• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NKE programming: ipf_input filter arguments
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NKE programming: ipf_input filter arguments

  • Subject: Re: NKE programming: ipf_input filter arguments
  • From: "John D." <email@hidden>
  • Date: Sun, 21 Dec 2008 18:40:02 +0100
Thanks, I fixed this by using both offset and calculating the one to
packet body from th_off etc.
The values must be validated in the filter since they don't seem to be
checked elsewhere.

John.

On Thu, Dec 18, 2008 at 6:10 PM, Stéphane Sudre <email@hidden> wrote:
>
> On Dec 14, 2008, at 5:10 PM, John D. wrote:
>
>> Hi,
>>
>> I'm having trouble with my IP (v4) ipf_input_func. It registers
>> properly and works fine through my initialization code, but the data
>> argument is confusing, as well as the offset one. The documentation
>> says data (which is a mbuf_t pointer,  aka struct __mbuf **) points at
>> start of data with the IP header. My code only inspects TCP packets,
>> checking the protocol argument and ignoring the packet (returning zero
>> immediately) if it's not IPPROTO_TCP.
>>
>> The problem arises when I try to read the tcphdr structure from the
>> data argument. The documentation again says that I should read
>> data+offset, and doing so yields unconsistent results. Source and
>> destination ports are incorrect after converting them back to host
>> native endianness (little endian here, thus using ntohs()) and the
>> whole structure seems to be incorrect, which makes me think I'm
>> reading a wrong location. I tested with UDP packets and it's the same
>> situation.
>>
>> What information is contained in reality within the data argument?
>> Does the offset argument count the IP header itself too?
>>
>> For example:
>>
>> struct udphdr *udphdr = (struct udphdr *) (data + offset);
>> struct tcphdr *tcphdr = (struct tcphdr *) (data + offset);
>>
>> The IP filter function arguments:
>> (void *cookie, mbuf_t *data, int offset, u_int8_t protocol)
>
> data is the pointer to the mbuf_t not the pointer to the packet data.
>
> You need  to use the accessor:
>
> struct ip * tIPv4Header;
>
> tIPv4Header=(struct ip *) mbuf_data(*data);
>
>
> My $0.02
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >NKE programming: ipf_input filter arguments (From: "John D." <email@hidden>)
 >Re: NKE programming: ipf_input filter arguments (From: Stéphane Sudre <email@hidden>)

  • Prev by Date: Re: Kernel extensions
  • Next by Date: Allocate contiguous wired memory and obtain physical address
  • Previous by thread: Re: NKE programming: ipf_input filter arguments
  • Next by thread: Obtaining data (packet body) from TCP packet via ipf_input_func
  • Index(es):
    • Date
    • Thread