hi,
i want to read the "transport layer data" from network tcp/ip packets..
i done a review and find the "skb_prepare_seq_read" and also "skb_seq_read" functions to read the data from skbuffs..
some questions:
1- is it true that "i should use from this functions"??
2- after read, should i change them to host align (ntoh)?
3- do anyone know any piece of code in the kernel that obviously read the transport layer data from network packets? (for help)
best regards...
Some answers...
Hi Ho!
I assume that you want to read the "transport layer data" from the kernel-space with a kernel module.
1-Hmmm.... I don't really know. The last time I worked on a new networking suite (http://sourceforge.net/projects/atn), I accessed the data directly through skb->data after certain calls to skb_pull(). This is done with Linux kernel 2.6.21.5.
2-Yes, definitely you should. But, only on those fields that are larger than a byte (e.g., __be16 or __be32).
3-Ehem... what about having a look at http://sourceforge.net/projects/atn? I learned the way from the IPX code.
Best regards,
Eus
thanks
lord.t
hi, and thanks
base on the skbuff.h i found that the skb->data points to the link layer data and also "h" and "nh" for transport and network layers and base on the "tcp" header structure, i found the way to access the first byte (and so other ...) of transport data
for 2. specially thanks
best regards
be happy
define what you mean
Please define what you mean by 'read the "transport layer data" from network tcp/ip packets'.
for example http packets data, new problem arise: fragmentation?
hi,
for example i want to read the http packets data, so i should access the transport layer data, and recognize that this is an http packet..
the new thing that i hit to is fragmentation.. it's a big problem e.g. fragmentation of tcp header,, i find "skb_header_pointer" function to see if we have a complete tcp header?
but for data!!??? e.g. in the http packet url may be fragmented to two or more packets..
do any one have any idea about fragmentation problem?
best regards..
Yes, I have.
Hi Ho!
I have researched this kind of problem before in Linux 2.6.21.5 for the ATN TP4/CLNP Networking Suite, but I have not collected my research notes in one nice article. Wait for two or three days, I really want to make the article.
If you want to start digging out about this yourself, you can start tracing from
ip_reassembly().Best regards,
Eus
i should reassemble?
hi,
thanks , i like to read your Article "Eus" about fragmentation,,, and waiting..
it seems that we should reassemble packets before reviewing the packet contents,, is it true?
and also i can't find the named function (ip_reassembly)..
Best regards,
Okay, it is there!
Hi Ho!
Okay, the whole information can be read here.
Sorry, the name of the function is
ip_frag_reasm(), notip_reassembly()Whether or not it should be reassembled first before you can read the data depends on where the data are. If the data are in the head, I think there is no need to. But, for further information, you may want to study how Netfilter works because as far as I remember it needs to reassemble the data first.
Best regards,
Eus