I'm using Netfilter (and next, add Netfilter_queue to send frames to the user-space app.) when I'm using the Netfilter hook with these values:
nfho.hook = hfunc;
nfho.hooknum = NF_NETDEV_INGRESS; // works for NF_INET_EGRESS;
nfho.pf = NFPROTO_NETDEV;// I tried this too: NFPROTO_INET; and others.
nfho.priority = NF_IP_PRI_FIRST;
nfho.dev = dev_get_by_name(&init_net,"eth0");
when using ingress hooks, the skb->data points to the packet payload only, so I can see only the IP4/6/ Layer3 data etc (the skb->data doesn't point to the frame, which includes the src_mac dst_mac eth_type), but when changing to egress I can see the whole frame ( with the dmac-smac-ethType ). when using ingress the skb-> data points to the packet payload only, so I can see only the IP4 data etc (the skb doesn't point to the frame, which includes the mac etc'), but when changing to egress I can see the ETH header and the while frame.
I know I can get the eth type and MACs from the eth_header function, but my purpose is to send the packet to the user space and the packet uses only the layer3 data, but I want the payload include the frame too.
so my question is this: when using Netfilter ingress hook, does the Netfilter or any other kernel process, change the skb->data from pointing to the frame(L2) to point to the packet(L3)?
I'm not using xdp, because I want to use libnetfilter_queue next.
**THANK YOU FOR ANY HELP! THANK YOU FOR ANY HELP! **
my full code:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <uapi/linux/netfilter_ipv4.h>
#include <linux/netfilter_bridge.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/ip.h>
#include <linux/if_ether.h>
#include <linux/netdevice.h>
static struct nf_hook_ops nfho; // Netfilter hook option struct
static void print_hex_dump(const char *prefix, const u8 *data, size_t len) {
int i;
printk(KERN_INFO "%s with len=%lu\n", prefix, len);
for (i = 0; i < len; i++) {
printk(KERN_CONT "%02X ", data[i]);
if ((i + 1) % 16 == 0)
printk(KERN_CONT "\n");
}
printk(KERN_CONT "\n");
}
static unsigned int hook_func(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) {
print_hex_dump("skb->data, skb->data_len",skb->data, skb->data_len);
return NF_ACCEPT;
}
static int __init my_init_module(void) {
nfho.dev = dev_get_by_name(&init_net, "eno0");
nfho.hook = hook_func;
nfho.hooknum = NF_NETDEV_INGRESS;
nfho.pf = NFPROTO_NETDEV; //NFPROTO_UNSPEC; //PF_PACKET;
nfho.priority = NF_IP_PRI_FIRST;
nf_register_net_hook(&init_net, &nfho);
printk(KERN_INFO "Hello \n");
return 0;
}
static void __exit my_cleanup_module(void) {
nf_unregister_net_hook(&init_net, &nfho); // Cleanup – unregister hook
printk(KERN_INFO "BYE \n");
}
module_init(my_init_module);
module_exit(my_cleanup_module);
read all the netfilter docs. read all hooks docs, read about skb structs etc.