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x34c6000000
mprotect(0x34c6004000, 2097152, PROT_NONE) = 0
mmap(0x34c6204000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x34c6204000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b5809a000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b58098000
arch_prctl(ARCH_SET_FS, 0x7f0b58098740) = 0
mprotect(0x34c53b4000, 16384, PROT_READ) = 0
mprotect(0x34c6204000, 4096, PROT_READ) = 0
mprotect(0x34c6605000, 4096, PROT_READ) = 0
mprotect(0x7f0b582a1000, 4096, PROT_READ) = 0
mprotect(0x601000, 4096, PROT_READ) = 0
mprotect(0x34c4e1f000, 4096, PROT_READ) = 0
munmap(0x7f0b582a3000, 115751) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b582bf000
write(1, "opening library handle\n", 23) = 23
brk(0) = 0x933000
brk(0x954000) = 0x954000
brk(0) = 0x954000
socket(PF_NETLINK, SOCK_RAW, 12) = 3
getsockname(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, ) = 0
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=3225, groups=00000000}, ) = 0
bind(3, {sa_family=AF_NETLINK, pid=3225, groups=00000000}, 12) = 0
write(1, "unbinding existing nf_queue hand"..., 57) = 57
sendto(3, "\34\0\0\0\2\3\5\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\1\0\4\0\0\2", 28, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 28
recvfrom(3, "0\0\0\0\2\0\0\0\0\0\0\0\231\f\0\0\377\377\377\377\34\0\0\0\2\3\5\0\0\0\0\0"..., 8192, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, ) = 48
dup(2) = 4
fcntl(4, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b582be000
lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(4, "\351\224\231\350\257\257\351\224\231\350\257\257\357\274\232\n", 16) = 16
write(4, ": Operation not permitted\n", 26) = 26
close(4) = 0
munmap(0x7f0b582be000, 4096) = 0
write(2, "error during nfq_unbind_pf()\n", 29) = 29
exit_group(1) = ?
+++ exited with 1 +++
我更蒙了!!!!!!!!!!!!!!!!!!!!!
回复 4# wantaugust
从perror信息来看,就是权限不够了。应该只有root才能做。
从strace来看,没有明显的错误输出。
recvfrom(3, "0\0\0\0\2\0\0\0\0\0\0\0\231\f\0\0\377\377\377\377\34\0\0\0\2\3\5\0\0\0\0\0"..., 8192, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, ) = 48
接收到的这48字节应该是一个数据结构,其中包含错误的信息。
往后的信息,已经是在往错误输出打印了。
dup(2) = 4
fcntl(4, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b582be000
lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(4, "\351\224\231\350\257\257\351\224\231\350\257\257\357\274\232\n", 16) = 16
write(4, ": Operation not permitted\n", 26) = 26
回复 5# Tinnal
谢谢大神,看来我的main只能root运行了
可以setuid,给个root权限。非root用户 回复 7# evilwolf125
我怎么没想到,谢谢
setuid u+g aaa
okle
页:
[1]