- 论坛徽章:
- 0
|
本帖最后由 d4flash 于 2014-08-08 11:43 编辑
我的linux内核版本是2.6.32.62
首先我NF_ARP_IN注册了hook函数ParsePacket
stHookOps.hook = ParsePacket;
stHookOps.hooknum = NF_ARP_IN;
stHookOps.pf = NF_ARP;
stHookOps.priority = NF_IP_PRI_FILTER;
int err = nf_register_hook(&stHookOps);
ParsePacket原型如下:
unsigned int ParsePacket(unsigned int hooknum, struct sk_buff *skb, const struct net_device *indev, const struct net_device *outdev, int(*okfn)(struct sk_buff *))
{
if(skb == NULL || user_process.pid ==0 || pNetlinkFD == NULL)
{
return ;
}
int nArpLen = arp_hdr_len(skb->dev);
struct sk_buff *pNetlinkSKB = alloc_skb(NLMSG_SPACE(nArpLen), GFP_ATOMIC);
if (pNetlinkSKB == NULL)
{
return;
}
struct nlmsghdr *pNetlinkHeader = nlmsg_put(pNetlinkSKB, 0, 0, 0, NLMSG_SPACE(nArpLen) - sizeof(struct nlmsghdr), 0);
memcpy(NLMSG_DATA(pNetlinkHeader), (unsigned char *)(arp_hdr(skb)), nArpLen);
netlink_unicast(pNetlinkFD, pNetlinkSKB, user_process.pid, MSG_DONTWAIT);
return NF_DROP;
}
然后创建了一个netlink
#defined NETLINK_ARP 17
pNetlinkFD = netlink_kernel_create(&init_net, NETLINK_ARP, 0, ReceiveFromUser, NULL, THIS_MODULE);
void ReceiveFromUser(struct sk_buff *skb)
{
struct nlmsghdr *pNetlinkHeader = NULL;
if(skb->len >= sizeof(struct nlmsghdr)){
pNetlinkHeader = (struct nlmsghdr *)skb->data;
if((pNetlinkHeader->nlmsg_len >= sizeof(struct nlmsghdr)) && (skb->len >= pNetlinkHeader->nlmsg_len)) {
user_process.pid = pNetlinkHeader->nlmsg_pid;
}
}
}
以上是模块代码,,,
模块加载进去后,我就按照netlink的流程,做
nSocketFd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ARP );
int nRet = bind(nSocketFd, (struct sockaddr*)&stLocalAddress), sizeof(stLocalAddress));
struct REQUEST_TO_KENEL
{
struct nlmsghdr stNetLinkMsgHeader;
ipq_peer_msg_t stIPQueueMsgBody;
};
struct REQUEST_TO_KENEL stRequestToKernel;
memset(&stRequestToKernel, 0, sizeof(stRequestToKernel));
stRequestToKernel.stNetLinkMsgHeader.nlmsg_len = NLMSG_LENGTH(sizeof(stRequestToKernel));
stRequestToKernel.stNetLinkMsgHeader.nlmsg_flags = NLM_F_REQUEST;
stRequestToKernel.stNetLinkMsgHeader.nlmsg_type = IPQM_MODE;
stRequestToKernel.stNetLinkMsgHeader.nlmsg_pid = stLocalAddress.nl_pid;
stRequestToKernel.stIPQueueMsgBody.msg.mode.value = IPQ_COPY_PACKET;
stRequestToKernel.stIPQueueMsgBody.msg.mode.range = 1024 * 2;
nRet = sendto(nSocketFd, (void*)&stRequestToKernel, stRequestToKernel.stNetLinkMsgHeader.nlmsg_len, 0, (struct sockaddr *)&stPeerAddress, sizeof(stPeerAddress));
做完这些后,我就用recvfrom去接受数据。。
上述整个过程感觉是没有问题的,,但是我通过recvfrom接收不到任何数据,,为啥呢???
我另外一个进程是netlink去接受NETLINK_FIREWALL的数据,是正常的,实现和这个也差不多,唯一不同的是NETLINK_ARP 是我自己注册的协议。
另外,内核中是不是需要做一些配置来支持自定义协议功能?或者我有些什么和ARP相关的模块没有编译进去?
请大家帮助下我,,谢谢。。
20140808追加:
我还是觉得内核里应该需要配置些支持arp包截取的设置,,,我现在是把以下三个编译进内核了,
但好像不行。。。 |
|