Re: NKE programming: ipf_input filter arguments
Re: NKE programming: ipf_input filter arguments
- Subject: Re: NKE programming: ipf_input filter arguments
- From: Stéphane Sudre <email@hidden>
- Date: Thu, 18 Dec 2008 18:10:17 +0100
On Dec 14, 2008, at 5:10 PM, John D. wrote:
Hi,
I'm having trouble with my IP (v4) ipf_input_func. It registers
properly and works fine through my initialization code, but the data
argument is confusing, as well as the offset one. The documentation
says data (which is a mbuf_t pointer, aka struct __mbuf **) points at
start of data with the IP header. My code only inspects TCP packets,
checking the protocol argument and ignoring the packet (returning zero
immediately) if it's not IPPROTO_TCP.
The problem arises when I try to read the tcphdr structure from the
data argument. The documentation again says that I should read
data+offset, and doing so yields unconsistent results. Source and
destination ports are incorrect after converting them back to host
native endianness (little endian here, thus using ntohs()) and the
whole structure seems to be incorrect, which makes me think I'm
reading a wrong location. I tested with UDP packets and it's the same
situation.
What information is contained in reality within the data argument?
Does the offset argument count the IP header itself too?
For example:
struct udphdr *udphdr = (struct udphdr *) (data + offset);
struct tcphdr *tcphdr = (struct tcphdr *) (data + offset);
The IP filter function arguments:
(void *cookie, mbuf_t *data, int offset, u_int8_t protocol)
data is the pointer to the mbuf_t not the pointer to the packet data.
You need to use the accessor:
struct ip * tIPv4Header;
tIPv4Header=(struct ip *) mbuf_data(*data);
My $0.02
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden