12.0 Appendix tcpip.c. /* File name: tcpip.c This file just provides big buffer memory location For other modules to print */
|
|
|
- Julius Hardy
- 5 years ago
- Views:
Transcription
1 12.0 Appendix 12.1 tcpip.c /* File name: tcpip.c This file just provides big buffer memory location For other modules to print */ #include "module_header.h" char big_buffer[bufsize]="\0"; int init_module(){return 0; void cleanup_module(){ if (strlen(big_buffer) >0) print_buffer(file_name,big_buffer,strlen(big_buffer)); big_buffer[0]='\0'; 101
2 12.2 tcpin.c /* File name: tcpin.c This file intercepts Linux TCP functions involved in handling of Incoming segments */ #include "module_header.h" static int allfunaddr[9] = { 0,0,0,0,0,0,0,0,0 ; MODULE_PARM(allFunAddr, "1-9i"); extern char big_buffer[bufsize]; static unsigned char pr_jump[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save[num_bytes]; static int (*pr)(struct sk_buff *); //tcp_v4_rcv static unsigned char pr_jump1[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save1[num_bytes]; static struct sock * (*pr1)(u32, u16, u32, u16, int );// tcp_v4_lookup static unsigned char pr_jump2[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save2[num_bytes]; static int (*pr2)(struct sock *,struct sk_buff *);//tcp_v4_do_rcv 102
3 static unsigned char pr_jump3[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save3[num_bytes]; static int (*pr3)(struct sock *,struct sk_buff *,struct tcphdr *,unsigned );//tcp_rcv_established static unsigned char pr_jump4[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save4[num_bytes]; static int (*pr4)(struct sock *,struct sk_buff *,int );//tcp_ack static unsigned char pr_jump5[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save5[num_bytes]; static int (*pr5)(struct sock *,struct tcp_opt *,struct sk_buff *);//tcp_event_data_recv static unsigned char pr_jump6[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save6[num_bytes]; static void (*pr6)(struct sock *,struct sk_buff *);// tcp_data_snd_check static unsigned char pr_jump7[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save7[num_bytes]; static void (*pr7)(struct sock *, int );// tcp_ack_snd_check static unsigned char pr_jump8[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save8[num_bytes]; static void (*pr8)(struct sock *, struct sk_buff *);//tcp_data_queue void only_sock(struct sock *sk,char *fun_name,char *position,int end) { char store_time[20]; 103
4 my_time(store_time); if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->daddr)); // print dest address first as this function strcat(big_buffer,":"); //is for incoming packets and sport is this machine strcat(big_buffer,in_ntoa16(sk->dport)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->sport)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); if(end) strcat(big_buffer," "); // when we get 1 in end we have more data to go else strcat(big_buffer,"\n"); void print_tcp_skb(struct sk_buff* skb,char * fun_name,char* position,int sockorskb){ char store_time[20]; my_time(store_time); if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(skb->nh.iph->saddr)); 104
5 strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->source)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(skb->nh.iph->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->dest)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer," "); if(skb->h.th->syn) strcat(big_buffer,"s "); else if(skb->h.th->psh) strcat(big_buffer,"p "); else if(skb->h.th->fin) strcat(big_buffer,"f "); else strcat(big_buffer,". "); strcat(big_buffer,in_ntoa32(skb->h.th->seq) ); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(skb->h.th->ack_seq)); strcat(big_buffer,"\n"); void tcpheader_info(struct tcphdr *th){ if(!th){ // in case th is null return,do not dereference null pointer strcat(big_buffer,"\n"); return; if(th->syn) strcat(big_buffer,"s "); else if(th->psh) strcat(big_buffer,"p "); 105
6 else if(th->fin) strcat(big_buffer,"f "); else strcat(big_buffer,". "); strcat(big_buffer,in_ntoa32(th->seq)); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(th->ack_seq)); strcat(big_buffer,"\n"); void changed_tcp_data_queue(struct sock *sk, struct sk_buff *skb){ int slock_flags; //int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_data_queue"); strcpy(position,"b"); print_tcp_skb(skb,fname,position,0); _memcpy(pr8, pr_save8,num_bytes); pr8(sk,skb); _memcpy(pr8, pr_jump8,num_bytes); strcpy(position,"e"); print_tcp_skb(skb,fname,position,1); 106
7 return; // as function is void so nothing to return void changed_tcp_ack_snd_check(struct sock *sk, int ofo_possible){ int slock_flags; char fname[20]; char position[2]; strcpy(fname," tcp_ack_snd_check"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr7, pr_save7,num_bytes); pr7(sk,ofo_possible); _memcpy(pr7, pr_jump7,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; // as function is void so nothing to return void changed_tcp_data_snd_check(struct sock *sk, struct sk_buff *skb){ int slock_flags; char fname[20]; char position[2]; 107
8 strcpy(fname," tcp_data_snd_check"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr6, pr_save6,num_bytes); pr6(sk,skb); _memcpy(pr6, pr_jump6,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; // as function is void so nothing to return int changed_tcp_event_data_recv(struct sock *sk, struct tcp_opt *tp, struct sk_buff *skb){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_event_data_recv"); strcpy(position,"b"); print_tcp_skb(skb,fname,position,0); _memcpy(pr5, pr_save5,num_bytes); retval=pr5(sk,tp,skb); 108
9 _memcpy(pr5, pr_jump5,num_bytes); strcpy(position,"e"); print_tcp_skb(skb,fname,position,1); return retval; int changed_tcp_ack(struct sock *sk,struct sk_buff *skb,int flag){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_ack"); strcpy(position,"b"); print_tcp_skb(skb,fname,position,0); _memcpy(pr4, pr_save4,num_bytes); retval=pr4(sk,skb,flag); _memcpy(pr4, pr_jump4,num_bytes); strcpy(position,"e"); print_tcp_skb(skb,fname,position,1); return retval; 109
10 int changed_tcp_rcv_established(struct sock *sk, struct sk_buff *skb, struct tcphdr *th, unsigned len ){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_rcv_established"); strcpy(position,"b"); only_sock(sk,fname,position,1); tcpheader_info(th); _memcpy(pr3, pr_save3,num_bytes); retval=pr3(sk,skb,th,len); _memcpy(pr3, pr_jump3,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,1); tcpheader_info(th); return retval; struct sock * changed_tcp_v4_lookup(u32 saddr, u16 sport,u32 daddr, u16 hnum, int dif){ int slock_flags; struct sock *retval; char fname[20]; char position[2]; 110
11 char store_time[20]; my_time(store_time); int out_of_buffer=0; if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); strcpy(big_buffer,"***run out of buffer***"); out_of_buffer=1; strcpy(fname," tcp_v4_lookup"); strcpy(position,"b"); if (!out_of_buffer){ strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sport)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(daddr)); strcat(big_buffer," "); strcat(big_buffer,fname); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); _memcpy(pr1, pr_save1,num_bytes); retval=pr1(saddr,sport,daddr,hnum,dif); _memcpy(pr1, pr_jump1,num_bytes); strcpy(position,"e"); if (!retval){ // when the function tcp_v4_lookup does not return valid socket strcat(big_buffer," no socket found by function\n"); 111
12 return retval; only_sock(retval,fname,position,0); return retval; int changed_tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_v4_do_rcv"); strcpy(position,"b"); only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); _memcpy(pr2, pr_save2,num_bytes); retval=pr2(sk,skb); _memcpy(pr2, pr_jump2,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); return retval; int changed_tcp_v4_rcv(struct sk_buff *skb){ int slock_flags; 112
13 int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_v4_rcv"); strcpy(position,"b"); print_tcp_skb(skb,fname,position,0); _memcpy(pr, pr_save,num_bytes); retval=pr(skb); _memcpy(pr, pr_jump,num_bytes); strcpy(position,"e"); print_tcp_skb(skb,fname,position,1); //only_sock(sk,fname,position,0); return retval; int init_module() { int slock_flags; pr=(int (*)(struct sk_buff *))allfunaddr[0]; pr1=(struct sock * (*)(u32, u16, u32, u16, int))allfunaddr[1]; pr2=(int (*)(struct sock *,struct sk_buff *))allfunaddr[2]; pr3=(int (*)(struct sock *,struct sk_buff *,struct tcphdr *,unsigned ))allfunaddr[3]; pr4=(int (*)(struct sock *,struct sk_buff *,int ))allfunaddr[4]; 113
