How to send a UDP packet from inside linux kernel -

-

i'm modifying udp protocol such when connect() called on udp socket, in addition finding route, "hello" packet sent destination.

from udp proto structure, figured out function ip4_datagram_connect job of finding route destination. @ end of function, need send hello packet.

  1. i don't think can use udp_sendmsg() it's used copying , sending data userspace.

  2. i think udp_send_skb() should used sent hello. problem don't know how create appropriate skbuff store hello message (it should proper udp datagram) passed on udp_send_skb(). i've tried this

    int quic_connect(struct sock *sk, struct flowi4 *fl4, struct rtable *rt){ struct sk_buff *skb; char *hello; int err = 0, exthdrlen, hh_len, datalen, trailerlen; char *data;  hh_len = ll_reserved_space(rt->dst.dev); exthdrlen = rt->dst.header_len; trailerlen = rt->dst.trailer_len; datalen = 200;  //create buffer send without fragmentation skb = sock_alloc_send_skb(sk,         exthdrlen + datalen + hh_len + trailerlen + 15,         msg_dontwait, &err); if (skb == null)     goto out;  skb->ip_summed = checksum_partial;      // use hardware checksum skb->csum = 0; skb_reserve(skb, hh_len); skb_shinfo(skb)->tx_flags = 1;          //time stamp packet    /*  *  find start putting bytes.  */ data = skb_put(skb, datalen + exthdrlen); skb_set_network_header(skb, exthdrlen); skb->transport_header = (skb->network_header +              sizeof(struct iphdr));  err = udp_send_skb(skb, fl4);

however, gives me errors in kernel log 

bug: unable handle kernel null pointer dereference @ 0000000000000018 ip: [<ffffffff81686555>] __ip_local_out+0x45/0x80 pgd 4f4dd067 pud 4f4df067 pmd 0 oops: 0000 [#1] smp modules linked in: cpu: 0 pid: 3019 comm: client not tainted 3.13.11-ckt39-test006 #28 hardware name: innotek gmbh virtualbox/virtualbox, bios virtualbox 12/01/2006 task: ffff8800598df6b0 ti: ffff880047022000 task.ti: ffff880047022000 rip: 0010:[<ffffffff81686555>]  [<ffffffff81686555>] __ip_local_out+0x45/0x80 rsp: 0018:ffff880047023d78  eflags: 00010287 rax: 0000000000000001 rbx: ffff880047008a00 rcx: 0000000020000000 rdx: 0000000000000000 rsi: ffff880047008a00 rdi: ffff8800666fde40 rbp: ffff880047023d88 r08: 0000000000003200 r09: 0000000000000001 r10: 0000000000000000 r11: 00000000000001f9 r12: ffff880047008a00 r13: ffff8800666fde80 r14: ffff880059aec380 r15: ffff880059aec690 fs:  00007f5508b04740(0000) gs:ffff88007fc00000(0000) knlgs:0000000000000000 cs:  0010 ds: 0000 es: 0000 cr0: 000000008005003b cr2: 0000000000000018 cr3: 000000004f561000 cr4: 00000000000406f0 dr0: 0000000000000000 dr1: 0000000000000000 dr2: 0000000000000000 dr3: 0000000000000000 dr6: 00000000fffe0ff0 dr7: 0000000000000400 stack: ffff880047023d80 ffff880047008a00 ffff880047023da0 ffffffff8168659d ffffffff81c8f8c0 ffff880047023db8 ffffffff81687810 0000000000000000 ffff880047023df8 ffffffff816ac6be 0000000000000020 ffff880047008a00 call trace: [<ffffffff8168659d>] ip_local_out+0xd/0x30 [<ffffffff81687810>] ip_send_skb+0x10/0x40 [<ffffffff816ac6be>] udp_send_skb+0x14e/0x3d0 [<ffffffff816b0e9e>] quic_connect+0x6e/0x80 [<ffffffff816aa3ff>] __ip4_datagram_connect+0x2bf/0x2d0 [<ffffffff816aa437>] ip4_datagram_connect+0x27/0x40 [<ffffffff816b8748>] inet_dgram_connect+0x38/0x80 [<ffffffff8161fd97>] sysc_connect+0xc7/0x100 [<ffffffff817ed471>] ? __schedule+0x341/0x8c0 [<ffffffff816206e9>] sys_connect+0x9/0x10 [<ffffffff817f8d42>] system_call_fastpath+0x16/0x1b code: c8 00 00 00 66 c1 c0 08 66 89 47 02 e8 d5 e0 ff ff 48 8b 53 58 b8 01 00 00 00 48 83 e2 fe 48 81 3d 9d 0e 64 00 f0 73 cc 81 74 26 <4c> 8b 42 18 49 c7 c1 f0 45 68 81 c7 04 24 00 00 00 80 31 c9 48 rip  [<ffffffff81686555>] __ip_local_out+0x45/0x80 rsp <ffff880047023d78> cr2: 0000000000000018 ---[ end trace 474c5db1b9b19a03 ]---

