Re: libipq and ipq_packet_msg_t (desperate)

Re: libipq and ipq_packet_msg_t (desperate)

[Steven J Scott]

Hello Maarten,

Thanks for the clarification of ipq_packet_msg_t and what is consists of.  I had a feeling it didn't contain ethernet 
header.

So to calculate the offset of the payload would look like the following:

struct iphdr *iph = ((struct iphdr *)m->payload);
struct tcphdr tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));

char *payload = ( (char*)tcp) + sizeof(struct tcphdr);
int payload_length = ntohs(iph->tot_len) - ( sizeof(struct tcphdr) + 
sizeof(struct iphdr) );


Is that correct?
 

Thanks,

Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
Rockwell Automation / Advanced Technology
sjscott@ra.rockwell.com
<---------------------------------------------------->
(This email was sent via Notes running on Linux)




"Maarten Wijnants" <maarten.wijnants@pandora.be>
15/12/2004 09:44 AM

 
        To:     "Ulysses Almeida" <munky@maluco.com.br>, "Steven J Scott" 
<sjscott@ra.rockwell.com>
        cc:     <netfilter-devel@lists.netfilter.org>
        Subject:        Re: libipq and ipq_packet_msg_t (desperate)


Hello Steven,

> Now that I got the ip header, and TCP header.. I am confused on how to 
get
> to the TCP payload.  Correct me if I am wrong, but the ipq_packet_msg_t
> structure is composed of the complete packet.  e.g. ethernet header, IP
> header, TCP header and data.

You are correct in the fact that the ipq_packet_msg_t structure contains 
the 
complete packet, but the ethernet header is NOT included. So in the case 
of 
a TCP/IP packet, the payload of the ipq_packet_msg_t structure first 
contains the IP header and then the TCP header and then the (TCP) payload.

> So what I need to do is setup offsets from
> the ipq_packet_msg_t->payload to point to each of these areas within the
> packet..
>
> So what I need know is how to get the offset of the payload(data 
portion).

Well this is exactly what the code snippet shows. You first parse the ip 
header of the packet (with struct iphdr) to retrieve the (variable) length 

of the IP header. You add this amount of bytes to the payload member of 
the 
ipq_packet_msg_t structure. Add this moment, you are pointing to the 
position in the received packet where the TCP header begins. So you parse 
the TCP header (with struct tcphdr) to retrieve the (variable) length of 
the 
TCP header. If you now also add this amount of bytes, you will point to 
the 
payload of your packet.

> I also need to find the length of the payload section.

This information can also be found by parsing the IP header of the packet 
with the struct iphdr. This struct has a member which specifies the total 
length of the IP packet (including headers!!).

Greetings,
Maarten 

Re: libipq and ipq_packet_msg_t (desperate)

[Henrik Nordstrom]

On Wed, 15 Dec 2004, Steven J Scott wrote:

> Hello Maarten,
>
> Thanks for the clarification of ipq_packet_msg_t and what is consists of.  I had a feeling it didn't contain ethernet
> header.
>
> So to calculate the offset of the payload would look like the following:
>
> struct iphdr *iph = ((struct iphdr *)m->payload);
> struct tcphdr tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
>
> char *payload = ( (char*)tcp) + sizeof(struct tcphdr);
> int payload_length = ntohs(iph->tot_len) - ( sizeof(struct tcphdr) +
> sizeof(struct iphdr) );
>
> Is that correct?

No. You need to use the correct header fields, not sizeof. Something like 
the following should work

payload = ((char *)tcp) + (tcp->doff << 2);

payload_length = ntohs(iph->tot_len) - (payload - (char *)iph);

Regards
Henrik

Re: libipq and ipq_packet_msg_t (desperate)

[Maarten Wijnants]

Hello Steven,

> Now that I got the ip header, and TCP header.. I am confused on how to get
> to the TCP payload.  Correct me if I am wrong, but the ipq_packet_msg_t
> structure is composed of the complete packet.  e.g. ethernet header, IP
> header, TCP header and data.

You are correct in the fact that the ipq_packet_msg_t structure contains the 
complete packet, but the ethernet header is NOT included. So in the case of 
a TCP/IP packet, the payload of the ipq_packet_msg_t structure first 
contains the IP header and then the TCP header and then the (TCP) payload.

> So what I need to do is setup offsets from
> the ipq_packet_msg_t->payload to point to each of these areas within the
> packet..
>
> So what I need know is how to get the offset of the payload(data portion).

Well this is exactly what the code snippet shows. You first parse the ip 
header of the packet (with struct iphdr) to retrieve the (variable) length 
of the IP header. You add this amount of bytes to the payload member of the 
ipq_packet_msg_t structure. Add this moment, you are pointing to the 
position in the received packet where the TCP header begins. So you parse 
the TCP header (with struct tcphdr) to retrieve the (variable) length of the 
TCP header. If you now also add this amount of bytes, you will point to the 
payload of your packet.

> I also need to find the length of the payload section.

This information can also be found by parsing the IP header of the packet 
with the struct iphdr. This struct has a member which specifies the total 
length of the IP packet (including headers!!).

Greetings,
Maarten 

Re: libipq and ipq_packet_msg_t (desperate)

[Steven J Scott]

Ulysses, 

That's funny.. I was actually looking at your howto posted at 
http://www.mileniuminformatica.com.br/artigos.php?id=16 at the same time I 
got your email..

Here's a code snippet:


case IPQM_PACKET: {
                    ipq_packet_msg_t *m = ipq_get_packet(buf);
                    struct iphdr *iph = ((struct iphdr *)m->payload);
                          struct tcp = (struct tcphdr *)(m->payload + 
(iph->ihl << 2));
                          char *payload = 
??????????????????????????????????????

Now that I got the ip header, and TCP header.. I am confused on how to get 
to the TCP payload.  Correct me if I am wrong, but the ipq_packet_msg_t 
structure is composed of the complete packet.  e.g. ethernet header, IP 
header, TCP header and data.  So what I need to do is setup offsets from 
the ipq_packet_msg_t->payload to point to each of these areas within the 
packet..

So what I need know is how to get the offset of the payload(data portion). 
 This is where I am stuck.  I also need to find the length of the payload 
section.

Thanks for your reply,

Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
Rockwell Automation / Advanced Technology
sjscott@ra.rockwell.com
<---------------------------------------------------->
(This email was sent via Notes running on Linux)




Ulysses Almeida <munky@maluco.com.br>
15/12/2004 11:55 AM

 
        To:     Steven J Scott <sjscott@ra.rockwell.com>
        cc:     netfilter-devel@lists.netfilter.org
        Subject:        Re: libipq and ipq_packet_msg_t (desperate)


Steven,

  If you problem is to find payloadi info and headers, I wrote a HowTo 
about this. http://munky.maluco.com.br/libipq.html.

  Problem, it was wrote in pt_BR. But there is a section called "LibIpq By 
Example", where i show a sample code. And i think it's self explanatory.
  If you have some problems to understand, feel free to ask-me.

  Regards.

On Wed, Dec 15, 2004 at 08:22:27AM -0600, Steven J Scott wrote:
> I am really struggling to extract the payload from the ipq_packet_msg_t 
> structure...  Does anyone have experience in this area???  Or could 
point 
> me to the docs, or people? 
> 
> Thanks,
> 
> Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
> Rockwell Automation / Advanced Technology
> sjscott@ra.rockwell.com
> <---------------------------------------------------->
> (This email was sent via Notes running on Linux)
> 

-- 
    .~.  Ulysses Almeida
   / V \  munky@maluco.com.br
 / (   ) \  Seja livre, use GNU/Linux! 
   ^^-^^

Re: libipq and ipq_packet_msg_t (desperate)

[Andrew Kozachenko]

Ulysses Almeida wrote:

>Steven,
>
>  If you problem is to find payloadi info and headers, I wrote a HowTo about this. http://munky.maluco.com.br/libipq.html.
>
It would be nice if you wrote an english version too.

-- 
Regards,
Andrew Kozachenko
Entri ltd.

Re: libipq and ipq_packet_msg_t (desperate)

[Ulysses Almeida]

Steven,

  If you problem is to find payloadi info and headers, I wrote a HowTo about this. http://munky.maluco.com.br/libipq.html.

  Problem, it was wrote in pt_BR. But there is a section called "LibIpq By Example", where i show a sample code. And i think it's self explanatory.
  If you have some problems to understand, feel free to ask-me.

  Regards.

On Wed, Dec 15, 2004 at 08:22:27AM -0600, Steven J Scott wrote:
> I am really struggling to extract the payload from the ipq_packet_msg_t 
> structure...  Does anyone have experience in this area???  Or could point 
> me to the docs, or people? 
> 
> Thanks,
> 
> Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
> Rockwell Automation / Advanced Technology
> sjscott@ra.rockwell.com
> <---------------------------------------------------->
> (This email was sent via Notes running on Linux)
> 

-- 
    .~.  Ulysses Almeida
   / V \  munky@maluco.com.br
 / (   ) \  Seja livre, use GNU/Linux! 
   ^^-^^

Re: libipq and ipq_packet_msg_t (desperate)

[Steven J Scott]

I am really struggling to extract the payload from the ipq_packet_msg_t 
structure...  Does anyone have experience in this area???  Or could point 
me to the docs, or people? 

Thanks,

Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
Rockwell Automation / Advanced Technology
sjscott@ra.rockwell.com
<---------------------------------------------------->
(This email was sent via Notes running on Linux)




Steven J Scott <sjscott@ra.rockwell.com>
Sent by: netfilter-devel-bounces@lists.netfilter.org
13/12/2004 12:27 PM

 
        To:     netfilter-devel@lists.netfilter.org
        cc: 
        Subject:        libipq and ipq_packet_msg_t


Hello,

I am trying to parse the first two bytes of the payload of a TCP packet. 
Am I casting the payload part of the TCP packet right?  Below is the code 
in question.


case IPQM_PACKET: {
                     ipq_packet_msg_t *m = ipq_get_packet(buf);

                     struct iphdr *ip = (struct iphdr*) m->payload;

                     struct tcphdr *tcp = (struct tcphdr*) (m->payload + 
(4 * ip->ihl));
 
                     char *data = (char *)((int32_t *)tcp + tcp->doff);
 
 
                     __u16 command = *(__u16 *) data;
 
 
                         printf("COMMAND: %d\n",ntohs(command) );
 
                     printf("Len data : %d\n", ntohs(m->data_len));
 
                     status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 
0, NULL); 
 
                     }
 

Thanks,

Steven Scott - CISSP, CISA, RHCT, LCP, MCSE
Rockwell Automation / Advanced Technology
sjscott@ra.rockwell.com
<---------------------------------------------------->
(This email was sent via Notes running on Linux)