From 52064a4bd37f8d81e1f488fe9d32fe6ccee63bd7 Mon Sep 17 00:00:00 2001 From: Breno Leitao Date: Fri, 20 Mar 2009 11:40:04 -0400 Subject: Added functions to grab IP source and destination from a socket, and functions to grab TCP source and destination port from a socket. Also, used this function inside some TCP probe functions, as recvmsg, to provide a richer set of fields. --- tapset/ip.stp | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 tapset/ip.stp (limited to 'tapset/ip.stp') diff --git a/tapset/ip.stp b/tapset/ip.stp new file mode 100644 index 00000000..1e2e263c --- /dev/null +++ b/tapset/ip.stp @@ -0,0 +1,32 @@ +// IP tapset +// Copyright (C) 2009, IBM Inc. +// Author : Breno Leitao +// +// This file is free software. You can redistribute it and/or modify it under +// the terms of the GNU General Public License (GPL), version 2. +// +// Based on previous work done by Arnaldo Carvalho de Melo + +/** + * sfunction ip_ntop - returns a string representation from an integer IP number + * @addr: the ip represented as an integer + */ +function ip_ntop:string (addr:long) +%{ + __be32 ip; + + ip = THIS->addr; + snprintf(THIS->__retvalue, MAXSTRINGLEN, NIPQUAD_FMT, NIPQUAD(ip)); +%} + +/* return the source IP address for a given sock */ +function __ip_sock_saddr:long (sock:long) +{ + return @cast(sock, "inet_sock")->saddr +} + +/* return the destination IP address for a given sock */ +function __ip_sock_daddr:long (sock:long) +{ + return @cast(sock, "inet_sock")->daddr +} -- cgit From 5e868ddd8263d2f7b61a702891252cc2bacb1c07 Mon Sep 17 00:00:00 2001 From: Andre Detsch Date: Tue, 14 Apr 2009 14:23:59 -0300 Subject: Add new TCP and IP functions This patch adds some basic functions to the IP and TCP tapsets. Mainly, it's possible to get the iphdr and tcphdr from a sk_buff structure. As a consequence, a TCP probe called tcp.receive() was created and is probed every time a TCP packet is received, and a lot of useful fields is available, as the TCP flags. Also a small example that works like tcpdump for received TCP packets was created. This patch was tested on x86 and ppc machines, on 2.6.18 kernel and also on mainline one. Signed-off-by: Breno Leitao Signed-off-by: Andre Detsch Signed-off-by: Josh Stone --- tapset/ip.stp | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'tapset/ip.stp') diff --git a/tapset/ip.stp b/tapset/ip.stp index 1e2e263c..299d88d2 100644 --- a/tapset/ip.stp +++ b/tapset/ip.stp @@ -7,6 +7,10 @@ // // Based on previous work done by Arnaldo Carvalho de Melo +%{ +#include +%} + /** * sfunction ip_ntop - returns a string representation from an integer IP number * @addr: the ip represented as an integer @@ -30,3 +34,45 @@ function __ip_sock_daddr:long (sock:long) { return @cast(sock, "inet_sock")->daddr } + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} -- cgit