so question is, else need fill in skbuff before can handled udp_send_skb. or missing else here?

there bug in code.

if (skb_tailroom(hbuff) > 30) {     printk("     enough room quic connect message\n");     hello = kmalloc(30, gfp_atomic);      //you allocate slub memory     hello = "hello quic connect";   //you let 'hello' point string,                                           //which stored somewhere else.                                           //at point, slub memory                                           //allocated lost.      memcpy(__skb_put(hbuff, 30), hello, 30);     kfree(hello);                 //you try free memory pointed                                   //hello slub memory, think                                   // why mm/slub.c bug message. } else

you can change code this:

if (skb_tailroom(hbuff) > 30) {     printk("     enough room quic connect message\n");      memcpy(__skb_put(hbuff, 30), "hello quic connect", 30); } else

Comments

Post a Comment

Popular posts from this blog

sql - invalid in the select list because it is not contained in either an aggregate function -

-
i can't figure out rewrite sql statement avoid error below msg 8120, level 16, state 1, line 26 column 'staffmember.staffmemberid' invalid in select list because not contained in either aggregate function or group clause. sql statment select (select [dbo].[udf_readstaffmemberbasic](sm.staffmemberid) xml path ('staffmembersummary'), root ('items'), type ), count(sm.staffmemberid) totalresults, ceiling(cast(count(sm.staffmemberid) decimal)/ @pagesize) totalpages staffmember sm inner join staffmembertoadditionalrole ar on sm.staffmemberid = ar.staffmemberid (sm.firstname '%' + @name + '%' or sm.surname '%' + @name + '%') , (@floorid null or sm.floorid = @floorid) , (@directorateid null or sm.directorateid = @directorateid) , (@additionalroleid null or ar.additionalroleid = @additionalroleid) order sm.staffmemberid offset @page * @pagesize rows fe...
Read more

Angularjs unit testing - ng-disabled not working when adding text to textarea -

-
i trying test angularjs component using karma, mocha, power-assert. have textarea , button in component, button disabled based on length of text in textarea. when run component in browser works perfectly. can't figure out how test functionality. here's bit of code. inquiryform.js function inquiryform($scope) { // plan add logic here } angular.module('myapp').component('inquiryform', { controller: inquiryform, controlleras: 'inquiryform', templateurl: 'inquiryform.html' }); inquiryform.html <div class="contact"> <div>thanks contacting us.</div> <form> <textarea ng-model="inquiryform.inquirytext" name=""></textarea> <input type="submit" value="send" ng-disabled="!inquiryform.inquirytext.length"> </form> </div> inquiryformtest.js describe('inquiry form ', () => { let $r...
Read more

How to start daemon on android by adb -

-
can me please, head swollen... i trying run daemon on android emu/device command: adb -s <device_name> shell su -c /dir/daemon <port_number> but nothink happens, , no errors! if do: adb -s <device> shell and form shell cmdline: su -c /dir/daemon <port_number> than work fine. try use shell-script , run: adb -s <device_name> shell sh su -c /dir/script.sh <port_number> and try generate script qt code port number , use: adb -s <device_name> shell sh su -c /dir/script.sh but not helped... problem if enter adb shell previous run daemon - work. problem on different device/emu/iso_image different command format not work. example: adb -s <device_name> shell su -c /dir/daemon <port_number> // work @ emu, not @ iso and vice: adb -s <device_name> shell su -c "/dir/daemon <port_number>" // work @ iso etc. everybody can answer what's matter? sorry english adb shell su -c ...
Read more