From: "Ranjeet Shetye" <ranjeet.shetye@zultys.com>
To: <netfilter-devel@lists.netfilter.org>
Subject: Brute force printk routines for looking at netfilter structures
Date: Tue, 17 Dec 2002 12:16:32 -0800 [thread overview]
Message-ID: <000001c2a609$30f256e0$0100a8c0@zultys.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1546 bytes --]
I was trying to understand how the various data values were being
transferred within the connection tracking and the nat modules.
Unfortunately, I dont have the brains of Einstein so I went for the
brute force method.
I slit open Netfilter's guts and printk'd the whole damn thing out. Its
gross, its not kernel-style or systems-style coding, but hey it let me
figure out what was happening inside the netfilter mechanism. I wrote my
own stuff instead of using the builtin print mechanisms cos I want to
see and understand EVERY variable, every pointer, every data value,
EVERYTHING!
Within one day, I have gained more confidence. Now you can too!!!! The
Amazing nf_debug.c method by the Kernel Professor. :D (legal disclaimer:
Results not typical of regular users.)
The kernel works really slowly with all the printks, like its stuck in
molasses. Since I am working with multiple kernel trees, I've put the
original copy in my home directory, and linked to it in the netfilter
dirs of every kernel I am interested in. Modify Makefile to add
nf_debug.o to the list of nat objects, run make dep, make bzimage, and
you should be set to observe a very slow kernel.
The way to use this file is to use it VERY sparingly, and you should
trigger the debug code using a SINGLE packet. YOU HAVE BEEN WARNED!
I am still adding some routines and will post a complete copy once I am
done.
Thanks,
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale CA 94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/
[-- Attachment #2: nf_debug.c --]
[-- Type: application/octet-stream, Size: 11599 bytes --]
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
#include "nf_debug.h"
signed int nf_debug_indent = 0;
#define NF_DPF(format, args...) \
{\
/* printk ("%s () at %s:%d ", __FUNCTION__, __FILE__, __LINE__); */\
{\
int i = 0;\
for ( i = 0; i < nf_debug_indent; i++)\
{\
printk ("\t");\
}\
}\
printk (format,##args);\
}
void my_print_ip_nat_manip_type (enum ip_nat_manip_type * maniptype)
{
nf_debug_indent++;
if (maniptype == NULL)
{
NF_DPF ("pointer to enum ip_nat_manip_type:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("enum ip_nat_manip_type:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_hash (struct ip_nat_hash * hash)
{
nf_debug_indent++;
if (hash == NULL)
{
NF_DPF ("pointer to ip_nat_hash:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_hash:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_helper (struct ip_nat_helper * helper)
{
nf_debug_indent++;
if (helper == NULL)
{
NF_DPF ("pointer to ip_nat_helper:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_helper:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_info_manip (struct ip_nat_info_manip * manip)
{
nf_debug_indent++;
if (manip == NULL)
{
NF_DPF ("pointer to ip_nat_info_manip:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_info_manip:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_mapping_type (struct ip_nat_mapping_type * mapping_type)
{
nf_debug_indent++;
if (mapping_type == NULL)
{
NF_DPF ("pointer to ip_nat_mapping_type:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_mapping_type:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_seq (struct ip_nat_seq * seq)
{
nf_debug_indent++;
if (seq == NULL)
{
NF_DPF ("pointer to ip_nat_seq:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_seq:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_ct_tcp (struct ip_ct_tcp * tcp)
{
nf_debug_indent++;
if (tcp == NULL)
{
NF_DPF ("pointer to ip_ct_tcp:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_ct_tcp:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_ct_icmp (struct ip_ct_icmp * icmp)
{
nf_debug_indent++;
if (icmp == NULL)
{
NF_DPF ("pointer to ip_ct_icmp:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_ct_icmp:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_timer_list (struct timer_list * timerlist)
{
nf_debug_indent++;
if (timerlist == NULL)
{
NF_DPF ("pointer to timer_list:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("timer_list:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_tuple_hash (struct ip_conntrack_tuple_hash * hash)
{
nf_debug_indent++;
if (hash == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple_hash:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_tuple_hash:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_manip_proto (union ip_conntrack_manip_proto * manip_proto)
