论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-12-04 13:23 |只看该作者 |倒序浏览

参考别人的程序在LINUX中写了一个数据报头相关信息记录模块：
在netfilter的NF_IP_PRE_ROUTING 处获取IP报头信息，然后通过netlink将所获取的数据发送给用户态程序，在用户态程序中记录相关数据。现在问题是printf("%s %d %s %s %d %s\n",currentTime,ipID,inet_ntoa(saddr),inet_ntoa(daddr),ipLength,localIp);所输出的数据中inet_ntoa(saddr)，inet_ntoa(daddr)，localIp所输出的都是同一个IP地址（如：20071204071336 0 10.20.126.65 10.20.126.65 21504 10.20.126.65）[该数据是通过运行PING命令获得的，本地地址为10.20.126.66，远端地址为10.20.126.65 ]怎么会这样呢？尤其是localIp是在用户空间程序char* localIp=GetIp(localName);直接获得的，怎么还会输出同样的与前两个一个的IP地址呢？
哪位大虾帮忙看看，实在找不出问题所在了！！

“Imp2.h”
#ifndef __IMP2_H__
#define __IMP2_H__
#define IMP2_U_PID 0
#define IMP2_K_MSG 1
#define IMP2_CLOSE 2
#define NL_IMP2    31
struct packet_info
{
  __u16 length;
  __u16 ipid;
  __u32 src;
  __u32 dest;
};
#endif

文库|博客

lihw_2002

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2007-12-04 13:26 |只看该作者

用户空间程序
#include "imp2.h"
#include "GetIp.c"

#define LOG_PATH "/home/log/"
#define FILE_TAIL ".log"
#define INTER_VAL 20

struct msg_to_kernel
{
  struct nlmsghdr hdr;
};

struct u_packet_info
{
  struct nlmsghdr hdr;
  struct packet_info icmp_info;
};
static int skfd;
char *logPath=LOG_PATH;
char fileName[30];
char *fileTail=FILE_TAIL;
char tmpStr[50]={0};
FILE *stream;
char *localName="localhost";
void getCurrentTime(char *str);
static void sig_int(int signo);

int main(){
time_t start,mark,tmp;
struct tm *tim;
struct sockaddr_nl local;
   struct sockaddr_nl kpeer;
int kpeerlen;
   struct msg_to_kernel message;
   struct u_packet_info info;
   int sendlen = 0;
   int rcvlen = 0;
__u16 ipLength;
__u16 ipID;
char currentTime[30];
   struct in_addr saddr,daddr;

   skfd = socket(PF_NETLINK, SOCK_RAW, NL_IMP2);
   if(skfd < 0)
      {
         printf("can not create a netlink socket\n");
      exit(0);
      }

   memset(&local, 0, sizeof(local));
   local.nl_family = AF_NETLINK;
   local.nl_pid = getpid();
   local.nl_groups = 0;
   if(bind(skfd, (struct sockaddr*)&local, sizeof(local)) != 0)
      {
      printf("bind() error\n");
      return -1;
      }

   signal(SIGINT, sig_int);

   memset(&kpeer, 0, sizeof(kpeer));
   kpeer.nl_family = AF_NETLINK;
   kpeer.nl_pid = 0;
   kpeer.nl_groups = 0;

   memset(&message, 0, sizeof(message));
   message.hdr.nlmsg_len = NLMSG_LENGTH(0);
   message.hdr.nlmsg_flags = 0;
   message.hdr.nlmsg_type = IMP2_U_PID;
   message.hdr.nlmsg_pid = local.nl_pid;

   sendto(skfd, &message, message.hdr.nlmsg_len, 0,
   (struct sockaddr*)&kpeer, sizeof(kpeer));

char* localIp=GetIp(localName);

time(&mark);

while(1){
      kpeerlen = sizeof(struct sockaddr_nl);
      rcvlen = recvfrom(skfd, &info, sizeof(struct u_packet_info),0, (struct sockaddr*)&kpeer, &kpeerlen);
      getCurrentTime(currentTime);
      ipLength=info.icmp_info.length;
      ipID=info.icmp_info.ipid;
      saddr.s_addr = info.icmp_info.src;
      daddr.s_addr = info.icmp_info.dest;

      printf("%s %d %s %s %d %s\n",currentTime,ipID,inet_ntoa(saddr),inet_ntoa(daddr),ipLength,localIp);

}

exit(0);
}

void getCurrentTime(char *str){
time_t now;
struct tm *timenow;
time(&now);
timenow=localtime(&now);
strftime(str,30,"%Y%m%d%H%M%S",timenow);
}
static void sig_int(int signo)
{
  struct sockaddr_nl kpeer;
  struct msg_to_kernel message;

  memset(&kpeer, 0, sizeof(kpeer));
  kpeer.nl_family = AF_NETLINK;
  kpeer.nl_pid = 0;
  kpeer.nl_groups = 0;

  memset(&message, 0, sizeof(message));
  message.hdr.nlmsg_len = NLMSG_LENGTH(0);
  message.hdr.nlmsg_flags = 0;
  message.hdr.nlmsg_type = IMP2_CLOSE;
  message.hdr.nlmsg_pid = getpid();

  sendto(skfd, &message, message.hdr.nlmsg_len, 0, (struct sockaddr *)(&kpeer),
      sizeof(kpeer));

  close(skfd);
  exit(0);
}

[ 本帖最后由 lihw_2002 于 2007-12-10 16:08 编辑 ]

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lihw_2002

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2007-12-04 13:27 |只看该作者

内核模块程序：
#include "imp2.h"

DECLARE_MUTEX(receive_sem);

static struct sock *nlfd;

struct
{
  __u32 pid;
  rwlock_t lock;
}user_proc;

static void kernel_receive(struct sock *sk, int len)
{
  do
{
   struct sk_buff *skb;
   if(down_trylock(&receive_sem))
      return;

   while((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL)
      {
      {
         struct nlmsghdr *nlh = NULL;

      if(skb->len >= sizeof(struct nlmsghdr))
            {
            nlh = (struct nlmsghdr *)skb->data;
            if((nlh->nlmsg_len >= sizeof(struct nlmsghdr))
               && (skb->len >= nlh->nlmsg_len))
               {
         if(nlh->nlmsg_type == IMP2_U_PID)
            {
         write_lock_bh(&user_proc.lock);
         user_proc.pid = nlh->nlmsg_pid;
         write_unlock_bh(&user_proc.lock);
            }
         else if(nlh->nlmsg_type == IMP2_CLOSE)
            {
         write_lock_bh(&user_proc.lock);
         if(nlh->nlmsg_pid == user_proc.pid)
            user_proc.pid = 0;
         write_unlock_bh(&user_proc.lock);
            }
      }
      }
      }
      kfree_skb(skb);
      }
   up(&receive_sem);
}while(nlfd && nlfd->sk_receive_queue.qlen);
}

static int send_to_user(struct packet_info *info)
{
  int ret;
  int size;
  unsigned char *old_tail;
  struct sk_buff *skb;
  struct nlmsghdr *nlh;
  struct packet_info *packet;

  size = NLMSG_SPACE(sizeof(*info));

  skb = alloc_skb(size, GFP_ATOMIC);
  old_tail = skb->tail;

  nlh = NLMSG_PUT(skb, 0, 0, IMP2_K_MSG, size-sizeof(*nlh));
  packet = NLMSG_DATA(nlh);
  memset(packet, 0, sizeof(struct packet_info));

  packet->length=info->length;
  packet->ipid=info->ipid;
  packet->src = info->src;
  packet->dest = info->dest;

  nlh->nlmsg_len = skb->tail - old_tail;
  NETLINK_CB(skb).dst_group = 0;

  read_lock_bh(&user_proc.lock);
  ret = netlink_unicast(nlfd, skb, user_proc.pid, MSG_DONTWAIT);
  read_unlock_bh(&user_proc.lock);

  return ret;

nlmsg_failure:
  if(skb)
kfree_skb(skb);
  return -1;
}

static unsigned int get_icmp(unsigned int hook,
               struct sk_buff **pskb,
               const struct net_device *in,
               const struct net_device *out,
               int (*okfn)(struct sk_buff *))
{
  struct iphdr *iph;
  struct sk_buff *skb=*pskb;
  iph=skb->nh.iph;
  struct packet_info info;

  if(iph->protocol == IPPROTO_ICMP)
{
   read_lock_bh(&user_proc.lock);
   if(user_proc.pid != 0)
      {
      read_unlock_bh(&user_proc.lock);
      info.length=iph->tot_len;
      info.ipid=iph->id;
      info.src = iph->saddr;
      info.dest = iph->daddr;
      send_to_user(&info);
      }
   else
         read_unlock_bh(&user_proc.lock);
}

  return NF_ACCEPT;
}

static struct nf_hook_ops imp2_ops =
{
  .hook = get_icmp,
  .pf = PF_INET,
  .hooknum = NF_IP_PRE_ROUTING,
  .priority = NF_IP_PRI_FILTER -1,
};

static int __init init(void)
{
  rwlock_init(&user_proc.lock);

  nlfd = netlink_kernel_create(NL_IMP2,0,kernel_receive,THIS_MODULE);
  if(!nlfd)
{
   printk("can not create a netlink socket\n");
   return -1;
}

  return nf_register_hook(&imp2_ops);
}

static void __exit fini(void)
{
  if(nlfd)
{
   sock_release(nlfd->sk_socket);
}
  nf_unregister_hook(&imp2_ops);
}

module_init(init);
module_exit(fini);

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lihw_2002

白手起家

论坛徽章:: 0

4楼 [报告]

发表于 2007-12-05 16:20 |只看该作者

顶~~~~~~~~,帮帮忙啊

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › 程序设计 › Linux环境编程 › 内核编程问题！

内核编程问题！ [复制链接]

浏览过的版块