PFIL: how to get tcp/ip fields from mbuf

2010-02-01 Thread Lukasz Jaroszewski 
Hello,
I am wondering about most elegant and proper way to get IP header
fields from mbuf, using PFILs. I have read Murat Balaban paper on
PFIL_HOOKS where I found some example function. Question is how can I
access IP header field in such manner.

static int
hisar_chkinput(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
struct inpcb *inp)
{
in_bytes += (*m)-m_len;
return 0;
}
Regards
LVJ.
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: PFIL: how to get tcp/ip fields from mbuf

2010-02-01 Thread Robert Watson 


On Mon, 1 Feb 2010, Lukasz Jaroszewski wrote:

I am wondering about most elegant and proper way to get IP header fields 
from mbuf, using PFILs. I have read Murat Balaban paper on PFIL_HOOKS where 
I found some example function. Question is how can I access IP header field 
in such manner.


The best reference here is probably firewall source code that already exists 
in the tree.  For IP-layer hooks, you'll need to use the m_pullup() call to 
ensure the bytes you want are contiguously stored, and then mtod() to cast the 
mbuf pointer appropriately.  Although I notice ipfw, at least, doesn't call 
m_pullup() for the base header, as it assumes the calling context will already 
have arranged for it to be contiguous:


static int
ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
struct inpcb *inp)
{
...
   if (mtod(*m0, struct ip *)-ip_v == 4)
ret = ip_dn_io_ptr(m0, dir, args);
...

Robert



static int
hisar_chkinput(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
struct inpcb *inp)
{
   in_bytes += (*m)-m_len;
   return 0;
}
Regards
LVJ.
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: PFIL: how to get tcp/ip fields from mbuf

2010-02-01 Thread Lawrence Stewart 

On 02/01/10 22:02, Lukasz Jaroszewski wrote:

Hello,
I am wondering about most elegant and proper way to get IP header
fields from mbuf, using PFILs. I have read Murat Balaban paper on
PFIL_HOOKS where I found some example function. Question is how can I
access IP header field in such manner.

static int
hisar_chkinput(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
struct inpcb *inp)
{
 in_bytes += (*m)-m_len;
 return 0;
}


I hacked on a tool that uses pfil hooks to do in-kernel TCP data 
gathering. Probably has some useful snippets for you to look at in 
addition to Robert's suggestion.


http://svn.freebsd.org/base/projects/tcp_ffcaia2008_head/sys/netinet/siftr.c

Cheers,
Lawrence
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org