Date: Thu, 20 Dec 2001 15:11:12 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Henry Su <henrysu@nttmcl.com> Cc: freebsd-net@FreeBSD.ORG Subject: RE: socket call in the kernel Message-ID: <Pine.BSF.4.21.0112201508210.53471-100000@InterJet.elischer.org> In-Reply-To: <AJEHKCJLENGKGEHDIOJGOEMGCGAA.henrysu@nttmcl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
programming in the kernel is not the same as outside the kernel.
you can't use read(), open() write(), etc. in the same way,
even if the functions exist.. (they have different args and require
certain in kernel state.)
socket can DEFINITLY not be used..
As I mentioned.. use a ipfw fwd rule instead of the deny rule..
On Thu, 20 Dec 2001, Henry Su wrote:
> Thanks, Julian and Alfred.
>
> I am trying to redirect the denied http request to a default web site. So my
> idea is in the "ip_fw_chk" function of ip_fw.c, add following code, when it
> will drop the packet. But as you pointed out in earlier email, socket can
> not be used in this case. Do u have any other solutions? Thanks a lot.
>
>
>
> * Finally, drop the packet.
> */
>
>
> /* my code start debug */
> /* find if it's a http packet */
> dst_port_h = ntohs(dst_port);
> if(dst_port_h==80){
> log(LOG_INFO,"src_port:%u src_ip:%d dst_port:%d dst_ip:%u",
> ntohs(src_port), src_ip.s_addr, nt
> ohs(dst_port), dst_ip.s_addr);
> /*s = 1;*/
> s = socket(AF_INET, SOCK_STREAM, 0);
> if (s < 0) {
> log(LOG_INFO,"Redirect socket can not be created");
> }else{
> log(LOG_INFO,"Redirect socket is created");
> /*
> bzero(&sa, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = src_port;
> sa.sin_addr.s_addr = src_ip.s_addr;
> if (connect(s, (struct sockaddr *)&sa, sizeof sa) <
> 0) {
> log(LOG_INFO,"connect %d failed",
> src_ip.s_addr);
> close(s);
> }else{
> log(LOG_INFO,"connect %d ok",
> src_ip.s_addr);
> close(s);
> }
> */
> /*
> while ((bytes = read(s, buffer, BUFSIZ)) > 0)
> write(1, buffer, bytes);
> */
> }
> }
> /* end debug */
> return(IP_FW_PORT_DENY_FLAG);
>
>
> -----Original Message-----
> From: Julian Elischer [mailto:julian@elischer.org]
> Sent: Thursday, December 20, 2001 12:59 PM
> To: Henry Su
> Cc: freebsd-net@FreeBSD.ORG
> Subject: Re: socket call in the kernel
>
>
>
>
> You cannot do a socket directly but you can indirectly
> tell me what you are trying to do and I can help..
>
>
>
> On Thu, 20 Dec 2001, Henry Su wrote:
>
> > I am trying to modify ip_fw.c in the /usr/src/sys/netinet, I tried to add
> a
> > socket call in the code, it can be compiled, but when it runs into the
> code,
> > it just crashed. It gave me the "Fatal trap error 12", Memory address is
> > wrong.
> >
> > Can any one tell me if socket call can be used in kernel level? If not,
> how
> > can I accomplish socket communication in the kernel level?
> >
> > Thanks.
> >
> > ------------------------------------------------
> >
> > Henry Su
> >
> > NTT Multimedia Communications Laboratories, Inc.
> >
> > 250 Cambridge Avenue Suite 300
> >
> > Palo Alto, CA 94306, USA (PST:UTC -8H)
> >
> > Tel: +1 650 833 3652
> >
> > Fax: +1 650 326 1878
> >
> > http://www.nttmcl.com/
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112201508210.53471-100000>