Manoj Sati(deleted)
|
unable to mount packet filter LSM into io-pkt-v4-hc
|
Manoj Sati(deleted)
02/20/2014 2:23 AM
post108919
|
unable to mount packet filter LSM into io-pkt-v4-hc
Setup: QNX running on a VM (x86), Momentics IDE 4.7
intent: develop a packet filter that can let us inspect all in/out traffic and potentially reject some.
I have read the Packet Filtering chapter from the "Core Networking with io-pkt User's Guide for Neutrino 6.3.2 or later"
.pdf. I have taken the sample code provided in there and have written a LSM by creating a QNX C Project from Momentics
with Type set to "Shared library". There is only one source file with the entry point defined as:
struct _iopkt_lsm_entry IOPKT_LSM_ENTRY_SYM(pfil) =
IOPKT_LSM_ENTRY_SYM_INIT(pfil_entry);
int pfil_entry(void *dll_hdl, struct _iopkt_self *iopkt, char *options)
{
struct pfil_head *pfh_inet;
printf("in the entry point of the packet filter module\n");
// saw this is another posting on Foundry 27, but this did not work for me
//pfh_inet = pfil_head_get(PFIL_TYPE_IFT, IFT_ETHER);
pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
if (pfh_inet == NULL) {
printf("could not get pfil_head_get()\n");
return ENOENT;
}
int ret = 0;
ret = pfil_add_hook(input_hook, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
ret = pfil_add_hook(output_hook, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
pfh_inet = pfil_head_get(PFIL_TYPE_IFNET,0);
if (pfh_inet == NULL) {
return ESRCH;
}
pfil_add_hook(iface_hook, NULL, PFIL_IFNET, pfh_inet);
pfil_add_hook(ifacecfg_hook, NULL, PFIL_IFADDR, pfh_inet);
printf("Loaded pfil hooks - this time returning 1(one) from the hook function\n" );
return 0;
}
static int output_hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir)
{
out_bytes += (*m)->m_len;
return 1; // 0 means allow, 1 means block
}
functions input_hook(), iface_hook(), ifacecfg_hook(), deinit_module() omitted for brevity.
When I compile this, I get the following lines on the Console of the IDE:
make.exe[2]: Entering directory `C:/ide-4.7-workspace/SISIPSNetFilter/x86/so'
C:/QNX650/host/win32/x86/usr/bin/qcc -Vgcc_ntox86 -c -Wc,-Wall -O -DNDEBUG -I. -IC:/ide-4.7-workspace/
SISIPSNetFilter/x86/so -IC:/ide-4.7-workspace/SISIPSNetFilter/x86 -IC:/ide-4.7-workspace/SISIPSNetFilter -IC:/QNX650/
target/qnx6/usr/include/io-pkt -IC:/QNX650/target/qnx6/usr/include -shared -DVARIANT_so -DBUILDENV_qss C:/ide-4.7
-workspace/SISIPSNetFilter/SISIPSNetFilter.c
C:/QNX650/host/win32/x86/usr/bin/rm -f C:/ide-4.7-workspace/SISIPSNetFiler/x86/so/lsm-libSISIPSNetFilter.so
C:/QNX650/host/win32/x86/usr/bin/qcc -Vgcc_ntox86 -shared -Wl,-hlsm-libSISIPSNetFilter.so.1 -oC:/ide-4.7-workspace/
SISIPSNetFilter/x86/so/lsm-libSISIPSNetFilter.so SISIPSNetFilter.o -L . -L C:/QNX650/target/qnx6/x86/lib -L C:/
QNX650/target/qnx6/x86/usr/lib -Wl,--rpath-link . -Wl,--rpath-link C:/QNX650/target/qnx6/x86/lib -Wl,--rpath-link C:/
QNX650/target/qnx6/x86/usr/lib
C:/QNX650/host/win32/x86/usr/bin/rm -f C:/ide-4.7-workspace/SISIPSNetFilter/x86/so/lsm-libSISIPSNetFilterS.a
C:/QNX650/host/win32/x86/usr/bin/qcc -Vgcc_ntox86 -a C:/ide-4.7-workspace/SISIPSNetFiler/x86/so/lsm-libSISIPSNetFilterS
.a SISIPSNetFilter.o
C:\QNX650\host\win32\x86\usr\bin\ntox86-ar: creating C:/ide-4.7-workspace/SISIPSNetFilter/x86/so/lsm-libSISIPSNetFilterS
.a
make.exe[2]: Leaving directory `C:/ide-4.7-workspace/SISIPSNetFiler/x86/so'
Once the LSM is ready, I copy it to the QNX target, and attempt to mount it to the io-pkt* stack
# mount -v -T io-pkt lsm-libSISIPSNetFilter.so
Parsed: mount from [lsm-libSISIPSNetFilter.so] mount on [NULL] type [io-pkt]
mount: Can't mount / (type io-pkt)
mount: Possible reason: No such device or address
# mount -v -T io-pkt-v4-hc lsm-libSISIPSNetFilter.so
Parsed: mount from [lsm-libSISIPSNetFilter.so] mount on [NULL] type [io-pkt-v4-hc]
mount: Can't mount / (type io-pkt-v4-hc)
mount: Possible reason: Invalid argument
When I launch an instance of io-pkt-v4-hc as below:
/sbin/io-pkt-v4-hc...
View Full Message
|
|
|