Welcome! Log In Create A New Profile

Advanced

problem with netfilter hook function struct skbuff *sock is null..

Posted by pavan6754 
iam trying to built a firewall.so i have used netfilter for it.
in function main_hook sock_buff is returning null and in my log file continuously "sock buff null" is printed plse help to solve this problem..
(using print_string iam printing strings on current terminal (terminal we ping))
#include <linux/ip.h>  
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netdevice.h>
#include <linux/init.h>
#include <linux/sched.h>	
#include <linux/tty.h>		
#include <linux/version.h> 
#include<linux/inet.h> 
#include<linux/skbuff.h>
#include <linux/in.h>
# define NF_IP_PRE_ROUTING 0  
static struct nf_hook_ops netfilter_ops_in; 
struct sk_buff *sock_buff;
struct iphdr *ipptr;
static void print_string(char *str)
{
	struct tty_struct *my_tty;
        my_tty = current->signal->tty;

	if (my_tty != NULL) {

		
		((my_tty->driver)->ops->write) (my_tty,str,strlen(str));	

		((my_tty->driver)->ops->write) (my_tty, "\015\012", 2);

	}
}
unsigned int main_hook(unsigned int hooknum,  
                  struct sk_buff **skb,
                  const struct net_device *in,
                  const struct net_device *out,
                  int (*okfn)(struct sk_buff*))
{
    sock_buff = *skb;
    if(!sock_buff){ printk("sock buff null\n"winking smiley; return NF_ACCEPT; }
    printk(KERN_ALERT "sockbuff is not zero\n"winking smiley;
    ipptr=(struct iphdr *)skb_network_header(sock_buff);                   
    if(!(ipptr))
    { 
            printk(KERN_ALERT "ipptr is ZERO\n"winking smiley; 
            return NF_ACCEPT; 
    }   
    if(ipptr->saddr == in_aton("10.10.30.1"winking smiley)
    { 
         print_string("packet dropped(10.10.30.1)\n"winking smiley;             
         return NF_DROP; 
    }     
    return NF_ACCEPT;
}
int init_module()
{
        netfilter_ops_in.hook                   =       (nf_hookfn *)main_hook;
        netfilter_ops_in.pf                     =       PF_INET;
        netfilter_ops_in.hooknum                =       NF_IP_PRE_ROUTING;
        netfilter_ops_in.priority               =       NF_IP_PRI_FIRST;
        nf_register_hook(&netfilter_ops_in); 
        printk("firewall Setuped\n"winking smiley;
return 0;
}
void cleanup()
{
nf_unregister_hook(&netfilter_ops_in); /*unregister NF_IP_PRE_ROUTING hook*/

}
Hi Im running into this problem too. Did you find a solution this by any chance ?
Folks,

I'm receiving an encapsulated packet that looks like

outer iph
outer udph
foreign header
inner iph
inner udph
data


What I'd like to do is strip off the outer IP, UDP and
foreign headers in ip_rcv and requeue the packet to IP to
process the rest of the packet (inner IP header,
etc). What's the clean way to do this? In freeBSD you
might do something like

(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);

but I'm not exactly sure what the analogous thing is for
linux. Any insight greatly appreciated.

Thnx,

Dave
Re: problem with netfilter hook function struct skbuff *sock is null..
November 25, 2009 03:13PM
Hi!

It seems that you have the parameter list of main_hook wrong. The caller does not give you struct **skb, it gives you struct *skb. If you change this, you should not need to cast it to (nf_hookfn *).

-Michi

---
programing a layer 3+4 network protocol for mesh networks
see [michaelblizek.twilightparadox.com]
Re: problem with netfilter hook function struct skbuff *sock is null..
November 25, 2009 03:28PM
Hi!

@David Meyer:
I would do this by creating a virtual network device which receives the packets after stripping the headers. There is a kernel patch called ethos which does this. You can also do this in userspace by opening the udp port and the tun/tap device (see Documentation/networking/tuntap.txt for more details).

However, I will be interested, what (project?) you need this for, if you allow me to be curious.
-Michi

---
programing a layer 3+4 network protocol for mesh networks
see [michaelblizek.twilightparadox.com]
@pavan6754

Hi,

the parameters vary a mong the linux versions:

with the linux versions >= 2,6,20 , the declaration of hook function must be : hookf(......., struct sk_buff *skb) , that means ONLY one asterisk.

BR

Mans
MAN you gave a good clue. changing the struct gave access to valid sk_buff .. thx a ton. i have more queries to ask . if u ack my thx , may be i can put some queries.
Re: problem with netfilter hook function struct skbuff *sock is null..
May 29, 2012 09:45AM
Hello vin are you going to make this clue just Highgate. i did not think so it is so working i tried but nothing found i hope better look first to make your post ........
Re: problem with netfilter hook function struct skbuff *sock is null..
June 25, 2012 10:27AM
Marksteven Wrote:
-------------------------------------------------------
> Hello vin are you going to make this clue just
> Highgate. i did not think so it is so working i
> tried but nothing found i hope better look first
> to make your post ........

Dental Implants Los Angeles
Author:

Your Email:


Subject:


Spam prevention:
Please, solve the mathematical question and enter the answer in the input field below. This is for blocking bots that try to post this form automatically.
Question: how much is 2 plus 15?
Message: