I intend to develop a application that monitors the traffic on particular ports. For this I need to list all the sk_buff data of all the LIVE sk_buff’s in the system. How to do this ?
I have written the following code (basically a kernel module.)
include <linux/module.h> /* Needed by all modules */
#include <linux/kernel.h> /* Needed for KERN_INFO */
#include </usr/src/linux-headers-2.6.38-8-generic/include/linux/skbuff.h>
int init_module(void)
{
struct sk_buff *skb;
printk(KERN_INFO "SKB 1.\n");
return 0;
}
void cleanup_module(void)
{
printk(KERN_INFO "Done 1.\n");
}
But I dont know how I catch the sk)buff’s. I have simply declared a sk_buff instance .. thats all ..
Please help me to actually catch them live Sk_buff’s in the system.
EDIT
I have tried all the top google search results. They give a very good description of the sk_buff itself, but none of them actually show how to do what I am particularly interested in.
There is no standardized way. Newly created skbs are not put into any list by default that you could read (that is, when they come fresh out of
skb_alloc), therefore, there is no way to know all skbs are active from a random code point in the kernel, such as your module. You have at least two options though (both entail modifying core kernel code):As usual, the question: why?