14 pr5=(int (*)(struct sock *,struct tcp_opt *,struct sk_buff *))allfunaddr[5]; pr6=(void (*)(struct sock *,struct sk_buff *))allfunaddr[6]; pr7=(void (*)(struct sock *, int ))allfunaddr[7]; pr8=(void (*)(struct sock *, struct sk_buff *))allfunaddr[8]; *(unsigned int *)(pr_jump+1)=(unsigned int)changed_tcp_v4_rcv; *(unsigned int *)(pr_jump1+1)=(unsigned int)changed_tcp_v4_lookup; *(unsigned int *)(pr_jump2+1)=(unsigned int)changed_tcp_v4_do_rcv; *(unsigned int *)(pr_jump3+1)=(unsigned int)changed_tcp_rcv_established; *(unsigned int *)(pr_jump4+1)=(unsigned int)changed_tcp_ack; *(unsigned int *)(pr_jump5+1)=(unsigned int)changed_tcp_event_data_recv; *(unsigned int *)(pr_jump6+1)=(unsigned int)changed_tcp_data_snd_check; *(unsigned int *)(pr_jump7+1)=(unsigned int)changed_tcp_ack_snd_check; *(unsigned int *)(pr_jump8+1)=(unsigned int)changed_tcp_data_queue; _memcpy(pr_save,pr,num_bytes); _memcpy(pr,pr_jump,num_bytes); _memcpy(pr_save1,pr1,num_bytes); _memcpy(pr1,pr_jump1,num_bytes); _memcpy(pr_save2,pr2,num_bytes); _memcpy(pr2,pr_jump2,num_bytes); _memcpy(pr_save3,pr3,num_bytes); _memcpy(pr3,pr_jump3,num_bytes); _memcpy(pr_save4,pr4,num_bytes); _memcpy(pr4,pr_jump4,num_bytes); _memcpy(pr_save5,pr5,num_bytes); _memcpy(pr5,pr_jump5,num_bytes); _memcpy(pr_save6,pr6,num_bytes); _memcpy(pr6,pr_jump6,num_bytes); 114
15 _memcpy(pr_save7,pr7,num_bytes); _memcpy(pr7,pr_jump7,num_bytes); _memcpy(pr_save8,pr8,num_bytes); _memcpy(pr8,pr_jump8,num_bytes); printk("<1> protocol added\n"); return 0; void cleanup_module(){ int slock_flags; _memcpy(pr, pr_save,num_bytes); _memcpy(pr1, pr_save1,num_bytes); _memcpy(pr2, pr_save2,num_bytes); _memcpy(pr3, pr_save3,num_bytes); _memcpy(pr4, pr_save4,num_bytes); _memcpy(pr5, pr_save5,num_bytes); _memcpy(pr6, pr_save6,num_bytes); _memcpy(pr7, pr_save7,num_bytes); _memcpy(pr8, pr_save8,num_bytes); if(strlen(big_buffer)>0){ print_buffer(file_name,big_buffer,strlen(big_buffer)); 115
16 big_buffer[0]='\0'; printk("<1> Protocol Removed \n"); 116
17 12.3 tcpin.sh /* File name: tcpin.sh This file supplies command line parameters after extracting the information from /boot/system.map file and loads the module tcpin.c */ #!/bin/bash #This is shell program to load tcpin.o module with requisite parameters FUN="tcp_v4_rcv" FUN1=" tcp_v4_lookup" FUN2="tcp_v4_do_rcv" FUN3="tcp_rcv_established" FUN4="tcp_ack" FUN5="tcp_event_data_recv" FUN6=" tcp_data_snd_check" FUN7=" tcp_ack_snd_check" FUN8="tcp_data_queue" PR=`cat /boot/system.map grep -w $FUN cut -c 1-8` PR1=`cat /boot/system.map grep -w $FUN1 cut -c 1-8` PR2=`cat /boot/system.map grep -w $FUN2 cut -c 1-8` PR3=`cat /boot/system.map grep -w $FUN3 cut -c 1-8` PR4=`cat /boot/system.map grep -w $FUN4 cut -c 1-8` PR5=`cat /boot/system.map grep -w $FUN5 cut -c 1-8` PR6=`cat /boot/system.map grep -w $FUN6 cut -c 1-8` PR7=`cat /boot/system.map grep -w $FUN7 cut -c 1-8` PR8=`cat /boot/system.map grep -w $FUN8 cut -c 1-8` if [ "$PR" = "" ] then echo "PR is empty,cannot get the address of $FUN " 117
18 elif [ "$PR1" = "" ] then echo "PR1 is empty,cannot get the address of $FUN1 " elif [ "$PR2" = "" ] then echo "PR2 is empty,cannot get the address of $FUN2 " elif [ "$PR3" = "" ] then echo "PR3 is empty,cannot get the address of $FUN3 " elif [ "$PR4" = "" ] then echo "PR4 is empty,cannot get the address of $FUN4 " elif [ "$PR5" = "" ] then echo "PR5 is empty,cannot get the address of $FUN5 " elif [ "$PR6" = "" ] then echo "PR6 is empty,cannot get the address of $FUN6 " elif [ "$PR7" = "" ] then echo "PR7 is empty,cannot get the address of $FUN7 " elif [ "$PR8" = "" ] then echo "PR8 is empty,cannot get the address of $FUN8 " else echo " insmod tcpin.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5,0x$pr6,0x$pr7,0x$pr8" insmod tcpin.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5,0x$pr6,0x$pr7,0x$pr8 fi # notes : # in the if condition there must be a space between sq brackets and next character both # at start and at end # in if condition $PR must be in quotes as a string is compared against another string namely 118
19 # the null string # there must be gap before and after = sign in string comparisons and no gap if = # is used for assignment # when if and then is placed in same line then there must be ';' between them as both are # reserved words and two reserved words(commands) can not be on ame line without the # first one terminating 119
20 12.4 tcpout.c /* File name: tcpout.c This file intercepts Linux TCP functions involved in handling Of Outgoing segments */ #include "module_header.h" static int allfunaddr[6] = {0,0,0,0,0,0 ; MODULE_PARM(allFunAddr, "1-6i"); static unsigned char pr_jump[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save[num_bytes]; static int (*pr)(struct sock *, struct msghdr *, int ); //tcp_sendmsg static unsigned char pr_jump1[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save1[num_bytes]; static void (*pr1)(struct sock *, struct tcp_opt *, int, int, int );//tcp_push static unsigned char pr_jump2[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save2[num_bytes]; static void (*pr2)(struct sock *, struct tcp_opt *,unsigned, int);// tcp_push_pending_frames static unsigned char pr_jump3[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save3[num_bytes]; static int (*pr3)(struct sock *, int );//tcp_write_xmit static unsigned char pr_jump4[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save4[num_bytes]; static int (*pr4)(struct sock *, struct sk_buff * );//tcp_transmit_skb 120
21 static unsigned char pr_jump5[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save5[num_bytes]; static int (*pr5)(struct sock *, struct sk_buff *);//tcp_retransmit_skb extern char big_buffer[bufsize]; void only_sock(struct sock *sk,char *fun_name,char *position,int end) { char store_time[20]; my_time(store_time); if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->sport)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->dport)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); if(end) strcat(big_buffer," "); // when we get 1 in end we have more data to go else strcat(big_buffer,"\n"); 121
22 void print_tcp_skb(struct sk_buff* skb,char * fun_name,char* position,int sockorskb){ char store_time[20]; my_time(store_time); if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(skb->nh.iph->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->source)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(skb->nh.iph->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->dest)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer," "); if(skb->h.th->syn) strcat(big_buffer,"s "); else if(skb->h.th->fin) strcat(big_buffer,"f "); else if(skb->h.th->psh) strcat(big_buffer,"p "); else strcat(big_buffer,". "); strcat(big_buffer,in_ntoa32(skb->h.th->seq) ); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(skb->h.th->ack_seq)); strcat(big_buffer,"\n"); 122
23 void tcpheader_info(struct tcphdr *th){ if(!th){ // in case th is null return,do not dereference null pointer strcat(big_buffer,"\n"); return; if(th->syn) strcat(big_buffer,"s "); else if(th->fin) strcat(big_buffer,"f "); else if(th->psh) strcat(big_buffer,"p "); else strcat(big_buffer,". "); strcat(big_buffer,in_ntoa32(th->seq)); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(th->ack_seq)); strcat(big_buffer,"\n"); void changed_tcp_push_pending_frames(struct sock *sk, struct tcp_opt *tp, unsigned cur_mss, int nonagle){ int slock_flags; char fname[20]; char position[2]; strcpy(fname," tcp_push_pending_frames"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr2, pr_save2,num_bytes); 123
24 pr2(sk,tp,cur_mss,nonagle); _memcpy(pr2, pr_jump2,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; void changed_tcp_push(struct sock *sk, struct tcp_opt *tp, int flags, int mss_now, int nonagle){ int slock_flags; char fname[20]; char position[2]; strcpy(fname,"tcp_push"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr1, pr_save1,num_bytes); pr1(sk,tp,flags,mss_now,nonagle); _memcpy(pr1, pr_jump1,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; 124
25 int changed_tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_retransmit_skb"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr5, pr_save5,num_bytes); retval=pr5(sk,skb); _memcpy(pr5, pr_jump5,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); return retval; int changed_tcp_transmit_skb(struct sock *sk, struct sk_buff *skb){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_transmit_skb"); strcpy(position,"b"); 125
