我已经编写了这个内核模块,每次加载它时,它都会使整个系统崩溃(甚至我的键盘 LED 开始闪烁)
这是我正在做的代码:
/*
Coder: Adel *. ******
Creation Date: April/5th/2012
Last Modification Date: April/6th/2012
Purpose: A module to test capturing traffic and just letting it go after knowing if it's an ICMP traffic or not
Notes: This modules has always been crashing the kernel I am running it on(it shouldn't), my kernel is 2.6.32-33 (Note by Adel)
*/
#include <linux/module.h> /* Needed by all modules */
#include <linux/kernel.h> /* Needed for KERN_INFO */
#include <linux/init.h> /* Needed for the macros */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/skbuff.h> /* For the sk_buff struct, which is the struct that contains EVERYTHING in a network packet */
#include <linux/ip.h> /* For IP header */
#include <linux/icmp.h> /* For ICMP Header */
#include <linux/in.h> /* For the IPPROTO_ICMP enum */
/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;
/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;
struct iphdr* iph;
struct icmphdr *icmph;
iph = ip_hdr(sb);
if(sb == NULL)
return NF_ACCEPT;
if(iph != NULL){
printk(KERN_DEBUG"IP header is not null\n");
if(iph->protocol == IPPROTO_ICMP){
icmph = icmp_hdr(sb);
if(icmph != NULL){
printk(KERN_DEBUG"ICMP header is not null\n");
return NF_ACCEPT;
}/* If ICMP not null */
return NF_ACCEPT;
}/* if IPPROTO_ICMP */
return NF_ACCEPT;
}
return NF_DROP;/* The packet is NULL */
}
static int __init hello_start(void)
{
printk(KERN_INFO "Loading Test module...\n");
printk(KERN_ALERT "Hello world\n");
/* Fill in our hook structure */
nfho.hook = hook_func; /* Handler function */
nfho.hooknum = NF_INET_POST_ROUTING; /* POST_ROUTING Traffic before it hits the wire */
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; /* Make our function first */
nf_register_hook(&nfho);
return 0;
}
static void __exit hello_end(void)
{
nf_unregister_hook(&nfho);
printk(KERN_ALERT "Goodbye Mr.\n");
}
module_init(hello_start);
module_exit(hello_end);
如您所见,我在流量进入 NIC 之前捕获流量(对吗?),检查它是否是 ICMP 并打印,仅此而已。
这里可能有什么错误?
请注意,我在 Ubuntu 10.04 LTS 和内核 2.6.32-33 上运行此代码
这是我在崩溃发生时看到的内核日志文件的一部分
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350142] Modules linked in: myModule(P) hid_a4tech binfmt_misc rfcomm ppdev sco bridge stp bnep l2cap joydev fbcon tileblit font bitblit softcursor vga16fb vgastate snd_hda_codec_realtek pcmcia snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi arc4 snd_rawmidi snd_seq_midi_event snd_seq radeon iwlagn snd_timer iwlcore ttm drm_kms_helper snd_seq_device tifm_7xx1 yenta_socket mac80211 led_class psmouse uvcvideo sony_laptop btusb bluetooth tifm_core rsrc_nonstatic videodev v4l1_compat v4l2_compat_ioctl32 snd video output pcmcia_core serio_raw cfg80211 intel_agp drm i2c_algo_bit soundcore snd_page_alloc lp parport usbhid hid ohci1394 ieee1394 r8169 mii [last unloaded: myModule]
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350193] Pid: 1545, comm: clock-applet Tainted: P M D 2.6.32-33-generic #70-Ubuntu VGN-CR31Z_R
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350196] RIP: 0010:[<ffffffffa045a00c>] [<ffffffffa045a00c>] hook_func+0xc/0x38 [myModule]
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350200] RSP: 0018:ffff88012ab87a88 EFLAGS: 00010246
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350202] RAX: ffffffffa045a360 RBX: ffff88012ab87b10 RCX: ffff88012c5c0000
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350203] RDX: 0000000000000000 RSI: ffff880138c4bee8 RDI: 0000000000000003
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350205] RBP: ffff88012ab87a88 R08: ffffffff81491b20 R09: ffff88012ab87b10
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350207] R10: 0000000000000000 R11: 0000000000000003 R12: 0000000080000000
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350209] R13: ffffffff81831070 R14: ffff880138c4bee8 R15: 0000000000000003
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350212] FS: 00007f81d59b5800(0000) GS:ffff880028300000(0000) knlGS:0000000000000000