{
nf_debug_indent++;
if (manip_proto == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip_proto:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_manip_proto::Union of all, icmp.id, tcp.port, "
"udp.port = %d\n", manip_proto->all);
nf_debug_indent--;
return;
}
void my_print_ip_nat_range (struct ip_nat_range * range)
{
nf_debug_indent++;
if (range == NULL)
{
NF_DPF ("pointer to ip_nat_range:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_range::flags = %d\n", range->flags);
NF_DPF ("ip_nat_range::min_ip = 0x%08X\n", range->min_ip);
NF_DPF ("ip_nat_range::max_ip = 0x%08X\n", range->max_ip);
NF_DPF ("ip_nat_range::Union of min and max, of type ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(range->max));
nf_debug_indent--;
return;
}
void my_print_nf_conntrack (struct nf_conntrack * nfc_ptr)
{
nf_debug_indent++;
if (nfc_ptr == NULL)
{
NF_DPF ("pointer to nf_conntrack:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("nf_conntrack::use.counter = %d\n", nfc_ptr->use.counter);
NF_DPF ("nf_conntrack::(*destroy) = %p\n", nfc_ptr->destroy);
nf_debug_indent--;
return;
}
void my_print_list_head (struct list_head * list)
{
nf_debug_indent++;
if (list == NULL)
{
NF_DPF ("list_head:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("list_head::next is of type list_head\n");
my_print_list_head (list->next);
NF_DPF ("list_head::prev is of type list_head\n");
my_print_list_head (list->prev);
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_expect (struct ip_conntrack_expect * expect)
{
nf_debug_indent++;
if (expect == NULL)
{
NF_DPF ("pointer to ip_conntrack_expect:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_expect::expectant is of type ip_conntrack\n");
my_print_ip_conntrack (expect->expectant);
NF_DPF ("ip_conntrack_expect::list is of type struct list_head\n");
my_print_list_head (&(expect->list));
NF_DPF ("ip_conntrack_expect::mask is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->mask));
NF_DPF ("ip_conntrack_expect::tuple is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->tuple));
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_helper (struct ip_conntrack_helper * helper)
{
nf_debug_indent++;
if (helper == NULL)
{
NF_DPF ("ip_conntrack_helper:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_helper::list is of type struct list_head [TBD]\n");
/* my_print_list_head (helper->list); */
NF_DPF ("ip_conntrack_helper::mask is of type struct ip_conntrack_tuple [TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->mask)); */
NF_DPF ("ip_conntrack_helper::tuple is of type struct ip_conntrack_tuple [TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->tuple)); */
nf_debug_indent--;
return;
}
void my_print_nf_ct_info (struct nf_ct_info * info)
{
nf_debug_indent++;
if (info == NULL)
{
NF_DPF ("pointer to nf_nt_info:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("nf_ct_info::master is of type struct nf_conntrack *\n");
my_print_nf_conntrack (info->master);
nf_debug_indent--;
return;
}
void my_print_ip_nat_info (struct ip_nat_info * info)
{
int i = 0;
nf_debug_indent++;
if (info == NULL)
{
NF_DPF ("pointer to ip_nat_info:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_info::byipsproto is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->byipsproto));
NF_DPF ("ip_nat_info::bysource is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->bysource));
NF_DPF ("ip_nat_info::helper is of type struct ip_nat_helper *\n");
my_print_ip_nat_helper (info->helper);
NF_DPF ("ip_nat_info::initialized = %d\n", info->initialized);
NF_DPF ("ip_nat_info::manips[IP_NAT_MAX_MANIPS] is an array of type struct ip_nat_info_manip\n");
for (i = 0; i < IP_NAT_MAX_MANIPS; i++)
{
NF_DPF ("ip_nat_info::manips[%d]\n", i);
my_print_ip_nat_info_manip (&(info->manips[i]));
}
NF_DPF ("ip_nat_info::mtype is of type struct ip_nat_mapping_type *\n");
my_print_ip_nat_mapping_type (info->mtype);
NF_DPF ("ip_nat_info::num_manips = %d\n", info->num_manips);
NF_DPF ("ip_nat_info::seq[IP_CT_DIR_MAX] is an array of type struct ip_nat_seq\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_nat_info::seq[%d]\n", i);
my_print_ip_nat_seq (&(info->seq[i]));
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack (struct ip_conntrack *conntrack)
{
int i = 0;
nf_debug_indent++;
if (conntrack == NULL)
{
NF_DPF ("pointer to ip_conntrack:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack::ct_general is of type nf_conntrack\n");
my_print_nf_conntrack (&(conntrack->ct_general));
NF_DPF ("ip_conntrack::expected is of type ip_conntrack_expect\n");
my_print_ip_conntrack_expect (&(conntrack->expected));
NF_DPF ("ip_conntrack::help.ct_ftp_info is of type ip_ct_ftp [TBD]\n");