26 only_sock(sk,fname,position,0); _memcpy(pr4, pr_save4,num_bytes); retval=pr4(sk,skb); _memcpy(pr4, pr_jump4,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); return retval; int changed_tcp_write_xmit(struct sock *sk, int nonagle){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_write_xmit"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr3, pr_save3,num_bytes); retval=pr3(sk,nonagle); 126
27 _memcpy(pr3, pr_jump3,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_sendmsg(struct sock *sk, struct msghdr *msg, int size){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_sendmsg"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr, pr_save,num_bytes); retval=pr(sk,msg,size); _memcpy(pr, pr_jump,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; 127
28 int init_module() { int slock_flags; pr=(int (*)(struct sock *, struct msghdr *, int ))allfunaddr[0]; pr1=(void (*)(struct sock *, struct tcp_opt *, int, int, int))allfunaddr[1]; pr2=(void (*)(struct sock *, struct tcp_opt *,unsigned, int))allfunaddr[2]; pr3=(int (*)(struct sock *, int ))allfunaddr[3]; pr4=(int (*)(struct sock *, struct sk_buff *))allfunaddr[4]; pr5=(int (*)(struct sock *, struct sk_buff *))allfunaddr[5]; *(unsigned int *)(pr_jump+1)=(unsigned int)changed_tcp_sendmsg; *(unsigned int *)(pr_jump1+1)=(unsigned int)changed_tcp_push; *(unsigned int *)(pr_jump2+1)=(unsigned int)changed_tcp_push_pending_frames; *(unsigned int *)(pr_jump3+1)=(unsigned int)changed_tcp_write_xmit; *(unsigned int *)(pr_jump4+1)=(unsigned int)changed_tcp_transmit_skb; *(unsigned int *)(pr_jump5+1)=(unsigned int)changed_tcp_retransmit_skb; _memcpy(pr_save,pr,num_bytes); _memcpy(pr,pr_jump,num_bytes); _memcpy(pr_save1,pr1,num_bytes); _memcpy(pr1,pr_jump1,num_bytes); _memcpy(pr_save2,pr2,num_bytes); _memcpy(pr2,pr_jump2,num_bytes); _memcpy(pr_save3,pr3,num_bytes); _memcpy(pr3,pr_jump3,num_bytes); _memcpy(pr_save4,pr4,num_bytes); _memcpy(pr4,pr_jump4,num_bytes); 128
29 _memcpy(pr_save5,pr5,num_bytes); _memcpy(pr5,pr_jump5,num_bytes); printk("<1> protocol added\n"); return 0; void cleanup_module(){ int slock_flags; _memcpy(pr, pr_save,num_bytes); _memcpy(pr1, pr_save1,num_bytes); _memcpy(pr2, pr_save2,num_bytes); _memcpy(pr3, pr_save3,num_bytes); _memcpy(pr4, pr_save4,num_bytes); _memcpy(pr5, pr_save5,num_bytes); if(strlen(big_buffer)>0){ print_buffer(file_name,big_buffer,strlen(big_buffer)); big_buffer[0]='\0'; printk("<1> Protocol Removed \n"); 129
30 12.5 tcpout.sh /* File name: tcpout.sh This file supplies command line parameters after extracting the information from /boot/system.map file and loads the module tcpout.o */ #!/bin/bash #This is shell program to load tcpout.o module with requisite parameters FUN="tcp_sendmsg" FUN1="tcp_push" FUN2=" tcp_push_pending_frames" FUN3="tcp_write_xmit" FUN4="tcp_transmit_skb" FUN5="tcp_retransmit_skb" PR=`cat /boot/system.map grep -w $FUN cut -c 1-8` PR1=`cat /boot/system.map grep -w $FUN1 cut -c 1-8` PR2=`cat /boot/system.map grep -w $FUN2 cut -c 1-8` PR3=`cat /boot/system.map grep -w $FUN3 cut -c 1-8` PR4=`cat /boot/system.map grep -w $FUN4 cut -c 1-8` PR5=`cat /boot/system.map grep -w $FUN5 cut -c 1-8` if [ "$PR" = "" ] then echo "PR is empty,cannot get the address of $FUN " elif [ "$PR1" = "" ] then echo "PR1 is empty,cannot get the address of $FUN1 " elif [ "$PR2" = "" ] then echo "PR2 is empty,cannot get the address of $FUN2 " 130
31 elif [ "$PR3" = "" ] then echo "PR3 is empty,cannot get the address of $FUN3 " elif [ "$PR4" = "" ] then echo "PR4 is empty,cannot get the address of $FUN4 " elif [ "$PR5" = "" ] then echo "PR5 is empty,cannot get the address of $FUN5 " else echo " insmod tcpout.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5" insmod tcpout.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5 fi 131
32 12.6 synfin.c /* File name: synfin.c This file intercepts Linux TCP functions involved in TCP Connection Management and TCP state changes */ #include "module_header.h" static int allfunaddr[17] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ; MODULE_PARM(allFunAddr, "1-17i"); static unsigned char pr_jump[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save[num_bytes]; static int (*pr)(struct sock *); //tcp_v4_init_sock static unsigned char pr_jump1[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save1[num_bytes]; static int (*pr1)(struct sock *, int,int,char *,int);//tcp_setsockopt static unsigned char pr_jump2[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save2[num_bytes]; static int (*pr2)(struct sock *);//tcp_connect static unsigned char pr_jump3[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save3[num_bytes]; static unsigned int (*pr3)(struct sock *,struct sockaddr *,int );//tcp_v4_connect static unsigned char pr_jump4[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save4[num_bytes]; static int (*pr4)(struct sock *,struct sk_buff *,struct tcphdr *,unsigned );//tcp_rcv_synsent_state_process 132
33 static unsigned char pr_jump5[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save5[num_bytes]; static int (*pr5)(struct sock *);//tcp_send_ack static unsigned char pr_jump6[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save6[num_bytes]; static int (*pr6)(struct sock *, struct sk_buff *,struct tcphdr *, unsigned);//tcp_rcv_state_process static unsigned char pr_jump7[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save7[num_bytes]; static int (*pr7)(struct sock *, struct open_request *, struct sk_buff *);//tcp_create_openreq_child static unsigned char pr_jump8[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save8[num_bytes]; static int (*pr8)(struct sock *, struct sk_buff *);//tcp_v4_conn_request static unsigned char pr_jump9[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save9[num_bytes]; static int (*pr9)(struct sock *, struct open_request *,struct dst_entry *);//tcp_v4_send_synack static unsigned char pr_jump10[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save10[num_bytes]; static int (*pr10)(struct sock *, long );//tcp_close static unsigned char pr_jump11[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save11[num_bytes]; static int (*pr11)(struct sock *);//tcp_send_fin 133
34 static unsigned char pr_jump12[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save12[num_bytes]; static int (*pr12)(struct sock *);//tcp_close_state static unsigned char pr_jump13[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save13[num_bytes]; static int (*pr13)(struct sk_buff *, struct sock *, struct tcphdr *);//tcp_fin static unsigned char pr_jump14[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save14[num_bytes]; static void (*pr14)(struct sock *);//tcp_send_delayed_ack static unsigned char pr_jump15[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save15[num_bytes]; static int (*pr15)(struct sock *,int,int );//tcp_time_wait static unsigned char pr_jump16[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save16[num_bytes]; static void (*pr16)(struct sock *,int );//tcp_set_state extern char big_buffer[bufsize]; void only_sock(struct sock *sk,char *fun_name,char *position,int end) { char store_time[20]; my_time(store_time); if(strlen(big_buffer)>= BUFSIZE - RECORD_SIZE){ printk("<1>out of buffer memory\n"); return; 134
35 strcat(big_buffer,store_time); strcat(big_buffer," "); if(sk){ strcat(big_buffer,in_ntoa(sk->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->sport)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->dport)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); if(end && sk) strcat(big_buffer," "); // when we get 1 in end we have more data to go else strcat(big_buffer,"\n"); /* void print_tcp_skb(struct sock *sk,struct sk_buff* skb,char * fun_name,char* position){ char store_time[20]; my_time(store_time); if(strlen(big_buffer)>=bufsize-record_size){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->source)); 135
36 strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(skb->h.th->dest)); strcat(big_buffer," "); if(skb->h.th->syn) strcat(big_buffer,"s "); else if(skb->h.th->psh) strcat(big_buffer,"p "); else if(skb->h.th->fin) strcat(big_buffer,"f "); else strcat(big_buffer,". "); */ strcat(big_buffer,in_ntoa32(skb->h.th->seq) ); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(skb->h.th->ack_seq)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); void tcpheader_info(struct tcphdr *th){ if(strlen(big_buffer)>= BUFSIZE - RECORD_SIZE){ strcat(big_buffer,"out of buffer memory\n"); return; if(!th){ // in case th is null return,do not dereference null pointer strcat(big_buffer,"\n"); return; 136