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350214] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350216] CR2: 00000000000000c0 CR3: 000000012c25f000 CR4: 00000000000006e0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350218] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350220] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350222] Process clock-applet (pid: 1545, threadinfo ffff88012ab86000, task ffff88012c4a0000)
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350226] ffff88012ab87ad8 ffffffff81486f1c ffff88012c5c0000 0000000000000000
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350229] <0> ffff88012ab87ac8 ffffffff81491b20 0000000000000003 ffff880138c4bee8
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350233] <0> 0000000000000000 ffff88012c5c0000 ffff88012ab87b48 ffffffff81486fd4
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350243] [<ffffffff81486f1c>] nf_iterate+0x6c/0xb0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350247] [<ffffffff81491b20>] ? dst_output+0x0/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350250] [<ffffffff81486fd4>] nf_hook_slow+0x74/0x100
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350253] [<ffffffff81491b20>] ? dst_output+0x0/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350256] [<ffffffff81493c3f>] __ip_local_out+0x9f/0xb0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350258] [<ffffffff81493c66>] ip_local_out+0x16/0x30
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350261] [<ffffffff814944a0>] ip_queue_xmit+0x190/0x410
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350266] [<ffffffff8105ccc2>] ? default_wake_function+0x12/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350269] [<ffffffff8105ccb0>] ? default_wake_function+0x0/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350271] [<ffffffff8105cb2b>] ? try_to_wake_up+0x2fb/0x480
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350276] [<ffffffff815418fe>] ? _spin_lock+0xe/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350280] [<ffffffff814a8fb1>] tcp_transmit_skb+0x3f1/0x790
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350283] [<ffffffff814ab8a3>] tcp_write_xmit+0x1d3/0x4b0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350286] [<ffffffff814abd10>] __tcp_push_pending_frames+0x30/0xa0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350289] [<ffffffff814abdf2>] tcp_send_fin+0x72/0x1d0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350292] [<ffffffff8149d276>] tcp_close+0x2e6/0x460
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350295] [<ffffffff814bf517>] inet_release+0x47/0x70
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350301] [<ffffffff8144ee29>] sock_release+0x29/0x90
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350304] [<ffffffff8144eea7>] sock_close+0x17/0x30
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350310] [<ffffffff81145b15>] __fput+0xf5/0x210
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350313] [<ffffffff81145c55>] fput+0x25/0x30
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350316] [<ffffffff81141d7d>] filp_close+0x5d/0x90
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350320] [<ffffffff810685ef>] put_files_struct+0x7f/0xf0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350323] [<ffffffff810686b4>] exit_files+0x54/0x70
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350326] [<ffffffff8106ac1b>] do_exit+0x15b/0x390
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350329] [<ffffffff8106aea5>] do_group_exit+0x55/0xd0
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350332] [<ffffffff8106af37>] sys_exit_group+0x17/0x20
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350336] [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350356] RSP <ffff88012ab87a88>
Apr 5 23:21:27 DHS-CYB1022 kernel: [ 2754.350360] ---[ end trace ee59092f1ae9cbf0 ]---
Apr 5 23:21:37 DHS-CYB1022 kernel: Kernel logging (proc) stopped.
编辑:请大家原谅我的无知并纠正我如果我提到了一些错误,我对此几乎完全陌生。