Received: with ECARTIS (v1.0.0; list netdev); Thu, 30 Dec 2004 03:50:52 -0800 (PST)
Received: from web52202.mail.yahoo.com (web52202.mail.yahoo.com [206.190.39.84])
	by oss.sgi.com (8.13.0/8.13.0) with SMTP id iBUBoPX7017591
	for <netdev@oss.sgi.com>; Thu, 30 Dec 2004 03:50:45 -0800
Received: (qmail 6908 invoked by uid 60001); 30 Dec 2004 11:54:01 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=06aFVnN/Cmo6S1e2S92Rs3ckK1TFKbpkWut3oTxyDKuPSPQmN174UqDqvgZNUB4BHrl0VZ29nf9s+dBEbl5iVKoPVOOlB0reOIvubM4Ku84GEtVQtLdVLhmquqoTn1K7SPnf/RTOcZ3oRwpjAgCSHJEEb+7HMvUE7TcPNTqnaj0=  ;
Message-ID: <20041230115401.6906.qmail@web52202.mail.yahoo.com>
Received: from [202.56.231.117] by web52202.mail.yahoo.com via HTTP; Thu, 30 Dec 2004 03:54:01 PST
Date: Thu, 30 Dec 2004 03:54:01 -0800 (PST)
From: linux lover <linux_lover2004@yahoo.com>
Subject: how to access packet's data part in skbuff?
To: netdev@oss.sgi.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: ClamAV 0.80/638/Tue Dec 21 14:41:34 2004
	clamav-milter version 0.80j
	on 127.0.0.1
X-Virus-Status: Clean
X-archive-position: 13224
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: linux_lover2004@yahoo.com
Precedence: bulk
X-list: netdev

Hello all,
          While writing kernel module packet sniffer
at IP layer,i start with first accessing packets
length 
and its data part.so, to start i try to access packet
data first and copy it to other variable to dump
its contents but i am facing a problem while accessing
the packet's data. As i have studied i 
found that data in packet at any layer resides in
between data and tail pointers.  So if i
have to print it or copy it in any unsigned string
then how to do that?
          I tried with following example which
receives only loopback packet and print data part at 
IP layer. But it does not print also why am i getting
sb->len as 1 not actual size of packet at IP layer?
regards,
linux_lover

#define MODULE
#define __KERNEL__

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/myh.h>
#include <linux/string.h>

static struct nf_hook_ops nfho;
unsigned int cap_packet(unsigned int hooknum,struct
sk_buff **skb,const struct net_device *in,
                                 const struct
net_device *out,int (*okfn)(struct sk_buff *))
{
  struct sk_buff *sb = *skb;
      unsigned char *packet;
      int buflen=0,i=0;
      buflen=sb->len;
      packet=kmalloc(buflen,GFP_USER);
      memset(packet,'\0',buflen);
      printk(KERN_DEBUG "Length of sb->data in hook
function = %d\n", buflen);
      while(buflen>=0)
      {
      packet[i]=sb->data[i];
      i++;
      buflen--;
      }
      packet[i]='\0';
      strcpy(packet,sb->data);
      printk(KERN_DEBUG "packet contents of sb->data
in hook function = %s\n", packet);
      return NF_ACCEPT;

}

static int __init init(void)   
  {
              nfho.hook     = cap_packet;
              nfho.hooknum  = NF_IP_LOCAL_OUT;
              nfho.pf       = PF_INET;
              nfho.priority = NF_IP_PRI_FIRST;
              nf_register_hook(&nfho);
              return 0;
          }

static void __exit fini(void)
          {
              nf_unregister_hook(&nfho);
          }
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");


		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com