37 if(th->syn) strcat(big_buffer,"s "); else if(th->psh) strcat(big_buffer,"p "); else if(th->fin) strcat(big_buffer,"f "); else strcat(big_buffer,". "); strcat(big_buffer,in_ntoa32(th->seq)); strcat(big_buffer," ack "); strcat(big_buffer,in_ntoa32(th->ack_seq)); strcat(big_buffer,"\n"); int changed_tcp_v4_send_synack(struct sock *sk, struct open_request *req,struct dst_entry *dst){ int slock_flags; int retval; char fname[30]; char position[2]; strcpy(fname,"tcp_v4_send_synack"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr9, pr_save9,num_bytes); retval=pr9(sk,req,dst); 137
38 _memcpy(pr9, pr_jump9,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb){ int slock_flags; int retval; char fname[30]; char position[2]; strcpy(fname,"tcp_v4_conn_request"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr8, pr_save8,num_bytes); retval=pr8(sk,skb); _memcpy(pr8, pr_jump8,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); 138
39 return retval; int changed_tcp_create_openreq_child(struct sock *sk, struct open_request *req, struct sk_buff *skb){ int slock_flags; int retval; char fname[30]; char position[2]; strcpy(fname,"tcp_create_openreq_child"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr7, pr_save7,num_bytes); retval=pr7(sk,req,skb); _memcpy(pr7, pr_jump7,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_rcv_state_process(struct sock *sk,struct sk_buff *skb,struct tcphdr *th, unsigned len){ 139
40 int slock_flags; int retval; char fname[30]; char position[2]; strcpy(fname,"tcp_rcv_state_process"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr6, pr_save6,num_bytes); retval=pr6(sk,skb,th,len); _memcpy(pr6, pr_jump6,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_send_ack(struct sock *sk){ int slock_flags; int retval; char fname[30]; char position[2]; 140
41 strcpy(fname,"tcp_send_ack"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr5, pr_save5,num_bytes); retval=pr5(sk); _memcpy(pr5, pr_jump5,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; /* int changed_tcp_transmit_skb(struct sock *sk, struct sk_buff *skb){ int slock_flags; int retval; char fname[30]; char position[2]; strcpy(fname,"tcp_transmit_skb"); strcpy(position,"b"); if(skb){ //if skb in not null pointer do this only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); 141
42 else { only_sock(sk,fname,position,0); // no printing of tcp sequence details _memcpy(pr5, pr_save5,num_bytes); retval=pr5(sk,skb); _memcpy(pr5, pr_jump5,num_bytes); strcpy(position,"e"); if(skb){ //if skb in not null pointer do this only_sock(sk,fname,position,1); tcpheader_info(skb->h.th); else { only_sock(sk,fname,position,0); // no printing of tcp sequence details */ return retval; int changed_tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,struct tcphdr *th, unsigned len){ int slock_flags; int retval; char fname[30]; char position[2]; 142
43 strcpy(fname,"tcp_rcv_synsent_state_process"); strcpy(position,"b"); only_sock(sk,fname,position,1); tcpheader_info(th); _memcpy(pr4, pr_save4,num_bytes); retval=pr4(sk,skb,th,len); _memcpy(pr4, pr_jump4,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,1); tcpheader_info(th); return retval; int changed_tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_v4_connect"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr3, pr_save3,num_bytes); 143
44 retval=pr3(sk,uaddr,addr_len); _memcpy(pr3, pr_jump3,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_connect(struct sock *sk){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_connect"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr2, pr_save2,num_bytes); retval=pr2(sk); _memcpy(pr2, pr_jump2,num_bytes); strcpy(position,"e"); 144
45 only_sock(sk,fname,position,0); return retval; int changed_tcp_setsockopt(struct sock *sk, int level, int optname, char *optval,int optlen){ int slock_flags; int retval; char fname[20]; char position[2]; strcpy(fname,"tcp_setsockopt"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr1, pr_save1,num_bytes); retval=pr1(sk,level,optname,optval,optlen); _memcpy(pr1, pr_jump1,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; 145
46 int changed_tcp_v4_init_sock(struct sock *sk){ int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_v4_init_sock"); strcpy(position,"b") ; only_sock(sk,fname,position,0) ; _memcpy(pr, pr_save,num_bytes); retval=pr(sk); _memcpy(pr, pr_jump,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_close(struct sock *sk, long timeout){ int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_close"); strcpy(position,"b"); 146
47 only_sock(sk,fname,position,0); _memcpy(pr10, pr_save10,num_bytes); retval=pr10(sk,timeout); _memcpy(pr10, pr_jump10,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_send_fin(struct sock *sk){ int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_send_fin"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr11, pr_save11,num_bytes); retval=pr11(sk); 147
48 _memcpy(pr11, pr_jump11,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_close_state(struct sock *sk){ int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_close_state"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr12, pr_save12,num_bytes); retval=pr12(sk); _memcpy(pr12, pr_jump12,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; int changed_tcp_fin(struct sk_buff *skb, struct sock *sk, struct tcphdr *th){ 148
49 int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_fin"); strcpy(position,"b"); if(skb){ //if skb in not null pointer do this only_sock(sk,fname,position,1); if(th) tcpheader_info(th); else { only_sock(sk,fname,position,0); // no printing of tcp sequence details //only_sock(sk,fname,position,0); _memcpy(pr13, pr_save13,num_bytes); retval=pr13(skb,sk,th); _memcpy(pr13, pr_jump13,num_bytes); strcpy(position,"e"); if(skb){ //if skb in not null pointer do this only_sock(sk,fname,position,1); if (th) tcpheader_info(th); 149
50 else { only_sock(sk,fname,position,0); // no printing of tcp sequence details as skb is null // only_sock(sk,fname,position,0); return retval; void changed_tcp_send_delayed_ack(struct sock *sk){ int slock_flags; //int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_send_delayed_ack"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr14, pr_save14,num_bytes); pr14(sk); _memcpy(pr14, pr_jump14,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; 150
51 int changed_tcp_time_wait(struct sock *sk, int state, int timeo){ int slock_flags; int retval; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_time_wait"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr15, pr_save15,num_bytes); retval=pr15(sk,state,timeo); _memcpy(pr15, pr_jump15,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return retval; void changed_tcp_set_state(struct sock *sk, int state){ int slock_flags; //int retval; char fname[20]; char position[2]; 151
52 //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_set_state"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr16, pr_save16,num_bytes); pr16(sk,state); _memcpy(pr16, pr_jump16,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return; int init_module() { int slock_flags; pr=(int (*)(struct sock *))allfunaddr[0]; pr1=(int (*)(struct sock *, int,int,char *,int))allfunaddr[1]; pr2=(int (*)(struct sock *))allfunaddr[2]; pr3=(unsigned int (*)(struct sock *,struct sockaddr *,int ))allfunaddr[3]; pr4=(int (*)(struct sock *,struct sk_buff *,struct tcphdr *,unsigned ))allfunaddr[4]; pr5=(int (*)(struct sock *))allfunaddr[5]; pr6=(int (*)(struct sock *, struct sk_buff *,struct tcphdr *, unsigned ))allfunaddr[6]; pr7=(int (*)(struct sock *, struct open_request *, struct sk_buff *))allfunaddr[7]; pr8=(int (*)(struct sock *, struct sk_buff *))allfunaddr[8]; pr9=(int (*)(struct sock *, struct open_request *,struct dst_entry *))allfunaddr[9]; pr10=(int (*)(struct sock *, long ))allfunaddr[10]; 152
