4,465
社区成员
发帖
与我相关
我的任务
分享netfilter 计算tcp校验和不对
netfile注册钩子函数拦截tcp协议数据包,
钩子函数里不修改tcp数据,只是重新计算下tcp的校验和tcph->check
使用各种方式,打印的结果始终与它原始值不同:
int tcpl1=ntohs(iph->tot_len)- iph_len;
int tcpl2= skb->len - iph->ihl*4;
int nc= csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl1,iph->protocol,skb->csum);
int nc2 = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, skb->csum);
int nca = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, csum_partial((unsigned char*)tcph, tcpl2, 0));
int nc5 = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, 0);
int datalen=skb->len - iph->ihl*4;
int nc1 = tcp_v4_check(skb->len, iph->saddr, iph->daddr,csum_partial(tcph, tcph->doff << 2, skb->csum));
int nc4 = tcp_v4_check(skb->len, iph->saddr, iph->daddr,csum_partial(tcph, tcph->doff << 2, 0));
int tcplen = (skb->len - (iph->ihl << 2));/* tcplen is the length of the skb - the ip-header length */
int nc3 = tcp_v4_check(tcplen,iph->saddr,iph->daddr,csum_partial((char*) tcph, tcplen, 0));
inet_proto_csum_replace2(&tcph->check, skb,htons(tcpl2),htons(tcpl2),1);
int nc6=tcph->check;
inet_proto_csum_replace2(&tcph->check, skb,htons(tcpl2),htons(tcpl2),0);
int nc7=tcph->check;
csum_replace4(&iph->check, iph->saddr, iph->saddr);
int nc8=iph->check;
csum_replace2(&iph->check, iph->saddr, iph->saddr);
int nc9=iph->check;
printk("DBG_TCP2 seq=%u data l=%d c %d->[%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d] sc %d->[%d,%d] f=%d sl=%d t1=%d t2=%d\n",tcph->seq,tcpdata_len,oc,nc,nc1,nc2,nc3,nc4,nc5,nc6,nc7,nc8,nc9,nca,osc,nsc,nsc1,skb->ip_summed,skb->len,tcpl1,tcpl2);
打印结果:
[85701.884863] DBG_TCP2 seq=3165173543 data l=902 c 44208->[21027,61387,21027,14108,61687,21327,65535,65535,15908,15908] sc 1048860->[-1456377087,-1456377087] f=3 sl=942 t1=922 t2=922
[85701.884872] DBG_TCP data=GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&ep=6271223%2C6758&et=3&fl=16.0&ja=1&ln=zh-CN&lo=0<=1449197051&nv=0&rnd=941503683&si=0ee5e8cdc4d43389b3d1bfd76e83216b&st=4&v=1.1.20&lv=3 HTTP/1.1
到底哪里不对?谁帮忙给个类似可以计算正确的代码?
钩子函数里不修改tcp数据,只是重新计算下tcp的校验和tcph->check
使用各种方式,打印的结果始终与它原始值不同:
int tcpl1=ntohs(iph->tot_len)- iph_len;
int tcpl2= skb->len - iph->ihl*4;
int nc= csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl1,iph->protocol,skb->csum);
int nc2 = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, skb->csum);
int nca = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, csum_partial((unsigned char*)tcph, tcpl2, 0));
int nc5 = csum_tcpudp_magic(iph->saddr,iph->daddr,tcpl2, iph->protocol, 0);
int datalen=skb->len - iph->ihl*4;
int nc1 = tcp_v4_check(skb->len, iph->saddr, iph->daddr,csum_partial(tcph, tcph->doff << 2, skb->csum));
int nc4 = tcp_v4_check(skb->len, iph->saddr, iph->daddr,csum_partial(tcph, tcph->doff << 2, 0));
int tcplen = (skb->len - (iph->ihl << 2));/* tcplen is the length of the skb - the ip-header length */
int nc3 = tcp_v4_check(tcplen,iph->saddr,iph->daddr,csum_partial((char*) tcph, tcplen, 0));
inet_proto_csum_replace2(&tcph->check, skb,htons(tcpl2),htons(tcpl2),1);
int nc6=tcph->check;
inet_proto_csum_replace2(&tcph->check, skb,htons(tcpl2),htons(tcpl2),0);
int nc7=tcph->check;
csum_replace4(&iph->check, iph->saddr, iph->saddr);
int nc8=iph->check;
csum_replace2(&iph->check, iph->saddr, iph->saddr);
int nc9=iph->check;
printk("DBG_TCP2 seq=%u data l=%d c %d->[%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d] sc %d->[%d,%d] f=%d sl=%d t1=%d t2=%d\n",tcph->seq,tcpdata_len,oc,nc,nc1,nc2,nc3,nc4,nc5,nc6,nc7,nc8,nc9,nca,osc,nsc,nsc1,skb->ip_summed,skb->len,tcpl1,tcpl2);
打印结果:
[85701.884863] DBG_TCP2 seq=3165173543 data l=902 c 44208->[21027,61387,21027,14108,61687,21327,65535,65535,15908,15908] sc 1048860->[-1456377087,-1456377087] f=3 sl=942 t1=922 t2=922
[85701.884872] DBG_TCP data=GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&ep=6271223%2C6758&et=3&fl=16.0&ja=1&ln=zh-CN&lo=0<=1449197051&nv=0&rnd=941503683&si=0ee5e8cdc4d43389b3d1bfd76e83216b&st=4&v=1.1.20&lv=3 HTTP/1.1
到底哪里不对?谁帮忙给个类似可以计算正确的代码?
...全文
请发表友善的回复…
发表回复
