How to print packet info of a specific IP address in netfilter using C?
I'm using this code to print some packet info about "all" received and sent packets from all IP addresses. How do I only print packet info of a specific IP address?
this is part of the code:
{
struct ethhdr *eth;
struct iphdr *ip_header;
eth = (struct ethhdr*)skb_mac_header(skb);
ip_header = (struct iphdr *)skb_network_header(skb);
if (HOST_IP_ADDR == ip_header->saddr)
return NF_ACCEPT;
printk("NF_IP_LOCAL_IN hook:n");
printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest);
printk("src IP addr:=%pI4n", &ip_header->saddr);
return NF_ACCEPT;
}
c hook netfilter
add a comment |
I'm using this code to print some packet info about "all" received and sent packets from all IP addresses. How do I only print packet info of a specific IP address?
this is part of the code:
{
struct ethhdr *eth;
struct iphdr *ip_header;
eth = (struct ethhdr*)skb_mac_header(skb);
ip_header = (struct iphdr *)skb_network_header(skb);
if (HOST_IP_ADDR == ip_header->saddr)
return NF_ACCEPT;
printk("NF_IP_LOCAL_IN hook:n");
printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest);
printk("src IP addr:=%pI4n", &ip_header->saddr);
return NF_ACCEPT;
}
c hook netfilter
1
Something along the line ofif (the ip address == the ip address you want) {print the stuff}
?
– immibis
Nov 20 '18 at 4:47
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.
– immibis
Nov 20 '18 at 20:44
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38
add a comment |
I'm using this code to print some packet info about "all" received and sent packets from all IP addresses. How do I only print packet info of a specific IP address?
this is part of the code:
{
struct ethhdr *eth;
struct iphdr *ip_header;
eth = (struct ethhdr*)skb_mac_header(skb);
ip_header = (struct iphdr *)skb_network_header(skb);
if (HOST_IP_ADDR == ip_header->saddr)
return NF_ACCEPT;
printk("NF_IP_LOCAL_IN hook:n");
printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest);
printk("src IP addr:=%pI4n", &ip_header->saddr);
return NF_ACCEPT;
}
c hook netfilter
I'm using this code to print some packet info about "all" received and sent packets from all IP addresses. How do I only print packet info of a specific IP address?
this is part of the code:
{
struct ethhdr *eth;
struct iphdr *ip_header;
eth = (struct ethhdr*)skb_mac_header(skb);
ip_header = (struct iphdr *)skb_network_header(skb);
if (HOST_IP_ADDR == ip_header->saddr)
return NF_ACCEPT;
printk("NF_IP_LOCAL_IN hook:n");
printk("src mac %pM, dst mac %pMn", eth->h_source, eth->h_dest);
printk("src IP addr:=%pI4n", &ip_header->saddr);
return NF_ACCEPT;
}
c hook netfilter
c hook netfilter
asked Nov 20 '18 at 4:22
Xi NXi N
154
154
1
Something along the line ofif (the ip address == the ip address you want) {print the stuff}
?
– immibis
Nov 20 '18 at 4:47
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.
– immibis
Nov 20 '18 at 20:44
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38
add a comment |
1
Something along the line ofif (the ip address == the ip address you want) {print the stuff}
?
– immibis
Nov 20 '18 at 4:47
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.
– immibis
Nov 20 '18 at 20:44
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38
1
1
Something along the line of
if (the ip address == the ip address you want) {print the stuff}
?– immibis
Nov 20 '18 at 4:47
Something along the line of
if (the ip address == the ip address you want) {print the stuff}
?– immibis
Nov 20 '18 at 4:47
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.– immibis
Nov 20 '18 at 20:44
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.– immibis
Nov 20 '18 at 20:44
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386177%2fhow-to-print-packet-info-of-a-specific-ip-address-in-netfilter-using-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386177%2fhow-to-print-packet-info-of-a-specific-ip-address-in-netfilter-using-c%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Something along the line of
if (the ip address == the ip address you want) {print the stuff}
?– immibis
Nov 20 '18 at 4:47
I tried this option and also I used strcmp, both of them gives errors.
– Xi N
Nov 20 '18 at 12:39
if (HOST_IP_ADDR == ip_header->saddr)
looks like an IP address comparison to me. So you know how to compare IP addresses.– immibis
Nov 20 '18 at 20:44
I would like to capture packet info for specific address, my VM has around 10 IP. I assign those IPs statically and I need a way to compare
– Xi N
Nov 21 '18 at 1:38