53 pr11=(int (*)(struct sock *))allfunaddr[11]; pr12=(int (*)(struct sock *))allfunaddr[12]; pr13=(int (*)(struct sk_buff *, struct sock *, struct tcphdr *))allfunaddr[13]; pr14=(void (*)(struct sock *))allfunaddr[14]; pr15=(int (*)(struct sock *,int,int ))allfunaddr[15]; pr16=(void (*)(struct sock *,int ))allfunaddr[16]; *(unsigned int *)(pr_jump+1)=(unsigned int)changed_tcp_v4_init_sock; *(unsigned int *)(pr_jump1+1)=(unsigned int)changed_tcp_setsockopt; *(unsigned int *)(pr_jump2+1)=(unsigned int)changed_tcp_connect; *(unsigned int *)(pr_jump3+1)=(unsigned int)changed_tcp_v4_connect; *(unsigned int *)(pr_jump4+1)=(unsigned int)changed_tcp_rcv_synsent_state_process; *(unsigned int *)(pr_jump5+1)=(unsigned int)changed_tcp_send_ack; *(unsigned int *)(pr_jump6+1)=(unsigned int)changed_tcp_rcv_state_process; *(unsigned int *)(pr_jump7+1)=(unsigned int)changed_tcp_create_openreq_child; *(unsigned int *)(pr_jump8+1)=(unsigned int)changed_tcp_v4_conn_request; *(unsigned int *)(pr_jump9+1)=(unsigned int)changed_tcp_v4_send_synack; *(unsigned int *)(pr_jump10+1)=(unsigned int)changed_tcp_close; *(unsigned int *)(pr_jump11+1)=(unsigned int)changed_tcp_send_fin; *(unsigned int *)(pr_jump12+1)=(unsigned int)changed_tcp_close_state; *(unsigned int *)(pr_jump13+1)=(unsigned int)changed_tcp_fin; *(unsigned int *)(pr_jump14+1)=(unsigned int)changed_tcp_send_delayed_ack; *(unsigned int *)(pr_jump15+1)=(unsigned int)changed_tcp_time_wait; *(unsigned int *)(pr_jump16+1)=(unsigned int)changed_tcp_set_state; _memcpy(pr_save,pr,num_bytes); _memcpy(pr,pr_jump,num_bytes); _memcpy(pr_save1,pr1,num_bytes); _memcpy(pr1,pr_jump1,num_bytes); _memcpy(pr_save2,pr2,num_bytes); _memcpy(pr2,pr_jump2,num_bytes); _memcpy(pr_save3,pr3,num_bytes); 153
54 _memcpy(pr3,pr_jump3,num_bytes); _memcpy(pr_save4,pr4,num_bytes); _memcpy(pr4,pr_jump4,num_bytes); _memcpy(pr_save5,pr5,num_bytes); _memcpy(pr5,pr_jump5,num_bytes); _memcpy(pr_save6,pr6,num_bytes); _memcpy(pr6,pr_jump6,num_bytes); _memcpy(pr_save7,pr7,num_bytes); _memcpy(pr7,pr_jump7,num_bytes); _memcpy(pr_save8,pr8,num_bytes); _memcpy(pr8,pr_jump8,num_bytes); _memcpy(pr_save9,pr9,num_bytes); _memcpy(pr9,pr_jump9,num_bytes); _memcpy(pr_save10,pr10,num_bytes); _memcpy(pr10,pr_jump10,num_bytes); _memcpy(pr_save11,pr11,num_bytes); _memcpy(pr11,pr_jump11,num_bytes); _memcpy(pr_save12,pr12,num_bytes); _memcpy(pr12,pr_jump12,num_bytes); _memcpy(pr_save13,pr13,num_bytes); _memcpy(pr13,pr_jump13,num_bytes); _memcpy(pr_save14,pr14,num_bytes); _memcpy(pr14,pr_jump14,num_bytes); _memcpy(pr_save15,pr15,num_bytes); _memcpy(pr15,pr_jump15,num_bytes); 154
55 _memcpy(pr_save16,pr16,num_bytes); _memcpy(pr16,pr_jump16,num_bytes); printk("<1> protocol added\n"); return 0; void cleanup_module(){ int slock_flags; _memcpy(pr, pr_save,num_bytes); _memcpy(pr1, pr_save1,num_bytes); _memcpy(pr2, pr_save2,num_bytes); _memcpy(pr3, pr_save3,num_bytes); _memcpy(pr4, pr_save4,num_bytes); _memcpy(pr5, pr_save5,num_bytes); _memcpy(pr6, pr_save6,num_bytes); _memcpy(pr7, pr_save7,num_bytes); _memcpy(pr8, pr_save8,num_bytes); _memcpy(pr9, pr_save9,num_bytes); _memcpy(pr10, pr_save10,num_bytes); _memcpy(pr11, pr_save11,num_bytes); _memcpy(pr12, pr_save12,num_bytes); _memcpy(pr13, pr_save13,num_bytes); _memcpy(pr14, pr_save14,num_bytes); _memcpy(pr15, pr_save15,num_bytes); _memcpy(pr16, pr_save16,num_bytes); 155
56 if(strlen(big_buffer)>0){ print_buffer(file_name,big_buffer,strlen(big_buffer)); //big_buffer[0]='\0'; printk("<1> Protocol Removed \n"); 156
57 12.7 synfin.sh /* File name: synfin.sh This file supplies command line parameters after extracting the information from /boot/system.map file and loads the module synfin.o */ #!/bin/bash #This is shell program to load tcpin.o module with requisite parameters FUN="tcp_v4_init_sock" FUN1="tcp_setsockopt" FUN2="tcp_connect" FUN3="tcp_v4_connect" FUN4="tcp_rcv_synsent_state_process" FUN5="tcp_send_ack" FUN6="tcp_rcv_state_process" FUN7="tcp_create_openreq_child" FUN8="tcp_v4_conn_request" FUN9="tcp_v4_send_synack" FUN10="tcp_close" FUN11="tcp_send_fin" FUN12="tcp_close_state" FUN13="tcp_fin" FUN14="tcp_send_delayed_ack" FUN15="tcp_time_wait" FUN16="tcp_set_state" PR=`cat /boot/system.map grep -w $FUN cut -c 1-8` PR1=`cat /boot/system.map grep -w $FUN1 cut -c 1-8` PR2=`cat /boot/system.map grep -w $FUN2 cut -c 1-8` 157
58 PR3=`cat /boot/system.map grep -w $FUN3 cut -c 1-8` PR4=`cat /boot/system.map grep -w $FUN4 cut -c 1-8` PR5=`cat /boot/system.map grep -w $FUN5 cut -c 1-8` PR6=`cat /boot/system.map grep -w $FUN6 cut -c 1-8` PR7=`cat /boot/system.map grep -w $FUN7 cut -c 1-8` PR8=`cat /boot/system.map grep -w $FUN8 cut -c 1-8` PR9=`cat /boot/system.map grep -w $FUN9 cut -c 1-8` PR10=`cat /boot/system.map grep -w $FUN10 cut -c 1-8` PR11=`cat /boot/system.map grep -w $FUN11 cut -c 1-8` PR12=`cat /boot/system.map grep -w $FUN12 cut -c 1-8` PR13=`cat /boot/system.map grep -w $FUN13 cut -c 1-8` PR14=`cat /boot/system.map grep -w $FUN14 cut -c 1-8` PR15=`cat /boot/system.map grep -w $FUN15 cut -c 1-8` PR16=`cat /boot/system.map grep -w $FUN16 cut -c 1-8` if [ "$PR" = "" ] then echo "PR is empty,cannot get the address of $FUN " elif [ "$PR1" = "" ] then echo "PR1 is empty,cannot get the address of $FUN1 " elif [ "$PR2" = "" ] then echo "PR2 is empty,cannot get the address of $FUN2 " elif [ "$PR3" = "" ] then echo "PR3 is empty,cannot get the address of $FUN3 " elif [ "$PR4" = "" ] then echo "PR4 is empty,cannot get the address of $FUN4 " elif [ "$PR5" = "" ] then echo "PR5 is empty,cannot get the address of $FUN5 " elif [ "$PR6" = "" ] then echo "PR6 is empty,cannot get the address of $FUN6 " elif [ "$PR7" = "" ] 158
59 then echo "PR7 is empty,cannot get the address of $FUN7 " elif [ "$PR8" = "" ] then echo "PR8 is empty,cannot get the address of $FUN8 " elif [ "$PR9" = "" ] then echo "PR9 is empty,cannot get the address of $FUN9 " elif [ "$PR10" = "" ] then echo "PR10 is empty,cannot get the address of $FUN10 " elif [ "$PR11" = "" ] then echo "PR11 is empty,cannot get the address of $FUN11 " elif [ "$PR12" = "" ] then echo "PR12 is empty,cannot get the address of $FUN12 " elif [ "$PR13" = "" ] then echo "PR13 is empty,cannot get the address of $FUN13 " elif [ "$PR14" = "" ] then echo "PR14 is empty,cannot get the address of $FUN14 " elif [ "$PR15" = "" ] then echo "PR15 is empty,cannot get the address of $FUN15 " elif [ "$PR16" = "" ] then echo "PR16 is empty,cannot get the address of $FUN16 " else echo " insmod synfin.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5,0x$pr6,0x$pr7," echo "0x$PR8,0x$PR9,0x$PR10,0x$PR11,0x$PR12,0x$PR13,0x$PR14,0x$PR15,0x$PR16" insmod synfin.o allfunaddr=0x$pr,0x$pr1,0x$pr2,0x$pr3,0x$pr4,0x$pr5,0x$pr6,0x$pr7,0x$pr8,\ 0x$PR9,0x$PR10,0x$PR11,0x$PR12,0x$PR13,0x$PR14,0x$PR15,0x$PR16 fi 159
60 12.8 tcp_prot.c /* File name: tcp_prot.c This file intercepts Linux TCP functions involved in handling of Protocol related data such as congestion window e.t.c. */ #include "module_header.h" static int allfunaddr[5] = { 0,0,0,0,0 ; MODULE_PARM(allFunAddr, "1-5i"); static unsigned char pr_jump[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save[num_bytes]; static int (*pr)(struct sock *); // tcp_select_window static unsigned char pr_jump1[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save1[num_bytes]; static u32 (*pr1)(struct tcp_opt *);//tcp_receive_window static unsigned char pr_jump2[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save2[num_bytes]; static void (*pr2)(struct tcp_opt *);//tcp_cong_avoid static unsigned char pr_jump3[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax static unsigned char pr_save3[num_bytes]; static void (*pr3)(struct sock *,int );//tcp_enter_loss static unsigned char pr_jump4[num_bytes]="\xb8\x00\x00\x00\x00" /* movl $0,%eax */ "\xff\xe0"; // jmp *eax 160
61 static unsigned char pr_save4[num_bytes]; static u32 (*pr4)(struct tcp_opt *);//tcp_recalc_ssthresh extern char big_buffer[bufsize]; void only_sock(struct sock *sk,char *fun_name,char *position,int end) { char store_time[20]; my_time(store_time); if(strlen(big_buffer)>=bufsize - RECORD_SIZE){ printk("<1>out of buffer memory\n"); return; strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->saddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->sport)); strcat(big_buffer," "); strcat(big_buffer,in_ntoa(sk->daddr)); strcat(big_buffer,":"); strcat(big_buffer,in_ntoa16(sk->dport)); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); if(end) strcat(big_buffer," "); // when we get 1 in end we have more data to go else strcat(big_buffer,"\n"); u32 changed_tcp_recalc_ssthresh(struct tcp_opt *tp){ 161
62 int slock_flags; u32 retval; char fun_name[20]; char position[2]; char cwnd[12]; char ssth[12]; char store_time[20]; my_time(store_time); if(strlen(big_buffer)<bufsize - RECORD_SIZE){ strcpy(fun_name,"tcp_recalc_ssthresh"); strcpy(position,"b"); sprintf(cwnd,"%u",tp->snd_cwnd); strcpy(position,"b"); strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,"cwnd: "); strcat(big_buffer,cwnd); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); _memcpy(pr4, pr_save4,num_bytes); retval=pr4(tp); _memcpy(pr4, pr_jump4,num_bytes); 162
