Netfilter로 ethernet mac header 정보를 가져올때 질문이요..
글쓴이: tajja78 / 작성시간: 금, 2013/03/22 - 4:01오후
안녕하세요.
현재 virtual box로 ubuntu 12.04 64bit를 돌리고 있구요..
이 상태에서 netfilter 를 이용한 패킷을 잡는 모듈을 만들어 돌려 보고 있는데요..
static struct nf_hook_ops netfilter_ops_in;
static struct nf_hook_ops netfilter_ops_out;
/*
* packet capture callback function from network driver.
*/
unsigned int main_hook(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff*))
{
unsigned char *data;
unsigned char* tran_h;
unsigned char* net_h;
unsigned char* mac_h;
struct iphdr *iph = ip_hdr(skb); /* ip header*/
/* packit capture */
data = (unsigned char*)skb->data;
mac_h = skb_mac_header(skb);
net_h = skb_network_header(skb);
tran_h = skb_transport_header(skb);
switch(iph->protocol) {
case IPPROTO_ICMP: /* Internet Control Message Protocol */
case IPPROTO_TCP: /* Transmission Control Protocol */
case IPPROTO_UDP: /* User Datagram Protocol */
{
printk("emac header : 0x%x %02X %02X \n", mac_h, mac_h[0], mac_h[1]);
printk("network header : 0x%x %02X %02X \n", net_h, net_h[0], net_h[1]);
printk("transport header : 0x%x %02X %02X \n", tran_h, tran_h[0], tran_h[1]);
}
break;
default:
break;
}
}
return NF_ACCEPT;
}
int init_module()
{
/* capture module option */
adpcap_fops.owner = THIS_MODULE;
adpcap_fops.open = adpcap_open;
adpcap_fops.write = adpcap_write;
adpcap_fops.release = adpcap_release;
/* netfilter register hooking option */
netfilter_ops_in.hook = main_hook;
netfilter_ops_in.pf = PF_INET;
netfilter_ops_in.hooknum = NF_INET_PRE_ROUTING;
netfilter_ops_in.priority = NF_IP_PRI_FIRST;
netfilter_ops_out.hook = main_hook;
netfilter_ops_out.pf = PF_INET;
netfilter_ops_out.hooknum = NF_INET_POST_ROUTING;
netfilter_ops_out.priority = NF_IP_PRI_FIRST;
/* set netfilter hooking option */
nf_register_hook(&netfilter_ops_in);
nf_register_hook(&netfilter_ops_out);
/* registering character device module */
register_chrdev(ADPCAP_MAJOR,ADPCAP_NAME,&adpcap_fops);
printk("init module! \n");
return 0;
}이상하게 NF_INET_PRE_ROUTING 를 설정한 incomming packet 을 잡아서 표시하는건 문제없이 잘 되는데..
NF_INET_POST_ROUTING(NF_INET_LOCAL_OUT 도 동일)를 설정한 outgoing packet을 잡아서 표시하려고 하면 mac header 표시 부분에서
죽습니다. mac header 주소값이 NULL이라서 죽는 것도 아니고.. 주소 번지로 접근 하거나 저것을 다른 함수의
인자로 넘기려고 해도 동일하게 죽습니다. 도대체 외그러는 건지 알수가 없네요..
들어오는 패킷은 잘 표시가 되는데 나가는 패킷은 다르게 설정해줘야 하거나 아니면 이게 virtual box같은 가상머신에서 돌려서
그런것인가요? 혹시 아시는분 답변좀 부탁 드립니다.
Forums:
죽을때 나오는 로그입니다.
[ 1230.787594] BUG: unable to handle kernel paging request at ffff8801db814dff
[ 1230.787602] IP: [] main_hook+0xd6/0x1b0 [adpcap]
[ 1230.787610] PGD 1c06063 PUD 0
[ 1230.787614] Oops: 0000 [#8] SMP
[ 1230.787617] CPU 0
[ 1230.787619] Modules linked in: adpcap(O) vboxvideo(O) drm snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm joydev snd_seq_midi snd_rawmidi usbhid snd_seq_midi_event hid snd_seq mac_hid snd_timer snd_seq_device rfcomm psmouse vboxguest(O) serio_raw snd soundcore i2c_piix4 bnep snd_page_alloc parport_pc bluetooth ppdev lp parport e1000 [last unloaded: adpcap]
[ 1230.787645]
[ 1230.787649] Pid: 1135, comm: nmbd Tainted: G D O 3.2.0-38-generic #61-Ubuntu innotek GmbH VirtualBox/VirtualBox
[ 1230.787654] RIP: 0010:[] [] main_hook+0xd6/0x1b0 [adpcap]
[ 1230.787660] RSP: 0018:ffff880104837368 EFLAGS: 00010286
[ 1230.787662] RAX: ffff8800db814e00 RBX: 000000002d00a8c0 RCX: 0000000000000011
[ 1230.787665] RDX: 0000000000000002 RSI: ffff8801db814dff RDI: ffffffffa020813b
[ 1230.787667] RBP: ffff8801048379c8 R08: 00000000ffffffff R09: ffff880104837a60
