如何在内核模块开发下将Mac地址解析为IP地址?
Posted
技术标签:
【中文标题】如何在内核模块开发下将Mac地址解析为IP地址?【英文标题】:How to resolve the Mac address for an IP address under kernel module developing? 【发布时间】:2018-04-01 05:11:05 【问题描述】:我想在内核模块中构建一个 tcp 包,并使用函数 dev_queue_xmit(skb) 通过 IP 地址将其发送到另一台主机。但是我不想手动填写Mac地址。以下是包生成的代码。 一些内核函数调用 eth_rebuild_header(skb) 来重建 Mac 头文件。但是,就我而言,它在被调用后会挂起我的计算机。谷歌结果回答说,如果 arp 缓存不包含该 IP 地址的条目,arp_find 将使操作系统崩溃。但我确定它存在于由 shell 命令“arp -v”打印的 arp 缓存中。
static int build_and_xmit_tcp(char * eth, u_char * smac, u_char * dmac,
u_long sip, u_long dip,
u_short sport, u_short dport,
u_char * pkt, int pkt_len,
int syn, int ack, int fin,
__be32 seq, __be32 seq_ack)
struct sk_buff * skb = NULL;
struct net_device * dev = NULL;
struct ethhdr * ethdr = NULL;
struct iphdr * iph = NULL;
struct tcphdr * tcph = NULL;
u_char * pdata = NULL;
if(NULL == smac || NULL == dmac)
goto out;
if(NULL == (dev= dev_get_by_name(&init_net, eth)))
goto out;
skb = alloc_skb(pkt_len + sizeof(struct iphdr) + sizeof(struct tcphdr) + LL_RESERVED_SPACE(dev), GFP_ATOMIC);
if(NULL == skb)
goto out;
skb_reserve(skb, LL_RESERVED_SPACE(dev));
skb->dev = dev;
skb->pkt_type = PACKET_OTHERHOST;
skb->protocol = __constant_htons(ETH_P_IP);
skb->ip_summed = CHECKSUM_NONE;
skb->priority = 0;
skb_set_network_header(skb, 0);
skb_put(skb, sizeof(struct iphdr));
skb_set_transport_header(skb, sizeof(struct iphdr));
skb_put(skb, sizeof(struct tcphdr));
pdata = skb_put(skb, pkt_len);
if(NULL != pkt)
memcpy(pdata, pkt, pkt_len);
tcph = tcp_hdr(skb);
memset(tcph, 0, sizeof(struct tcphdr));
tcph->source = sport;
tcph->dest = dport;
tcph->doff=5;
tcph->seq = htonl(seq);
tcph-> ack_seq= htonl( seq_ack);
tcph->psh = pkt_len>0? 1:0;
tcph ->fin = fin;
tcph->ack = ack;
tcph->syn=syn;
tcph->window=__constant_htons (65535);
skb->csum = 0;
tcph->check = 0;
iph = ip_hdr(skb);
iph->version = 4;
iph->ihl = sizeof(struct iphdr)>>2;
iph->frag_off = 0;
iph->protocol = IPPROTO_TCP;
iph->tos = 0;
iph->daddr = dip;
iph->saddr = sip;
iph->ttl = 0x40;
iph->tot_len = __constant_htons(skb->len);
iph->check = 0;
iph->check = ip_fast_csum((unsigned char *)iph,iph->ihl);
skb->csum = skb_checksum(skb, iph->ihl*4, skb->len - iph->ihl * 4, 0);
tcph->check = csum_tcpudp_magic(sip, dip, skb->len - iph->ihl * 4, IPPROTO_TCP, skb->csum);
skb_push(skb, 14);
skb_set_mac_header(skb, 0);
ethdr = (struct ethhdr *)eth_hdr(skb);
// memcpy(ethdr->h_dest, dmac, ETH_ALEN);
// memcpy(ethdr->h_source, smac, ETH_ALEN);
ethdr->h_proto = __constant_htons(ETH_P_IP);
// arp_send(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr,
// dst_ha, dev->dev_addr, NULL);
eth_rebuild_header(skb); // kernel hang....
if(0 > dev_queue_xmit(skb))
dev_put (dev);
kfree_skb (skb);
return(NF_ACCEPT);
out:
dev_put (dev);
kfree_skb (skb);
return(NF_ACCEPT);
static int __init myhook_init(void)
printk("=========insert module......\n");
build_and_xmit_tcp(ETH_O, GWMAC_O, DMAC, in_aton(GWIP_O), in_aton(DIP), htons(8888), htons(DPORT),
"", 0,
1, 0, 0, 0, 0);
static void __exit myhook_fini(void)
printk("=========rmmod ......\n");
module_init(myhook_init);
module_exit(myhook_fini);
Google 给了我一些其他的解决方案。他们说 arp_ioctl 可以解析 Mac 地址。然而,事实是,arp_ioctl 被静态编译成 vmlinuz,它不会作为符号导出到其他模块。
int arp_get(char *ifname, char *ipStr)
struct arpreq req;
struct sockaddr_in *sin;
int ret = 0;
int sock_fd = 0;
struct net_device * dev = NULL;
printk("arp ---- \n");
if(NULL == (dev= dev_get_by_name(&init_net, ifname)))
dev_put (dev);
printk("error dev get \n");
return -1;
struct net *net_arp = dev_net(dev);
memset(&req, 0, sizeof(struct arpreq));
sin = (struct sockaddr_in *)&req.arp_pa;
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = in_aton(ipStr);
strncpy(req.arp_dev, ifname, 15);
ret = arp_ioctl(net_arp, SIOCGARP, &req); // can't be called
unsigned char *hw = (unsigned char *)req.arp_ha.sa_data;
printk("%#x-%#x-%#x-%#x-%#x-%#x\n", hw[0], hw[1], hw[2], hw[3], hw[4], hw[5]);
return 0;
也许我需要做一个socket结构,并尝试一些基于socket的上层功能。但是怎么办呢……
内核版本:2.6.32 操作系统版本:ubuntu 9.10 gcc 版本:4.41
【问题讨论】:
哪个操作系统?哪种语言? @mikep "内核版本:2.6.32 操作系统版本:ubuntu 9.10 gcc 版本:4.41" 为了尝试另一种方式,我调用函数“ip_route_input”获取路由目标结构“dst_entry”,但返回错误代码-113。 函数“ip_local_out”可以将skb下发,但需要skb提供有效的struct“dst_entry”。 【参考方案1】:int ip_xmit(struct sk_buff *skb)
struct iphdr *iph = ip_hdr(skb);
struct tcphdr *tcph = tcp_hdr(skb);
printk("dst is %d\n", skb->_skb_dst);
int err;
// err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev);
struct rtalbe *rt;
struct flowi fl = .oif = 0,
.nl_u = .ip4_u =
.daddr = iph->daddr,
.saddr = iph->saddr,
.tos = 0 ,
.proto = IPPROTO_TCP,
.flags = 0,
.uli_u = .ports =
.sport = tcph->source,
.dport = tcph->dest ;
if (err = ip_route_output_key(&init_net, &rt, &fl))
return err;
printk("err is %d\n", err);
skb_dst_set(skb, rt);
if(0 > ip_local_out(skb))
printk("dev error\n");
kfree_skb (skb);
return -1;
return 0;
函数ip_route_output_key可以获取路由目的地,ip_local_out将skb传递出去。
【讨论】:
以上是关于如何在内核模块开发下将Mac地址解析为IP地址?的主要内容,如果未能解决你的问题,请参考以下文章