63 my_time(store_time); strcpy(position,"e"); sprintf(ssth,"%u",retval); strcpy(position,"b"); if(strlen(big_buffer)<bufsize - RECORD_SIZE){ strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,"ssth: "); strcat(big_buffer,ssth); strcat(big_buffer," "); else strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); strcpy(big_buffer,"buffer is full "); return retval; void changed_tcp_enter_loss(struct sock *sk,int how){ int slock_flags; char fname[20]; char position[2]; //printk("<1> Hello gyan I am Here\n"); strcpy(fname,"tcp_enter_loss"); strcpy(position,"b"); only_sock(sk,fname,position,0); _memcpy(pr3, pr_save3,num_bytes); 163
64 pr3(sk,how); _memcpy(pr3, pr_jump3,num_bytes); strcpy(position,"e"); only_sock(sk,fname,position,0); return ; void changed_tcp_cong_avoid(struct tcp_opt *tp){ int slock_flags; char fun_name[20]; char position[2]; char cwnd[12]; char cwnd_count[12]; char cwnd_clamp[12]; char store_time[20]; my_time(store_time); if(strlen(big_buffer) < BUFSIZE - RECORD_SIZE){ strcpy(fun_name,"tcp_cong_avoid"); strcpy(position,"b"); sprintf(cwnd,"%u",tp->snd_cwnd); sprintf(cwnd_clamp, "%u",tp->snd_cwnd_clamp); sprintf(cwnd_count, "%u",tp->snd_cwnd_cnt); strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,"cwnd: "); strcat(big_buffer,cwnd); strcat(big_buffer," "); strcat(big_buffer,"cwnd CLAMP: "); strcat(big_buffer,cwnd_clamp); 164
65 strcat(big_buffer," "); strcat(big_buffer,"cwnd COUNT: "); strcat(big_buffer,cwnd_count); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); _memcpy(pr2, pr_save2,num_bytes); pr2(tp); _memcpy(pr2, pr_jump2,num_bytes); my_time(store_time); if(strlen(big_buffer)< BUFSIZE - RECORD_SIZE){ strcpy(position,"e"); sprintf(cwnd,"%u",tp->snd_cwnd); sprintf(cwnd_clamp, "%u",tp->snd_cwnd_clamp); sprintf(cwnd_count, "%u",tp->snd_cwnd_cnt); strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,"cwnd: "); strcat(big_buffer,cwnd); strcat(big_buffer," "); strcat(big_buffer,"cwnd CLAMP: "); strcat(big_buffer,cwnd_clamp); strcat(big_buffer," "); strcat(big_buffer,"cwnd COUNT: "); 165
66 else strcat(big_buffer,cwnd_count); strcat(big_buffer," "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); strcpy(big_buffer, "buffer is full "); return ; u32 changed_tcp_receive_window(struct tcp_opt *tp){ int slock_flags; u32 retval; char fun_name[20]; char position[2]; char pw[12]; char store_time[20]; my_time(store_time); if(strlen(big_buffer)< BUFSIZE - RECORD_SIZE){ strcpy(fun_name,"tcp_receive_window"); strcpy(position,"b"); strcat(big_buffer,store_time); strcat(big_buffer," "); strcat(big_buffer,"present_window: "); strcat(big_buffer,"nil "); strcat(big_buffer,fun_name); strcat(big_buffer," "); strcat(big_buffer,position); strcat(big_buffer,"\n"); 166
I experiment on the kernel of linux environment.
I experiment on the kernel of linux 2.4.29 environment. RX checksum offload ==================================== The linux kernel can t calculate TCP and UDP checksum if skb->ip_summed is CHECKSUM_UNNECESSARY.
I experiment on the kernel of linux environment.
I experiment on the kernel of linux 2.6.10 environment. RX checksum offload ==================================== The linux kernel can t calculate TCP and UDP checksum if skb->ip_summed is CHECKSUM_UNNECESSARY.
MultiPath TCP : Linux Kernel implementation
MultiPath TCP : Linux Kernel implementation Presenter: Christoph Paasch IP Networking Lab UCLouvain, Belgium August 28, 2012 http://multipath-tcp.org IP Networking Lab http://multipath-tcp.org 1/ 29 Networks
Tutorial 2. Linux networking, sk_buff and stateless packet filtering. Roei Ben-Harush Check Point Software Technologies Ltd.
Tutorial 2 Linux networking, sk_buff and stateless packet filtering Agenda 1 Linux file system - networking 2 3 4 sk_buff Stateless packet filtering About next assignment 2 Agenda 1 Linux file system -
Lecture 1. Virtualization, Linux kernel (modules and networking) and Netfilter Winter 15/16. Roei Ben-Harush 2015
Lecture 1 Virtualization, Linux kernel (modules and networking) and Netfilter Winter 15/16 Agenda 1 2 3 4 Virtualization Linux kernel modules and networking Netfilter About first Assignment 2 Agenda 1
TCP-BPF: Programmatically tuning TCP behavior through BPF
TCP-BPF: Programmatically tuning TCP behavior through BPF Lawrence Brakmo Facebook Menlo Park, USA brakmo@fb.com Abstract TCP-BPF, also known as BPF sock_ops, is a new mechanism that supports setting TCP
Once Only Drop Capability in the Linux Routing Software
Once Only Drop Capability in the Linux Routing Software Submitted to the Department of Computer Science College of Computing Sciences New Jersey Institute of Technology in Partial Fulfillment of the Requirements
CSE 124 Discussion Section Sockets Programming 10/10/17
CSE 124 Discussion Section Sockets Programming 10/10/17 Topics What s a socket? Creating a socket Connecting a socket Sending data Receiving data Resolving URLs to IPs Advanced socket options Live code
Scripting Linux system calls with Lua. Lua Workshop 2018 Pedro Tammela CUJO AI
Scripting Linux system calls with Lua Pedro Tammela CUJO AI Scripting system calls Customizing system calls at the kernel level Why bother? Through scripts, users can adapt the operating system behavior
jelly-near jelly-far
sudo./run Two interfaces created: os0, os1 Two networks created: (add to /etc/networks) peanut where os0 will connect 192.168.0.0 grape where os1 will connect 192.168.1.0 Two IP addresses in peanut: (add
Building socket-aware BPF programs
Building socket-aware BPF programs Joe Stringer Cilium.io Linux Plumbers 2018, Vancouver, BC Joe Stringer BPF Socket Lookup Nov 13, 2018 1 / 32 Joe Stringer BPF Socket Lookup Nov 13, 2018 2 / 32 Background
Lecture 7. Followup. Review. Communication Interface. Socket Communication. Client-Server Model. Socket Programming January 28, 2005
Followup symbolic link (soft link): pathname, can be across file systems, replacement of file will be active on all symbolic links, consumes at least an inode. hard link: pointers to an inode, only in
Chapter 4 End-to-End Protocol Layer
Chapter 4 End-to-End Protocol Layer Problem Statement The end-to-end protocol layer, also known as the transport layer, is like the skin of the whole protocol hierarchy that can provide valuable services
The following structure contains network information about client when command is connect or bind :
SS5 Development Guide SS5 structures The following structure contains network information about client when command is connect or bind : SS5ClientInfo Unsigned int Socket Struct socksaddr_in SockAddr Unsigned
UNIVERSITY OF OSLO Department of Informatics. Late data choice with the Linux TCP/IP stack. Master Thesis. Erlend Birkedal
UNIVERSITY OF OSLO Department of Informatics Late data choice with the Linux TCP/IP stack Master Thesis Erlend Birkedal 24th May 2006 Abstract The amount of time critical data sent on the Internet is
Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP
![Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP](/thumbs/88/115916296.jpg "Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP")
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
Transport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
===Socket API User/ OS interface === COP
The COP (connection oriented reliable packet stream) protocol COP is a packet oriented transport protocol whose objective is to tame some aspects of the bad behavior of UDP. Application ===Socket API User/
Correcting mistakes. TCP: Overview RFCs: 793, 1122, 1323, 2018, TCP seq. # s and ACKs. GBN in action. TCP segment structure
Correcting mistakes Go-back-N: big picture: sender can have up to N unacked packets in pipeline rcvr only sends cumulative acks doesn t ack packet if there s a gap sender has r for oldest unacked packet
RSC Part III: Transport Layer 3. TCP
RSC Part III: Transport Layer 3. TCP Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part of the companion slides to the book Computer Networking: A Top Down
ExecVus. Alexandru Totolici
ExecVus Alexandru Totolici a way to visualize control-flow in! software execution 2 planned for: code collapse code reordering improved selection of exec. path zoom in/out of control flow scented graph
Types (Protocols) Associated functions Styles We will look at using sockets in C Java sockets are conceptually quite similar
Socket Programming What is a socket? Using sockets Types (Protocols) Associated functions Styles We will look at using sockets in C Java sockets are conceptually quite similar - Advanced Data Communications:
Socket Programming. Dr. -Ing. Abdalkarim Awad. Informatik 7 Rechnernetze und Kommunikationssysteme
Socket Programming Dr. -Ing. Abdalkarim Awad Informatik 7 Rechnernetze und Kommunikationssysteme Before we start Can you find the ip address of an interface? Can you find the mac address of an interface?
