All of lore.kernel.org
 help / color / mirror / Atom feed
* IP Queue Conntrack info patch
@ 2003-04-18 15:19 Evrim ULU
  2003-04-27 12:42 ` Harald Welte
  0 siblings, 1 reply; 3+ messages in thread
From: Evrim ULU @ 2003-04-18 15:19 UTC (permalink / raw)
  To: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 1342 bytes --]

Hi,

First post so, flames>>/dev/null ehe:-)


We were coding a userspace firewall and saw there exists no conntrack 
info in ipq_packet_msg_t so added it in an ugly fashion. (with my dear 
*friend* Aycan Irican<aycan@core.gen.tr>) Maybe someone will publish a 
better patch in future.

My question is about arp packets.

I'm trying to process arp packets via ip_queue. I couldn't make the 
below code segment work. I've looked into ip_queue module and saw 
payload is taken from skb->data. I don't know what the skb->data pointer 
really points but i know that if packet is an ip_protocol pack, i can make

iphdr = (struct iphdr *)p->payload

Also, i know that iphdr and arphdr are both network layer headers in 
skbuff structure so, it must run correctly.  When i run it, if protocol 
is ARP, i'm getting 40 bytes of payload which does not fit into arphdr 
(also not in struct ether_arp *) correctly.

void handle_packet(ipq_packet_msg_t *p)
{
proto = ntohs(p->hw_protocol);
switch(proto) {
	case ETH_P_ARP:
         case ETH_P_RARP:
             g_message("got ARP packet");
	    process_arp(p);
}

int process_arp(ipq_packet_msg_t *p)
{
     struct arphdr *arp = p->payload;
     /* PROBLEM , arphdr is not correct */
     switch(ntohs(arp->ar_op)) {
     case ARPOP_REQUEST:
	g_message("Got arp request");
	break;
     }
}

Thnx.
Evrim.

[-- Attachment #2: ip_queue_conntrack.diff --]
[-- Type: text/plain, Size: 1219 bytes --]

--- /usr/src/linux-2.4.20/net/ipv4/netfilter/ip_queue.c	2003-02-15 00:04:41.000000000 +0200
+++ /usr/src/linux/net/ipv4/netfilter/ip_queue.c	2003-04-01 20:23:21.000000000 +0300
@@ -252,6 +252,10 @@
 				                                   pmsg->hw_addr);
 	}
 	
+	if (!ip_conntrack_get(entry->skb, &pmsg->conntrack)) {
+		printk("Matrix has you!\n");
+		goto nlmsg_failure;
+	}
 	if (data_len)
 		memcpy(pmsg->payload, entry->skb->data, data_len);
 		
--- /usr/src/linux-2.4.20/include/linux/netfilter_ipv4/ip_queue.h	2003-02-15 00:04:41.000000000 +0200
+++ /usr/src/linux/include/linux/netfilter_ipv4/ip_queue.h	2003-04-01 20:12:17.000000000 +0300
@@ -17,6 +17,8 @@
 #include <net/if.h>
 #endif	/* ! __KERNEL__ */
 
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+
 /* Messages sent from kernel */
 typedef struct ipq_packet_msg {
 	unsigned long packet_id;	/* ID of queued packet */
@@ -30,6 +32,7 @@
 	unsigned short hw_type;		/* Hardware type */
 	unsigned char hw_addrlen;	/* Hardware address length */
 	unsigned char hw_addr[8];	/* Hardware address */
+	enum ip_conntrack_info conntrack;
 	size_t data_len;		/* Length of packet data */
 	unsigned char payload[0];	/* Optional packet data */
 } ipq_packet_msg_t;

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-27 14:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-18 15:19 IP Queue Conntrack info patch Evrim ULU
2003-04-27 12:42 ` Harald Welte
2003-04-27 14:39   ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.