I'm intercepting recvfrom() so that I can make an IPS (Itrusion Prevention
System). What it does (or will do) is check all incoming packets against a
database (linked-list), and if it matches the database, disconnect the user
and discard the packet.
Here's what I have so far:
static int hacked_recvfrom(struct proc *p, struct recvfrom_args *uap)
{
int retval;
struct sockaddr_in client;
caddr_t orig = NULL;
int clisize;
if (uap->from != NULL) orig = uap->from;
uap->from = (caddr_t)&client;
retval = recvfrom(p, uap);
if (orig != NULL) copyout(&client, orig, sizeof(client));
if (orig != NULL) uap->from = orig;
else uap->from = NULL;
return retval;
}
// end of source snip
it doesn't work with non-TCP sockets (where uap->from == NULL), when I try to
ping google with the module loaded, I get:
-su-2.05b# ping google.com
ping: cannot resolve google.com: Host name lookup failure
Why doesn't this code work?
Thanks,
Shawn Webb
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