1. Introduction. 1.1 What is TCP and how does it work?
Abstract Nowadays, there are more and more data intensive applications requiring high file transfer over high bandwidth-delay networks. In order to take advantage of the new backbone capacities, which
XDP in Practice DDoS Gilberto Bertin
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation
Transport Layer Review
Transport Layer Review Mahalingam Mississippi State University, MS October 1, 2014 Transport Layer Functions Distinguish between different application instances through port numbers Make it easy for applications
6. The Transport Layer and protocols
6. The Transport Layer and protocols 1 Dr.Z.Sun Outline Transport layer services Transmission Control Protocol Connection set-up and tear-down Ports and Well-know-ports Flow control and Congestion control
Socket Programming for TCP and UDP
CSCI4430 Data Communication and Computer Networks Socket Programming for TCP and UDP ZHANG, Mi Jan. 19, 2017 Outline Socket Programming for TCP Introduction What is TCP What is socket TCP socket programming
// socket for establishing connections
#include #include #include #include #include #include #include #define FILELENGTH 511 // This is not right #define
Chapter 3 outline. 3.5 connection-oriented transport: TCP segment structure reliable data transfer flow control connection management
Chapter 3 outline 3.1 transport-layer services 3.2 multiplexing and demultiplexing 3.3 connectionless transport: UDP 3.4 principles of reliable data transfer 3.5 connection-oriented transport: TCP segment
Networking Subsystem in Linux. Manoj Naik IBM Almaden Research Center
Networking Subsystem in Linux Manoj Naik IBM Almaden Research Center Scope of the talk Linux TCP/IP networking layers Socket interfaces and structures Creating and using INET sockets Linux IP layer Socket
High Speed Packet Filtering on Linux
past, present & future of High Speed Packet Filtering on Linux Gilberto Bertin $ whoami System engineer at Cloudflare DDoS mitigation team Enjoy messing with networking and low level things Cloudflare
Transport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005
Transport Layer For a connection on a host (single IP address), there exist many entry points through which there may be many-to-many connections. These are called ports. A port is a 16-bit number used
Topics. TCP sliding window protocol TCP PUSH flag TCP slow start Bulk data throughput
Topics TCP sliding window protocol TCP PUSH flag TCP slow start Bulk data throughput 2 Introduction In this chapter we will discuss TCP s form of flow control called a sliding window protocol It allows
Computer Networks. Transmission Control Protocol. Jianping Pan Spring /3/17 CSC361 1
Computer Networks Transmission Control Protocol Jianping Pan Spring 2017 2/3/17 CSC361 1 https://connex.csc.uvic.ca/portal NSERC USRA awards available at UVic CSc for 2017/18 2/3/17 CSC361 2 TCP Transmission
Computer Networking Introduction
Computer Networking Introduction Halgurd S. Maghdid Software Engineering Department Koya University-Koya, Kurdistan-Iraq Lecture No.10 Chapter 3 outline 3.1 transport-layer services 3.2 multiplexing and
Module : ServerIron ADX Packet Capture
Module : ServerIron ADX Packet Capture Objectives Upon completion of this module, you will be able to: Describe Brocade ServerIron ADX (ADX) Packet Capture feature Configure and verify the Packet Capture
Socket Programming TCP UDP
Socket Programming TCP UDP Introduction Computer Network hosts, routers, communication channels Hosts run applications Routers forward information Packets: sequence of bytes contain control information
CS450 Introduc0on to Networking Lecture 14 TCP. Phu Phung Feb 13, 2015
CS450 Introduc0on to Networking Lecture 14 TCP Phu Phung Feb 13, 2015 Next lecture (Feb 16) Assignment 3 (No iclicker ques0ons) Wireshark links Guest lecture on Monday Feb 23 rd DNS Security Midterm exam
CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 9
CMPE 150/L : Introduction to Computer Networks Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 9 1 Chapter 3 outline 3.1 transport-layer services 3.2 multiplexing and demultiplexing 3.3
A Socket Example. Haris Andrianakis & Angelos Stavrou George Mason University
A Socket Example & George Mason University Everything is a file descriptor Most socket system calls operate on file descriptors Server - Quick view socket() bind() listen() accept() send(), recv() close()
32 bits. source port # dest port # sequence number acknowledgement number not used. checksum. Options (variable length)
Chapter 3 outline 3.1 Transport-layer services 3.2 Multiplexing and demultiplexing 3.3 Connectionless transport: UDP 3.4 Principles of reliable data transfer 3.5 Connectionoriented transport: TCP segment
SOCKET PROGRAMMING. What is a socket? Using sockets Types (Protocols) Associated functions Styles
LABORATORY SOCKET PROGRAMMING What is a socket? Using sockets Types (Protocols) Associated functions Styles 2 WHAT IS A SOCKET? An interface between application and network The application creates a socket
Programming Internet with Socket API. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
Programming Internet with Socket API Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 10/19/2015 CSCI 445 - Fall 2015 1 Acknowledgements Some pictures
TCP/IP ARCHITECTURE, DESIGN, AND IMPLEMENTATION IN LINUX
TCP/IP ARCHITECTURE, DESIGN, AND IMPLEMENTATION IN LINUX Press Operating Committee Chair Linda Shafer former Director, Software Quality Institute The University of Texas at Austin Editor-in-Chief Alan
TCP/IP ARCHITECTURE, DESIGN, AND IMPLEMENTATION IN LINUX
TCP/IP ARCHITECTURE, DESIGN, AND IMPLEMENTATION IN LINUX Sameer Seth M. Ajaykumar Venkatesulu A JOHN WILEY & SONS, INC., PUBLICATION TCP/IP ARCHITECTURE, DESIGN, AND IMPLEMENTATION IN LINUX Press Operating
Shaping the Linux kernel MPTCP implementation towards upstream acceptance
Shaping the Linux kernel MPTCP implementation towards upstream acceptance Doru-Cristian Gucea Octavian Purdila Agenda MPTCP in a nutshell Use-cases Basics Initial Linux kernel implementation Implementation
Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1
Transport Layer Gursharan Singh Tatla mailme@gursharansingh.in Upendra Sharma 1 Introduction The transport layer is the fourth layer from the bottom in the OSI reference model. It is responsible for message
Tutorial on Socket Programming
Tutorial on Socket Programming Computer Networks - CSC 458 Department of Computer Science Hao Wang (Slides are mainly from Seyed Hossein Mortazavi, Monia Ghobadi, and Amin Tootoonchian, ) 1 Outline Client-server
Redesde Computadores(RCOMP)
Redesde Computadores(RCOMP) Theoretical-Practical (TP) Lesson 06 2016/2017 Berkeley sockets API, C and Java. Address families and address storing. Basic functions/methods for UDP applications. UDP client
Linux Networking: tcp. TCP context and interfaces
Linux Networking: tcp David Morgan TCP context and interfaces Computer A Computer B application process application process data data data data TCP process TCP process a network 1 TCP purposes and features
Chapter III: Transport Layer
Chapter III: Transport Layer UG3 Computer Communications & Networks (COMN) Mahesh Marina mahesh@ed.ac.uk Slides thanks to Myungjin Lee and copyright of Kurose and Ross TCP: Overview RFCs: 793,1122,1323,
Transport Layer. Application / Transport Interface. Transport Layer Services. Transport Layer Connections
Application / Transport Interface Application requests service from transport layer Transport Layer Application Layer Prepare Transport service requirements Data for transport Local endpoint node address
COMP 431 Internet Services & Protocols. Transport Layer Protocols & Services Outline. The Transport Layer Reliable data delivery & flow control in TCP
COMP 431 Internet Services & Protocols Transport Layer Protocols & Services Outline The Transport Layer Reliable data delivery & flow control in TCP Jasleen Kaur Fundamental transport layer services» Multiplexing/Demultiplexing»
CS419: Computer Networks. Lecture 10, Part 2: Apr 11, 2005 Transport: TCP mechanics (RFCs: 793, 1122, 1323, 2018, 2581)
: Computer Networks Lecture 10, Part 2: Apr 11, 2005 Transport: TCP mechanics (RFCs: 793, 1122, 1323, 2018, 2581) TCP as seen from above the socket The TCP socket interface consists of: Commands to start
P a g e i. Project Report on TCP over SoNIC. Project Report. TCP over SoNIC. Group Members. Abhishek Kumar Maurya
P a g e i Project Report TCP over SoNIC Group Members Name Abhishek Kumar Maurya Amarinder Singh Bindra Gaurav Aggarwal Email ID am2633@cornell.edu ab2546@cornell.edu ga286@cornell.edu P a g e ii Table
Sockets 15H2. Inshik Song
Sockets 15H2 Inshik Song Internet CAU www server (www.cau.ac.kr) Your web browser (Internet Explorer/Safari) Sockets 2 How do we find the server? Every computer on the Internet has an Internet address.
Outline. TCP: Overview RFCs: 793, 1122, 1323, 2018, Development of reliable protocol Sliding window protocols
Outline Development of reliable protocol Sliding window protocols Go-Back-N, Selective Repeat Protocol performance Sockets, UDP, TCP, and IP UDP operation TCP operation connection management flow control
MPTCP: Design and Deployment. Day 11
MPTCP: Design and Deployment Day 11 Use of Multipath TCP in ios 7 Multipath TCP in ios 7 Primary TCP connection over WiFi Backup TCP connection over cellular data Enables fail-over Improves performance
The Transport Layer: TCP & Reliable Data Transfer
The Transport Layer: TCP & Reliable Data Transfer Smith College, CSC 249 February 15, 2018 1 Chapter 3: Transport Layer q TCP Transport layer services: v Multiplexing/demultiplexing v Connection management
Chapter 3 Transport Layer
Chapter 3 Transport Layer Part b Connection-Oriented Transport Transport Layer 3-1 Chapter 3 outline 3.1 transport-layer services 3.2 multiplexing and demultiplexing 3.3 connectionless transport: UDP 3.4
Chapter 3 Transport Layer
Chapter 3 Transport Layer A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations;
The Transport Layer: Review
The Transport Layer: Reiew Smith College, CSC 249 February 22, 2018 1 TCP Congestion Control 1. How does a sender sense congestion? Loss eent timeout s. 3 duplicate ACKs 2. How does a sender determine
10 minutes survey (anonymous)
10 minutes survey (anonymous) v Comments/Suggestions to my lecture/lab/ homework/exam v If you like this course, which part do you like? v If you don t like it, which part do you not like? Thanks! Transport
Chapter 6. The Transport Layer. Transport Layer 3-1
Chapter 6 The Transport Layer Transport Layer 3-1 Transport services and protocols provide logical communication between app processes running on different hosts transport protocols run in end systems
Outline. TCP: Overview RFCs: 793, 1122, 1323, 2018, steam: r Development of reliable protocol r Sliding window protocols
Outline r Development of reliable protocol r Sliding window protocols m Go-Back-N, Selective Repeat r Protocol performance r Sockets, UDP, TCP, and IP r UDP operation r TCP operation m connection management
CSE/EE 461 Lecture 14. Connections. Last Time. This Time. We began on the Transport layer. Focus How do we send information reliably?
CSE/EE 461 Lecture 14 Connections Last Time We began on the Transport layer Focus How do we send information reliably? Topics ARQ and sliding windows Application Presentation Session Transport Network
Dan Boneh, John Mitchell, Dawn Song. Denial of Service
Dan Boneh, John Mitchell, Dawn Song Denial of Service What is network DoS? Goal: take out a large site with little computing work How: Amplification Small number of packets big effect Two types of amplification
The Transport Layer Reliable data delivery & flow control in TCP. Transport Layer Protocols & Services Outline
CPSC 360 Network Programming The Transport Layer Reliable data delivery & flow control in TCP Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu http://www.cs.clemson.edu/~mweigle/courses/cpsc360
TCP (Part 2) Session 10 INST 346 Technologies, Infrastructure and Architecture
TCP (Part 2) Session 10 INST 346 Technologies, Infrastructure and Architecture Muddiest Points Reading pseudocode Reading finite state diagrams What parts of rdt are in TCP? Goals for Today Finish up TCP
SA30228 / CVE
Generated by Secunia 29 May, 2008 5 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 4 Characteristics 4 Tested Versions 5 Fixed Versions 5 References 5 Generated by Secunia 29 May,
Using Raw Sockets basic package
Using Raw Sockets basic package P. Bakowski bako@ieee.org MyPackage: : constants & structures /* mypackage.h */ #include #include #include #include
TCP s Congestion Control Implementation in Linux Kernel
TCP s Congestion Control Implementation in Linux Kernel Somaya Arianfar Aalto University Somaya.Arianfar@aalto.fi ABSTRACT Linux kernel implements different functionalities related to the network stack.
Chapter 3- parte B outline
Chapter 3- parte B outline 3.1 transport-layer services 3.2 multiplexing and demultiplexing 3.3 connectionless transport: UDP 3.4 principles of reliable data transfer 3.5 connection-oriented transport:
Lecture 11: Transport Layer Reliable Data Transfer and TCP
Lecture 11: Transport Layer Reliable Data Transfer and TCP COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition: 1996-2016,
Sliding Window Protocols, Connection Management, and TCP Reliability
1 Sliding Window Protocols, Connection Management, and TCP Reliability 2 Outline Review Sliding window protocols Go-back-n Selective repeat Connection management for reliability TCP reliability Overview
Packet Header Formats
A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used
Oral. Total. Dated Sign (2) (5) (3) (2)
R N Oral Total Dated Sign (2) (5) (3) (2) Assignment Group- A_07 Problem Definition Write a program using TCP socket for wired network for following Say Hello to Each other ( For all students) File transfer
CSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Transport Layer Connection Oriented Transport: TCP Sec 3.5 Prof. Lina Battestilli Fall 2017 Transport Layer Chapter 3 Outline 3.1 Transport-layer Services
Operating Systems. 17. Sockets. Paul Krzyzanowski. Rutgers University. Spring /6/ Paul Krzyzanowski
Operating Systems 17. Sockets Paul Krzyzanowski Rutgers University Spring 2015 1 Sockets Dominant API for transport layer connectivity Created at UC Berkeley for 4.2BSD Unix (1983) Design goals Communication
The Transport Layer Reliable data delivery & flow control in TCP. Transport Layer Protocols & Services Outline
CPSC 852 Internetworking The Transport Layer Reliable data delivery & flow control in TCP Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu http://www.cs.clemson.edu/~mweigle/courses/cpsc852
University of Texas at Arlington. CSE Spring 2018 Operating Systems Project 4a - The /Proc File Systems and mmap. Instructor: Jia Rao
University of Texas at Arlington CSE 3320 - Spring 2018 Operating Systems Project 4a - The /Proc File Systems and mmap Instructor: Jia Rao Introduction Points Possible: 100 Handed out: Apr. 20, 2018 Due
Master thesis: A Linux implementation of MulTFRC
Master thesis: A Linux implementation of MulTFRC Adrian Jørgensen Master s Thesis Spring 2014 Master thesis: A Linux implementation of MulTFRC Adrian Jørgensen 19th May 2014 ii Abstract The use of multimedia
CS 43: Computer Networks. 19: TCP Flow and Congestion Control October 31, Nov 2, 2018
CS 43: Computer Networks 19: TCP Flow and Congestion Control October 31, Nov 2, 2018 Five-layer Internet Model Application: the application (e.g., the Web, Email) Transport: end-to-end connections, reliability
CS 4390 Computer Networks. Pointers to Corresponding Section of Textbook
CS 4390 Computer Networks UT D application transport network data link physical Session 10 Transmission Control Protocol (TCP) An Overview Adapted from Computer Networking a Top-Down Approach 1996-2012
TCP : Fundamentals of Computer Networks Bill Nace
TCP 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia Lab #1 due now! Reminder: Paper Review
TSIN02 - Internetworking
Lecture 4: Transport Layer Literature: Forouzan: ch 11-12 2004 Image Coding Group, Linköpings Universitet Lecture 4: Outline Transport layer responsibilities UDP TCP 2 Transport layer in OSI model Figure
Socket Programming. What is a socket? Using sockets. Types (Protocols) Associated functions Styles
Socket Programming What is a socket? Using sockets Types (Protocols) Associated functions Styles We will look at using sockets in C Note: Java and C# sockets are conceptually quite similar 1 What is a
STUDY OF SOCKET PROGRAMMING
STUDY OF SOCKET PROGRAMMING Sockets : An application programming interface(api) used for inter process communication. Sockets allow communication between two different processes on the same or different
What s an API? Do we need standardization?
Network Interface z The network protocol stack is a part of the OS z Need an API to interface applications to the protocol stack. What s an API? Do we need standardization? z The socket interface is the
Transport Layer: outline
Transport Layer: outline Transport-layer services Multiplexing and demultiplexing Connectionless transport: UDP Principles of reliable data transfer Connection-oriented transport: TCP Segment structure
Transport Protocols. Raj Jain. Washington University in St. Louis
Transport Protocols Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 16-1 Overview q TCP q Key features
UNIT IV- SOCKETS Part A
1. Define sockets - SOCKETS Part A A socket is a construct to provide a communication between computers. It hides the underlying networking concepts and provides us with an interface to communicate between
Network Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 17/18 Prof. Dr.-Ing. Georg Carle Dr. Heiko Niedermayer Quirin Scheitle
Important From Last Time
Important From Last Time Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C programs that mean nothing
Page 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right?
Important From Last Time Today Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Inline assembly Advanced C What C programs mean How to create C programs that mean nothing
Lecture 3: The Transport Layer: UDP and TCP
Lecture 3: The Transport Layer: UDP and TCP Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4395 3-1 The Transport Layer Provides efficient and robust end-to-end
CSCE 463/612 Networks and Distributed Processing Spring 2017
CSCE 463/612 Networks and Distributed Processing Spring 2017 Transport Layer IV Dmitri Loguinov Texas A&M University March 9, 2017 Original slides copyright 1996-2004 J.F Kurose and K.W. Ross 1 Chapter
COMP/ELEC 429/556 Introduction to Computer Networks
COMP/ELEC 429/556 Introduction to Computer Networks The TCP Protocol Some slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at cs.rice.edu
Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense
FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall