当前位置:  技术问答>linux和unix

hook函数抓下来的包是sk_buff格式吗?它的具体结构是怎样啊

    来源: 互联网  发布时间:2015-08-17

    本文导语:  怎么分析能得出他的应用层协议啊,源ip,目的ip啊,谢谢!! | struct sk_buff   {    struct sk_buff      *next;       /* Next buffer in list              ...

怎么分析能得出他的应用层协议啊,源ip,目的ip啊,谢谢!!

|
struct sk_buff  

  struct sk_buff      *next;       /* Next buffer in list                   */ 
  struct sk_buff      *prev;       /* Previous buffer in list               */ 
  struct sk_buff_head *list;       /* List we are on                        */ 
  int                 magic_debug_cookie; 
  struct sk_buff      *link3;      /* Link for IP protocol level buffer chains */ 
  struct sock         *sk;         /* Socket we are owned by                */ 
  unsigned long       when;        /* used to compute rtt's                 */ 
  struct timeval      stamp;       /* Time we arrived                       */ 
  struct device       *dev;        /* Device we arrived on/are leaving by   */ 
  union  
  { 
      struct tcphdr   *th; 
      struct ethhdr   *eth; 
      struct iphdr    *iph; 
      struct udphdr   *uh; 
      unsigned char   *raw; 
      /* for passing file handles in a unix domain socket */ 
      void            *filp; 
  } h; 
   
  union  
  {     
      /* As yet incomplete physical layer views */ 
      unsigned char   *raw; 
      struct ethhdr   *ethernet; 
  } mac; 
   
  struct iphdr        *ip_hdr;     /* For IPPROTO_RAW                       */ 
  unsigned long       len;         /* Length of actual data                 */ 
  unsigned long       csum;        /* Checksum                              */ 
  __u32               saddr;       /* IP source address                     */ 
  __u32               daddr;       /* IP target address                     */ 
  __u32               raddr;       /* IP next hop address                   */ 
  __u32               seq;         /* TCP sequence number                   */ 
  __u32               end_seq;     /* seq [+ fin] [+ syn] + datalen         */ 
  __u32               ack_seq;     /* TCP ack sequence number               */ 
  unsigned char       proto_priv[16]; 
  volatile char       acked,       /* Are we acked ?                        */ 
                      used,        /* Are we in use ?                       */ 
                      free,        /* How to free this buffer               */ 
                      arp;         /* Has IP/ARP resolution finished        */ 
  unsigned char       tries,       /* Times tried                           */ 
                      lock,        /* Are we locked ?                       */ 
                      localroute,  /* Local routing asserted for this frame */ 
                      pkt_type,    /* Packet class                          */ 
                      pkt_bridged, /* Tracker for bridging                  */ 
                      ip_summed;   /* Driver fed us an IP checksum          */ 
#define PACKET_HOST         0        /* To us                                 */ 
#define PACKET_BROADCAST    1        /* To all                                */ 
#define PACKET_MULTICAST    2        /* To group                              */ 
#define PACKET_OTHERHOST    3        /* To someone else                       */ 
  unsigned short      users;       /* User count - see datagram.c,tcp.c     */ 
  unsigned short      protocol;    /* Packet protocol from driver.          */ 
  unsigned int        truesize;    /* Buffer size                           */ 
  atomic_t            count;       /* reference count                       */ 
  struct sk_buff      *data_skb;   /* Link to the actual data skb           */ 
  unsigned char       *head;       /* Head of buffer                        */ 
  unsigned char       *data;       /* Data head pointer                     */ 
  unsigned char       *tail;       /* Tail pointer                          */ 
  unsigned char       *end;        /* End pointer                           */ 
  void                (*destructor)(struct sk_buff *); /* Destruct function */ 
  __u16               redirport;   /* Redirect port                         */ 
};

|
我这个贴是解包UDP的,道理差不多。
http://community.csdn.net/Expert/topic/3558/3558052.xml?temp=.5985376

|
抓到包后,就是一层层解包,去掉TCP头,IP头,就是应用层数据了,以太网前两个都是20字节,根据协议细节一个个字节取出来就行了

|
__u32 saddr; /* IP source address */

__u32 daddr; /* IP target address */

__u32 raddr; /* IP next hop address */

__u32 seq; /* TCP sequence number */

__u32 end_seq; /* seq [+ fin] [+ syn] + datalen */

__u32 ack_seq; /* TCP ack sequence number */

unsigned char proto_priv[16];

注释得很清楚嘛

    
 
 
 
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。












  • 相关文章推荐
  • hook后获得的sk_buff指针为什么会是0?
  • android内核中怎样hook一个驱动程序??
  • 开源 BaaS 项目 Hook
  • 纯技术贴开始:如何使用HOOK从内核偷包处理,绕开协议栈?????
  • linux下如何hook磁盘操作
  • (菜鸟飞飞)帮忙寻找一个hook挂接点.谢谢
  • 请问连接镜像端口后数据包经过netfilter中hook点NF_IP_PRE_ROUTING时如何操作
  • python利用hook技术破解https的实例代码
  • 关于nf_hook_ops的疑问
  • 100分+一颗诚心 期待netfilter Hook程序解惑 每天都在线,期待交流
  • 解析Runtime中shutdown hook的使用详解
  • netfilter源码中hook的返回值NF_REPEAT和NF_STOLEN.
  • 请问这个问题用什么方法可以实现?很着急的问!高分求,不够我再给!HOOK?Driver?
  • CI框架中libraries,helpers,hooks文件夹详细说明
  • Inline Hook(ring3)的简单C++实现方法
  • C++实现inline hook的原理及应用实例
  • 基于C#实现的HOOK键盘钩子实例代码
  • C# Hook钩子实例-截取键盘输入
  • C# Hook钩子实例代码 截取键盘输入
  • 深入分析C#键盘勾子(Hook)拦截器,屏蔽键盘活动的详解


  • 站内导航:


    特别声明:169IT网站部分信息来自互联网,如果侵犯您的权利,请及时告知,本站将立即删除!

    ©2012-2021,,E-mail:www_#163.com(请将#改为@)

    浙ICP备11055608号-3