I’m trying to implement a netfilter module and in process of debugging TCP packets, I found out that the payload part was missing in skb->data
. I believe it might have something to do with the data being paged.
for(int i = 0; i < skb->len; i++) {
printk(KERN_CONT "%02x\t", skb->data[i]);
}
To present the example I sent "hello world" through the tcp connection, and below is the packet containing this payload, which is last 12 bytes.
skb->data_len = 12
skb->len = 64
Sample packet captured in wireshark:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00
0010 00 40 71 33 40 00 40 06 cb 82 7f 00 00 01 7f 00
0020 00 01 d8 7c 0d 05 c9 1c 57 6f e0 ad a7 51 80 18
0030 02 00 fe 34 00 00 01 01 08 0a 86 63 f5 54 86 62
0040 bb c8 68 65 6c 6c 6f 20 77 6f 72 6c 64 0a
dmesg in hexdump format:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00
0010 00 40 71 33 40 00 40 06 cb 82 7f 00 00 01 7f 00
0020 00 01 d8 7c 0d 05 c9 1c 57 6f e0 ad a7 51 80 18
0030 02 00 fe 34 00 00 01 01 08 0a 86 63 f5 54 86 62
0040 bb c8 00 00 00 00 00 00 00 00 00 00 00 00
Where do i look for the "missing" payload?
You need to sign in to view this answers
Leave feedback about this