* IP Queue Conntrack info patch
@ 2003-04-18 15:19 Evrim ULU
2003-04-27 12:42 ` Harald Welte
0 siblings, 1 reply; 3+ messages in thread
From: Evrim ULU @ 2003-04-18 15:19 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1342 bytes --]
Hi,
First post so, flames>>/dev/null ehe:-)
We were coding a userspace firewall and saw there exists no conntrack
info in ipq_packet_msg_t so added it in an ugly fashion. (with my dear
*friend* Aycan Irican<aycan@core.gen.tr>) Maybe someone will publish a
better patch in future.
My question is about arp packets.
I'm trying to process arp packets via ip_queue. I couldn't make the
below code segment work. I've looked into ip_queue module and saw
payload is taken from skb->data. I don't know what the skb->data pointer
really points but i know that if packet is an ip_protocol pack, i can make
iphdr = (struct iphdr *)p->payload
Also, i know that iphdr and arphdr are both network layer headers in
skbuff structure so, it must run correctly. When i run it, if protocol
is ARP, i'm getting 40 bytes of payload which does not fit into arphdr
(also not in struct ether_arp *) correctly.
void handle_packet(ipq_packet_msg_t *p)
{
proto = ntohs(p->hw_protocol);
switch(proto) {
case ETH_P_ARP:
case ETH_P_RARP:
g_message("got ARP packet");
process_arp(p);
}
int process_arp(ipq_packet_msg_t *p)
{
struct arphdr *arp = p->payload;
/* PROBLEM , arphdr is not correct */
switch(ntohs(arp->ar_op)) {
case ARPOP_REQUEST:
g_message("Got arp request");
break;
}
}
Thnx.
Evrim.
[-- Attachment #2: ip_queue_conntrack.diff --]
[-- Type: text/plain, Size: 1219 bytes --]
--- /usr/src/linux-2.4.20/net/ipv4/netfilter/ip_queue.c 2003-02-15 00:04:41.000000000 +0200
+++ /usr/src/linux/net/ipv4/netfilter/ip_queue.c 2003-04-01 20:23:21.000000000 +0300
@@ -252,6 +252,10 @@
pmsg->hw_addr);
}
+ if (!ip_conntrack_get(entry->skb, &pmsg->conntrack)) {
+ printk("Matrix has you!\n");
+ goto nlmsg_failure;
+ }
if (data_len)
memcpy(pmsg->payload, entry->skb->data, data_len);
--- /usr/src/linux-2.4.20/include/linux/netfilter_ipv4/ip_queue.h 2003-02-15 00:04:41.000000000 +0200
+++ /usr/src/linux/include/linux/netfilter_ipv4/ip_queue.h 2003-04-01 20:12:17.000000000 +0300
@@ -17,6 +17,8 @@
#include <net/if.h>
#endif /* ! __KERNEL__ */
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+
/* Messages sent from kernel */
typedef struct ipq_packet_msg {
unsigned long packet_id; /* ID of queued packet */
@@ -30,6 +32,7 @@
unsigned short hw_type; /* Hardware type */
unsigned char hw_addrlen; /* Hardware address length */
unsigned char hw_addr[8]; /* Hardware address */
+ enum ip_conntrack_info conntrack;
size_t data_len; /* Length of packet data */
unsigned char payload[0]; /* Optional packet data */
} ipq_packet_msg_t;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IP Queue Conntrack info patch
2003-04-18 15:19 IP Queue Conntrack info patch Evrim ULU
@ 2003-04-27 12:42 ` Harald Welte
2003-04-27 14:39 ` James Morris
0 siblings, 1 reply; 3+ messages in thread
From: Harald Welte @ 2003-04-27 12:42 UTC (permalink / raw)
To: Evrim ULU; +Cc: netfilter-devel, James Morris
[-- Attachment #1: Type: text/plain, Size: 572 bytes --]
On Fri, Apr 18, 2003 at 06:19:49PM +0300, Evrim ULU wrote:
> Hi,
>
> First post so, flames>>/dev/null ehe:-)
please talk to james morris about ip_queue changes, he is the original
author.
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IP Queue Conntrack info patch
2003-04-27 12:42 ` Harald Welte
@ 2003-04-27 14:39 ` James Morris
0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2003-04-27 14:39 UTC (permalink / raw)
To: Harald Welte; +Cc: Evrim ULU, netfilter-devel
On Sun, 27 Apr 2003, Harald Welte wrote:
> On Fri, Apr 18, 2003 at 06:19:49PM +0300, Evrim ULU wrote:
> > Hi,
> >
> > First post so, flames>>/dev/null ehe:-)
>
> please talk to james morris about ip_queue changes, he is the original
> author.
My feeling is that any further changes to ip_queue of this nature need to
be done as part of a general redesign and integrated with the nfnetlink
work, as a 2.7 thing. e.g. it really needs to be a generalized interface
where you can arbitrarily select what information is sent to userspace.
- James
--
James Morris
<jmorris@intercode.com.au>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-27 14:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-18 15:19 IP Queue Conntrack info patch Evrim ULU
2003-04-27 12:42 ` Harald Welte
2003-04-27 14:39 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.