Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Thu Dec 14, 2017 5:10 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 1 post ] 
Author Message
PostPosted: Thu Mar 31, 2016 1:31 pm 
Offline
Total Newbie

Joined: Thu Mar 31, 2016 1:22 pm
Posts: 1
I installed an iptables modules to match Modbus protocol, compilation runed well, I integreat the .ko module with commande insmod, and now when I type iptables -m modbus -h, I have the help for the protocol, so evry thing is good until now, but when I tried to execute an iptables filtre, it don't work:

Code:
aa@ubuntu:~$ sudo iptables -A INPUT -p tcp -m modbus --unitid  11
iptables: Invalid argument. Run `dmesg' for more information.
aa@ubuntu:~$ dmesg
[ 3692.909462] ip_tables: modbus match: invalid size 0 != 40


I think it's a problem in the match function of my code, I checked, but I couldn't figure the problem, I just verify the tcp header of my packet in the MATCH:

Code:
/* 
Triggers when a packet comes in matching the registeres
match
*/

static int match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const void *matchinfo,int offset,
      const void *hdr, u_int16_t datalen,
      int *hotdrop)
{

  const struct iphdr *iph;
  const struct tcphdr *tcph;
  u_int8_t tcplen;

  /* Examine the TCP header, which is 32 bytes after the IP
     header.  "hdr" points to just after IP header */
  const struct modbus_tcp *modbus;
  const struct ipt_modbus *modbusinfo = matchinfo;
  const struct modbus_data *data;

  iph = ip_hdr(skb);

  tcph = (void *)iph + iph->ihl*4;

  /* TCP header length caluculation*/
  tcplen = tcph->doff*4;

  /* Match our structure to the data part */
  modbus = hdr+tcplen;

  /* If length is less then the total of IP and TCP header, that
     should be part of three way handshake .. allow it */
  if (ntohs(iph->tot_len) == 20+tcplen) {
    if(modbusinfo->allow_tcp == 1)
      return 1;
    else
      return 0;
  }

  else
    {

  /* Return the "OR"s of all the parameters given.  If any
     of the given parameters is true, the whole thing is true */       

      return (func_code_check(modbusinfo->funccode_flags,(modbus->modbus_d).func_code, modbusinfo->func_code[0],modbusinfo->func_code[1], modbusinfo->invflags_funccode) || unitid_check(modbusinfo->unitid_flags,(modbus->modbus_d).unit_id, modbusinfo->unit_id,modbusinfo->invflags_unitid) || refnum_check(modbusinfo->refnum_flags,(modbus->modbus_d).ref_num, modbusinfo->ref_num,modbusinfo->invflags_refnum) || length_check(modbusinfo->length_flags,(modbus->modbus_h).length, modbusinfo->length[0],modbusinfo->length[1], modbusinfo->invflags_length));

    }
}


Any idea what may be the problems, i use iptables version v1.4.7 , and kernel 2.6.32-21-generic
this is a link to a version of the code on wich i have start modifing in case if you want make a look at the original code : https://github.com/stevenylai/ralink_sdk/blob/5d3729a93e1f722c658d29606347c35816cd0ec8/source/linux-2.4.x/net/ipv4/netfilter/ipt_modbus.c


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1 post ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited