❶ linux内核af_netlink.c中函数netlink_rcv_skb()的用法
google出来的,这个网址应该对你有用...是解释这个函数的...
http://osvdb.org/show/osvdb/22386
The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.
大概说,这个函数可以允许local user发出一个拒绝服务,此时nlmsg字段为0.
具体我也不清楚什么是local user,nlmsg又是哪个结构体里的字段...内核的网络部分还没看...
❷ 如何用netlink接口读取内核路由表
获取内核路由表以及操作内核路由表有几种方法:读proc 或者用ioctl(sock_fd, SIOCADDRT, &rt),这里的第二个参数是设置路由表,读也有相应的参数,还有第三种方法就是用netlink接口对内核路由表进行读取、增加、删除操作
如linaxing(牛牛)所说,以前是用IOCTL,不过那个读出的和netlink的有点差别,是信息量有差别.具体我也说不清楚,可查看相关maillist,那个牛人也就说了一句话
下面给出偶自己读内核路由表的一个程序,仿照zebra的用法
不过,最后读出的内容有点问题,好像还得转换一下,实在写不动了,欢迎批评!
#include <stdio.h>
#include <string.h>
#include <asm/types.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
//#include <sys/types.h>
//#include <linux/uio.h>
#include <errno.h>
#ifdef SEQ
struct rtnl_handle
{
unsigned int seq;
}
#endif
static void parse_rtattr(struct rtattr **tb, int max,
struct rtattr *rta, int len)
{
while(RTA_OK(rta, len))
{
if(rta-> rta_type <= max)
tb[rta-> rta_type] = rta;
rta = RTA_NEXT(rta, len);
}
}
int routeprint( struct sockaddr_nl *snl, struct nlmsghdr *h2)
{
#if 1
struct rtmsg *rtm;
struct rtattr *tb[RTA_MAX + 1];
int len;
int index;
int table;
void* dest;
void* gate;
char dest2[100];
rtm = NLMSG_DATA(h2);//get the data portion of "h2 "
index = 0;
dest = NULL;
gate = NULL;
table = rtm-> rtm_table;
len = h2-> nlmsg_len - NLMSG_LENGTH(sizeof(struct rtmsg));
memset(tb, 0, sizeof tb);
parse_rtattr(tb, RTA_MAX, RTM_RTA(rtm), len);
if(tb[RTA_OIF])
index = *(int *)RTA_DATA(tb[RTA_OIF]);
if(tb[RTA_DST]){
dest = RTA_DATA(tb[RTA_DST]);
// printf( "debug dest\n ");
}
else dest = 0;
#if 1
if(tb[RTA_METRICS]){
gate = RTA_DATA(tb[RTA_METRICS]);
}
#else
if(tb[RTA_GATEWAY]){
gate = RTA_DATA(tb[RTA_GATEWAY]);
//iprintf( "debug gate\n ");
}
#endif
printf( "family:%d\t ",rtm-> rtm_family);
printf( "index: %d\t ", index);
// memcpy(dest2, dest, 4);
printf( "dest: %d\t ", dest);
// printf( "dest: %c\t ", dest2[1]);
// printf( "dest: %c\t ", dest2[2]);
// printf( "dest: %c\t ", dest2[3]);
printf( "gate: %d\n ", gate);
#endif
return 1;
}
#ifdef SEQ
int getroute(int sockfd,struct rtnl_handle *rtnl)
#else
int getroute(int sockfd)
#endif
{
int i;
int status, sendsize;
unsigned char buf[8192];
struct iovec iov = {(void*)buf, sizeof(buf)};
struct sockaddr_nl nladdr;
struct nlmsghdr *h;
struct
{
struct nlmsghdr nlh;
struct rtgenmsg g;
}req;
struct msghdr msg = { (void*)&nladdr, sizeof(nladdr),
&iov, 1, NULL, 0, 0};
nladdr.nl_family = AF_NETLINK;
req.nlh.nlmsg_len = sizeof(req);
req.nlh.nlmsg_type = RTM_GETROUTE; //增加或删除内核路由表相应改成RTM_ADDROUTE和RTM_DELROUTE
req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;
req.nlh.nlmsg_pid = 0;
#ifdef SEQ
req.nlh.nlmsg_seq = ++rtnl-> seq;//may be 0?
#else
//int i;
//if (i > 4096) i = 1;
req.nlh.nlmsg_seq = 1;
#endif
req.g.rtgen_family = AF_INET;
printf( "sockfd: %d\n ", sockfd);
if((sendsize=sendto(sockfd, (void*)&req, sizeof(req), 0,
(struct sockaddr*)&nladdr, sizeof(nladdr))) < 0){
perror( "sendto ");
return -1;
}
printf( "sendsize= %d\n ",sendsize);
if((status=recvmsg(sockfd, &msg, 0)) < 0){
perror( "recvmsg ");
return -1;
}
printf( "status= %d\n ",status);
#if 1 //segmentation fault
for(h = (struct nlmsghdr*)buf; NLMSG_OK(h, status);
h = NLMSG_NEXT(h, status))
{
if(h-> nlmsg_type == NLMSG_DONE)
{
printf( "finish reading\n ");
return 1;
}
if(h-> nlmsg_type == NLMSG_ERROR)
{
printf( "h:nlmsg ERROR ");
return 1;
}
routeprint(&nladdr, h);
}
#endif
// printf( "Can 't convert 'h '\n ");
// routeprint(h);
return 1;
}
int main()
{
int sockfd;
#ifdef SEQ
struct rtnl_handle rth;
#endif
struct sockaddr_nl nladdr;
if((sockfd = socket(AF_NETLINK, SOCK_RAW,
NETLINK_ROUTE)) <0){
perror( "netlink socket ");
return -1;
}
nladdr.nl_family = AF_NETLINK;
nladdr.nl_pad = 0;
nladdr.nl_pid = 0;
nladdr.nl_groups = RTMGRP_LINK|RTMGRP_IPV4_ROUTE|
RTMGRP_IPV4_IFADDR;
if(bind(sockfd, (struct sockaddr*)&nladdr,
sizeof(nladdr)) < 0){
perror( "bind ");
close(sockfd);
return -1;
}
#ifdef SEQ
if(getroute(sockfd, &rth) < 0){
#else
if(getroute(sockfd) < 0){
#endif
perror( "can 't get route\n ");
return -1;
}
return 1;
}