problem with hook function for DHCP

problem with hook function for DHCP

[Subhash Gopinath]

Hello all,

I am facing problems capturing DHCP packets sent from a client to a server....
Basically, the hook function (defined below) is not getting called for
each packet going out of the system.. Any ideas ?

Thanks in adv,
Subhash

-------------------------------------------------------------------------------

#define DHCP_SERVER_PORT 67

unsigned int out_hook_func(unsigned int hooknum, 
                       struct sk_buff **skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *))
{

        struct udphdr *udp_hdr;
        struct sk_buff *sb = *skb;
        unsigned char *dhcp_hdr, *ptr;
        unsigned int len, sub_id, xid;

        printk (KERN_INFO "Here\n");
        /* Check if the message is valid and is a UDP message */
        if(!sb || !sb->nh.iph || sb->nh.iph->protocol != IPPROTO_UDP)
                return NF_ACCEPT;

        /* Check if the UDP message contains DHCP in the payload */
        udp_hdr = (struct udphdr *)(sb->data + ((sb->nh.iph->ihl)<<2));
        if(udp_hdr->dest != htons(DHCP_SERVER_PORT))
                return NF_ACCEPT;

        printk(KERN_INFO "DHCP packet\n");
        return NF_ACCEPT;

}

int init_module()
{
        /* Register Hook for packets sent */
        out_nfho.hook     = out_hook_func;
        //out_nfho.hooknum  = NF_IP_LOCAL_OUT;
        out_nfho.hooknum  = NF_IP_POST_ROUTING;
        out_nfho.pf       = PF_INET;
        out_nfho.priority = NF_IP_PRI_FIRST;
        nf_register_hook(&out_nfho);
}

void cleanup_module()
{
        nf_unregister_hook(&out_nfho);
}

Re: problem with hook function for DHCP

[Jason Opperisano]

On Mon, Nov 29, 2004 at 11:58:44PM -0800, Subhash Gopinath wrote:
> Hello all,
> 
> I am facing problems capturing DHCP packets sent from a client to a server....
> Basically, the hook function (defined below) is not getting called for
> each packet going out of the system.. Any ideas ?

my idea:  DHCP packets are generated and processed at the BPF layer
(which is below netfilter in the stack); and never pass through any
netfilter hooks.

-j

--
"Default! The two sweetest words in the English language!"
        --The Simpsons

RE: problem with hook function for DHCP

[Hudson Delbert J Contr 61 CS/SCBN]

[-- Attachment #1: Type: text/plain, Size: 867 bytes --]

why not try tcpdump or hardware sniffer onm the lan itself.

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Jason
Opperisano
Sent: Tuesday, November 30, 2004 12:42 PM
To: netfilter@lists.netfilter.org
Subject: Re: problem with hook function for DHCP


On Mon, Nov 29, 2004 at 11:58:44PM -0800, Subhash Gopinath wrote:
> Hello all,
> 
> I am facing problems capturing DHCP packets sent from a client to a
server....
> Basically, the hook function (defined below) is not getting called for
> each packet going out of the system.. Any ideas ?

my idea:  DHCP packets are generated and processed at the BPF layer
(which is below netfilter in the stack); and never pass through any
netfilter hooks.

-j

--
"Default! The two sweetest words in the English language!"
        --The Simpsons

Re: problem with hook function for DHCP

[Subhash Gopinath]

Hi,

I need the o/p netfilter part for something else and not just for
viewing DHCP packets(which can be done with TCPDump as u said).

Basically, I need to store the transaction ID of outgoing DHCP packets
in a table ...
When the server replies, the reply contains the transaction ID, and I
need to match that with the corresponding entry in the table and then
do some stunts later on....

Unfortunately, I am not able to grab all outgoing DHCP
packets....atleast when I put printk in the ougoing filter, messages
are not printed in the dmesg .

Do u think there's a problem with the printk LOG LEVEL ?

thanks,
~Subhash

On Tue, 30 Nov 2004 13:52:23 -0800, Hudson Delbert J Contr 61 CS/SCBN
<delbert.hudson@losangeles.af.mil> wrote:
> why not try tcpdump or hardware sniffer onm the lan itself.
> 
> 
> 
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Jason
> Opperisano
> Sent: Tuesday, November 30, 2004 12:42 PM
> To: netfilter@lists.netfilter.org
> Subject: Re: problem with hook function for DHCP
> 
> On Mon, Nov 29, 2004 at 11:58:44PM -0800, Subhash Gopinath wrote:
> > Hello all,
> >
> > I am facing problems capturing DHCP packets sent from a client to a
> server....
> > Basically, the hook function (defined below) is not getting called for
> > each packet going out of the system.. Any ideas ?
> 
> my idea:  DHCP packets are generated and processed at the BPF layer
> (which is below netfilter in the stack); and never pass through any
> netfilter hooks.
> 
> -j
> 
> --
> "Default! The two sweetest words in the English language!"
>         --The Simpsons
> 
>