getting wrong ports from tcph->dest

All of lore.kernel.org
 help / color / mirror / Atom feed

* getting wrong ports from tcph->dest
@ 2006-07-31 17:13 benjamin wagrocki
  0 siblings, 0 replies; only message in thread
From: benjamin wagrocki @ 2006-07-31 17:13 UTC (permalink / raw)
  To: netfilter-devel

Hello,

I am hoping, that this is the right place for asking this question. If 
not, please tell my, where I can find help for my problem.

I am writing a kernel modul, which connects to the netfilter hooks . 
This modul is ought to take over the firewalling. I am doing this just 
for educational purpose.  My  problem  now is; I am not getting the  
correct  tcp/udp  destination and  source ports.  For instance when I 
start "wget localhost" my kernel modul is showing the right ports. If I 
do that  from a remote host, the kernel modul shows always dport=48 
independent of the real  dport  the remote host is trying to connect to  
(port 80 or 81...)

Here is what my kernel modul displays to /var/log/messages:

wget localhost:
-------------------

DROPPED: SRC: 127.0.0.1 : 55732  DST: 127.0.0.1 : 80  IPv: 4  Prot: 6  
Frag: 64 TTL: 64 TOT_LEN: 44
DROPPED: SRC: 127.0.0.1 : 17664  DST: 127.0.0.1 : 44  IPv: 4  Prot: 6  
Frag: 64 TTL: 64 TOT_LEN: 44
DROPPED: SRC: 127.0.0.1 : 80  DST: 127.0.0.1 : 55732  IPv: 4  Prot: 6  
Frag: 64 TTL: 64 TOT_LEN: 40
DROPPED: SRC: 127.0.0.1 : 17664  DST: 127.0.0.1 : 40  IPv: 4  Prot: 6  
Frag: 64 TTL: 64 TOT_LEN: 40

//I am also not unterstanding, why four packets have been generated and 
not just two?

remote (winxp-firefox connecting to port 80):
DROPPED: SRC: 192.168.198.97 : 17664  DST: 192.168.198.1 : 48  IPv: 4  
Prot: 6  Frag: 64 TTL: 128 TOT_LEN: 48

remote (connecting to port 443):
DROPPED: SRC: 192.168.198.97 : 17664  DST: 192.168.198.1 : 48  IPv: 4  
Prot: 6  Frag: 64 TTL: 128 TOT_LEN: 48

There is no difference and the ports are wrong, why?

My kernel modul is running on Fedora 4, could this be the reason? I 
already turned off the SELinux extension, but this didn't help.

Here some relevant code parts:
struct sk_buff *skb = *skb_p;
struct tcphdr *tcph = skb->h.th;
unsigned int sport;
unsigned int dport;
...
sport = convert_port(tcph->source);
dport = convert_port(tcph->dest);
...
printk("\033[31m DROPPED: SRC: %u.%u.%u.%u : %u  DST: %u.%u.%u.%u : %u  
IPv: %u  Prot: %u  Frag: %u TTL: %u TOT_LEN: %u \033[30m \n"

,saddr.ipbyte[0],saddr.ipbyte[1],saddr.ipbyte[2],saddr.ipbyte[3], sport, 
daddr.ipbyte[0],daddr.ipbyte[1],daddr.ipbyte[2],daddr.ipbyte[3],
       dport, iph->version, iph->protocol, iph->frag_off, iph->ttl, 
totallength);

-- 
Best regards,
-Benjamin Wagrocki-

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-07-31 17:13 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-31 17:13 getting wrong ports from tcph->dest benjamin wagrocki

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.