c - Print TCP Packet Data -


in tcp communication, when packet being transferred ethernet network(ip) layer, want print data present in packet?

i working on linux.

i got information can done of linux kernel code i.e in linux nat firewall code. kernel source code? these coding being done?

how print data tcp packets

below example need: hook received tcp packets , print payloads. if want print other information received packet (like binary data), need modify bit section under comment:

/* ----- print needed information received tcp packet ------ */

if need trace transmitted packets instead of received ones, can replace line:

nfho.hooknum = nf_inet_pre_routing;

with one:

nfho.hooknum = nf_inet_post_routing;

save next files , issue make command build kernel module. sudo insmod print_tcp.ko load it. after able see sniffed information using dmesg command. if want unload module, run sudo rmmod print_tcp command.

print_tcp.c:

#include <linux/module.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/ip.h> #include <linux/tcp.h>  #define ptcp_watch_port     80  /* http port */  static struct nf_hook_ops nfho;  static unsigned int ptcp_hook_func(const struct nf_hook_ops *ops,                                    struct sk_buff *skb,                                    const struct net_device *in,                                    const struct net_device *out,                                    int (*okfn)(struct sk_buff *)) {     struct iphdr *iph;          /* ipv4 header */     struct tcphdr *tcph;        /* tcp header */     u16 sport, dport;           /* source , destination ports */     u32 saddr, daddr;           /* source , destination addresses */     unsigned char *user_data;   /* tcp data begin pointer */     unsigned char *tail;        /* tcp data end pointer */     unsigned char *it;          /* tcp data iterator */      /* network packet empty, seems problem occurred. skip */     if (!skb)         return nf_accept;      iph = ip_hdr(skb);          /* ip header */      /* skip if it's not tcp packet */     if (iph->protocol != ipproto_tcp)         return nf_accept;      tcph = tcp_hdr(skb);        /* tcp header */      /* convert network endianness host endiannes */     saddr = ntohl(iph->saddr);     daddr = ntohl(iph->daddr);     sport = ntohs(tcph->source);     dport = ntohs(tcph->dest);      /* watch port of interest */     if (sport != ptcp_watch_port)         return nf_accept;      /* calculate pointers begin , end of tcp packet data */     user_data = (unsigned char *)((unsigned char *)tcph + (tcph->doff * 4));     tail = skb_tail_pointer(skb);      /* ----- print needed information received tcp packet ------ */      /* show http packets */     if (user_data[0] != 'h' || user_data[1] != 't' || user_data[2] != 't' ||             user_data[3] != 'p') {         return nf_accept;     }      /* print packet route */     pr_debug("print_tcp: %pi4h:%d -> %pi4h:%d\n", &saddr, sport,                               &daddr, dport);      /* print tcp packet data (payload) */     pr_debug("print_tcp: data:\n");     (it = user_data; != tail; ++it) {         char c = *(char *)it;          if (c == '\0')             break;          printk("%c", c);     }     printk("\n\n");      return nf_accept; }  static int __init ptcp_init(void) {     int res;      nfho.hook = (nf_hookfn *)ptcp_hook_func;    /* hook function */     nfho.hooknum = nf_inet_pre_routing;         /* received packets */     nfho.pf = pf_inet;                          /* ipv4 */     nfho.priority = nf_ip_pri_first;            /* max hook priority */      res = nf_register_hook(&nfho);     if (res < 0) {         pr_err("print_tcp: error in nf_register_hook()\n");         return res;     }      pr_debug("print_tcp: loaded\n");     return 0; }  static void __exit ptcp_exit(void) {     nf_unregister_hook(&nfho);     pr_debug("print_tcp: unloaded\n"); }  module_init(ptcp_init); module_exit(ptcp_exit);  module_author("sam protsenko"); module_description("module printing tcp packet data"); module_license("gpl");

makefile:

ifeq ($(kernelrelease),)  kerneldir ?= /lib/modules/$(shell uname -r)/build  module:     $(make) -c $(kerneldir) m=$(pwd) c=1 modules  clean:     $(make) -c $(kerneldir) m=$(pwd) c=1 clean  .phony: module clean  else  module = print_tcp.o cflags_$(module) := -ddebug obj-m := $(module)  endif

explanation

i recommend read book: [4]. particularly interested in next chapters:

  • chapter 11: layer 4 protocols
    • tcp (transmission control protocol)
      • receiving packets network layer (l3) tcp
      • sending packets tcp
  • chapter 9: netfilter
    • netfilter hooks

how obtain linux kernel source code

you can obtain kernel source code using 1 of ways prefer:

  1. vanilla kernel kernel.org (more kernel/git/torvalds/linux.git), using git. e.g. if need k3.13, can done next way:

    $ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git $ cd linux/ $ git checkout v3.13

  2. kernel sources distro. e.g. in debian can install linux-source package (sources installed /usr/src). ubuntu see these instructions.

details:

[1] how tcp header sk_buff

[2] network flow control in linux kernel

[3] writing loadable kernel modules using netfilter hooks

[4] "linux kernel networking: implementation , theory" rami rosen

[5] how access data/payload tcphdr

update

where hook captures packets example? in other words, upon tcp stack don't need take care of packet losing, reordering, etc.?

netfilter hook called in ip_rcv() function (here), working in ipv4 layer (which network layer in osi). believe packet loss handling, packet reordering etc. not handled yet in netfilter hook.

see next links insights:

if want hook packets upon transport layer (tcp) -- netfilter not sufficient task, works exclusively in network layer (ipv4).


-

Popular posts from this blog

html/hta mutiple file in audio player -

ok started coding .hta application , pretty html page .hta extension , adde mp3 player , did work <object data="test.mp3" type="audio/mp3" width="200" height="40"> <param name="src" value="test.mp3"> <param name="autostart" value="0"> </object> but it's 1 song playing again , again , plz there way add multiple files playlist believe it's should added "src" parameters not sure, i'm starting did add "," in between , , tried ";" none of them working i'm waiting answers :d i wanna know if can show me how become familiar tag see it's helpful , powerful activex, audio,video,pdf .... files i'm waiting impatiently [i don't know object, plz plz more clear] get inspired example hta_audio_player.hta <html> <head> <title>hackoo audio player playlist hackoo 2014</title> <hta:app...
Read more

debugging - Reference - What does this error mean in PHP? -

what this? this number of answers warnings, errors , notices might encounter while programming php , have no clue how fix. community wiki, invited participate in adding , maintaining list. why this? questions "headers sent" or "calling member of non-object" pop on stack overflow. root cause of questions same. answers questions typically repeat them , show op line change in his/her particular case. these answers not add value site because apply op's particular code. other users having same error can not read solution out of because localized. sad, because once understood root cause, fixing error trivial. hence, list tries explain solution in general way apply. what should here? if question has been marked duplicate of this, please find error message below , apply fix code. answers contain further links investigate in case shouldn't clear general answer alone. if want contribute, please add "favorite" error message, warning or notic...
Read more