NF_DPF ("ip_conntrack::help.ct_irc_info is of type ip_ct_irc [TBD]\n");
NF_DPF ("ip_conntrack::helper is of type ip_conntrack_helper\n");
my_print_ip_conntrack_helper (conntrack->helper);
NF_DPF ("ip_conntrack::infos[IP_CT_NUMBER] is an array of type nf_ct_info\n");
for (i = 0; i < IP_CT_NUMBER; i++)
{
NF_DPF ("ip_conntrack::infos[%d]\n", i);
my_print_nf_ct_info (&(conntrack->infos[i]));
}
NF_DPF ("ip_conntrack::master is of type nf_ct_info\n");
my_print_nf_ct_info (&(conntrack->master));
NF_DPF ("ip_conntrack::nat is of type anonymous\n");
NF_DPF ("ip_conntrack::nat.masq_index=%d\n", conntrack->nat.masq_index);
NF_DPF ("ip_conntrack::nat.info is of type ip_nat_info\n");
my_print_ip_nat_info (&(conntrack->nat.info));
NF_DPF ("ip_conntrack::Union of tcp and icmp, of type anonymous\n");
my_print_ip_ct_tcp (&(conntrack->proto.tcp));
my_print_ip_ct_icmp (&(conntrack->proto.icmp));
NF_DPF ("ip_conntrack::status = %lu\n", conntrack->status);
NF_DPF ("ip_conntrack::timeout is of type struct timer_list\n");
my_print_timer_list (&(conntrack->timeout));
NF_DPF ("ip_conntrack::tuplehash[IP_CT_DIR_MAX] is an array of type struct ip_conntrack_tuple_hash\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_conntrack::tuplehash[%d]\n", i);
my_print_ip_conntrack_tuple_hash (&(conntrack->tuplehash[i]));
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_tuple (struct ip_conntrack_tuple *tuple)
{
nf_debug_indent++;
if (tuple == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_tuple::dst.ip = 0x%08X\n", tuple->dst.ip);
NF_DPF ("ip_conntrack_tuple::dst.protonum = %d\n", tuple->dst.protonum);
NF_DPF ("ip_conntrack_tuple::Union of dst.u.all, dst.u.icmp.id, dst.u.tcp.port, "
"dst.u.udp.port = %d\n", tuple->dst.u.all);
NF_DPF ("ip_conntrack_tuple::src is of type ip_conntrack_manip\n");
my_print_ip_conntrack_manip (&(tuple->src));
nf_debug_indent--;
return;
}
void my_print_maniptype (enum ip_nat_manip_type maniptype)
{
nf_debug_indent++;
if (maniptype == IP_NAT_MANIP_SRC)
{
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_SRC\n");
}
else if (maniptype == IP_NAT_MANIP_DST)
{
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_DST\n");
}
else
{
NF_DPF ("ip_nat_manip_type::maniptype=%d (Unknown)\n", maniptype);
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_manip (struct ip_conntrack_manip * manip)
{
nf_debug_indent++;
if (manip == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_manip::ip = 0x%08X\n", manip->ip);
NF_DPF ("ip_conntrack_manip::u is of type ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(manip->u));
nf_debug_indent--;
return;
}
[-- Attachment #3: nf_debug.h --]
[-- Type: application/octet-stream, Size: 1848 bytes --]
#ifndef _NF_DEBUG_H_
#define _NF_DEBUG_H_
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
void my_print_ip_nat_manip_type (enum ip_nat_manip_type * maniptype);
void my_print_ip_nat_hash (struct ip_nat_hash * hash);
void my_print_ip_nat_helper (struct ip_nat_helper * helper);
void my_print_ip_nat_info_manip (struct ip_nat_info_manip * manip);
void my_print_ip_nat_mapping_type (struct ip_nat_mapping_type * mapping_type);
void my_print_ip_nat_seq (struct ip_nat_seq * seq);
void my_print_ip_ct_tcp (struct ip_ct_tcp * tcp);
void my_print_ip_ct_icmp (struct ip_ct_icmp * icmp);
void my_print_timer_list (struct timer_list * timerlist);
void my_print_ip_conntrack_tuple_hash (struct ip_conntrack_tuple_hash * hash);
void my_print_ip_conntrack_manip_proto (union ip_conntrack_manip_proto * manip_proto);
void my_print_ip_nat_range (struct ip_nat_range * range);
void my_print_nf_conntrack (struct nf_conntrack * nfc_ptr);
void my_print_list_head (struct list_head * list);
void my_print_ip_conntrack_expect (struct ip_conntrack_expect * expect);
void my_print_ip_conntrack_helper (struct ip_conntrack_helper * helper);
void my_print_nf_ct_info (struct nf_ct_info * info);
void my_print_ip_nat_info (struct ip_nat_info * info);
void my_print_ip_conntrack (struct ip_conntrack *conntrack);
void my_print_ip_conntrack_tuple (struct ip_conntrack_tuple *tuple);
void my_print_maniptype (enum ip_nat_manip_type maniptype);
void my_print_ip_conntrack_manip (struct ip_conntrack_manip * manip);
#endif /* _NF_DEBUG_H_ */
next reply other threads:[~2002-12-17 20:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-17 20:16 Ranjeet Shetye [this message]
2002-12-17 20:37 ` Brute force printk routines for looking at netfilter structures Patrick Schaaf
2002-12-17 23:07 ` Patrick Schaaf
2002-12-18 20:49 ` nf_debug.c version 0.2 Ranjeet Shetye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000001c2a609$30f256e0$0100a8c0@zultys.com' \
--to=ranjeet.shetye@zultys.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.