[ 1230.787670] R10: ffff880104837bc8 R11: 0000000000000000 R12: 00000000ff00a8c0
[ 1230.787672] R13: ffff8800db814e10 R14: ffff8800db814e24 R15: ffff8801174a4000
[ 1230.787676] FS: 00007f00355ed740(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
[ 1230.787678] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1230.787681] CR2: ffff8801db814dff CR3: 0000000103dde000 CR4: 00000000000006f0
[ 1230.787691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1230.787694] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1230.787697] Process nmbd (pid: 1135, threadinfo ffff880104836000, task ffff880105bec500)
[ 1230.787699] Stack:
[ 1230.787700] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 1230.787705] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 1230.787709] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 1230.787713] Call Trace:
[ 1230.787724] [] ? __inc_zone_state+0x5f/0x70
[ 1230.787729] [] ? get_page_from_freelist+0x1cf/0x540
[ 1230.787736] [] ? snmp_fold_field+0x55/0x70
[ 1230.787742] [] ? snmp6_fill_stats+0xdb/0xf0
[ 1230.787746] [] ? inet6_fill_ifla6_attrs+0x27c/0x2a0
[ 1230.787751] [] ? inet6_fill_link_af+0x1a/0x30
[ 1230.787756] [] ? rtnl_fill_ifinfo+0x828/0x930
[ 1230.787761] [] ? ext4_ext_put_in_cache+0x6e/0xf0
[ 1230.787766] [] ? native_sched_clock+0x13/0x80
[ 1230.787770] [] ? sched_clock+0x9/0x10
[ 1230.787774] [] ? sched_clock_local+0x25/0x90
[ 1230.787777] [] ? sched_clock_cpu+0xa8/0x110
[ 1230.787782] [] ? update_shares+0xce/0x100
[ 1230.787788] [] ? __kmalloc_node_track_caller+0x148/0x1e0
[ 1230.787793] [] ? __alloc_skb+0x4b/0x240
[ 1230.787798] [] ? sock_alloc_send_pskb+0x11a/0x280
[ 1230.787802] [] ? ksize+0x1c/0xc0
[ 1230.787806] [] ? __alloc_skb+0x8c/0x240
[ 1230.787809] [] ? memcpy_fromiovecend+0x9a/0xc0
[ 1230.787814] [] nf_iterate+0x85/0xc0
[ 1230.787819] [] ? ip_forward_options+0x1f0/0x1f0
[ 1230.787822] [] nf_hook_slow+0x75/0x150
[ 1230.787827] [] ? ip_forward_options+0x1f0/0x1f0
[ 1230.787832] [] __ip_local_out+0xa4/0xb0
[ 1230.787836] [] ip_local_out+0x16/0x30
[ 1230.787840] [] ip_send_skb+0x1b/0x50
[ 1230.787844] [] udp_send_skb+0x111/0x2a0
[ 1230.787849] [] ? ip_setup_cork+0x150/0x150
[ 1230.787852] [] udp_sendmsg+0x308/0x950
[ 1230.787857] [] ? do_sys_poll+0x1e8/0x260
[ 1230.787862] [] ? __pollwait+0xf0/0xf0
[ 1230.787866] [] inet_sendmsg+0x64/0xb0
[ 1230.787872] [] ? apparmor_socket_sendmsg+0x17/0x20
[ 1230.787876] [] sock_sendmsg+0x10e/0x130
[ 1230.787880] [] ? __pollwait+0xf0/0xf0
[ 1230.787884] [] ? __pollwait+0xf0/0xf0
[ 1230.787887] [] ? __pollwait+0xf0/0xf0
[ 1230.787892] [] ? move_addr_to_kernel+0x71/0x80
[ 1230.787895] [] sys_sendto+0x13d/0x190
[ 1230.787900] [] ? poll_select_set_timeout+0x85/0xa0
[ 1230.787905] [] system_call_fastpath+0x16/0x1b
[ 1230.787907] Code: 42 00 02 00 74 a8 8b 15 91 20 00 00 83 fa 02 7f 9d 44 89 c6 83 c2 01 4c 8d 34 38 48 01 c6 89 15 79 20 00 00 48 c7 c7 3b 81 20 a0 <0f> b6 16 31 c0 e8 95 d7 43 e1 41 0f b6 4d 01 41 0f b6 55 00 4c
[ 1230.787961] RIP [] main_hook+0xd6/0x1b0 [adpcap]
[ 1230.787966] RSP
[ 1230.787967] CR2: ffff8801db814dff
[ 1230.787971] ---[ end trace bcedef694dfb58b2 ]---
구글검색에서 다음 문서에 나오는 그림을 보니(문서
구글검색에서 다음 문서에 나오는 그림을 보니(문서 귀챦아 단순 그림만 봤습니다)
www.cs.columbia.edu/~nahum/w6998/lectures/network-layer.ppt
NF_INET_POST_ROUTING 은 커널이 장치로 보내는 과정 중의 라우팅 루틴이 끝나고 그 다음 맥헤더를 붙이기 위한 루틴 진입 사이를 의미하는 것 같습니다.
이게 맞으면 맥헤더가 아직 없는 패킷이죠.
구글검색에서 다음 문서에 나오는 그림을 보니(문서
감사합니다. 그런줄도 모르고.... 삽질을.... ㅋㅋ
댓글 달기