** Is there anyone, can elicit me from these problems **
I am working on routing application on C. There I am facing memory issue regarding this C(bellow code snippet) application. I use NFQUEUE library for capturing packet & iptables
sometimes, it gives error like "can not access memory address at pointed to function parameter"
iptables -t filter -A FORWARD -j NFQUEUE --queue-num 0
GDB Trace
(gdb) bt 0x0804e68a in extractAppProtocolInfo (src=Cannot access memory at address 0xbf83d485 ) at base.h:286
0x817d738d in ?? ()
0xba9c151e in ?? ()
0xebdbcfd3 in ?? ()
0xc579ffc9 in ?? ()
0x448f356a in CurrentUser ()
0x7b48f76c in ?? ()
0x23361d71 in CurrentUser () . . .
or
0x0804e630 in extractAppProtocolInfo (src=0x0, macAddress=0x0, srcIpAddress=0x0, srcIpInt=0x0, destIpAddress=0x0, destIpInt=0x0, srcPort=0, destPort=0, l4Protocol=0, packetSize=0, appPayload=0x0, syncFlagBit=0, qId=0) at base.h:286
0xf78b736e in ?? ()
0x34728151 in CurrentUser ()
0x10414a0c in CurrentUser ()
0xc02f8d58 in ?? ()
0xf0272448 in ?? ()
0x2a90cafa in CurrentUser ()
0x045824e1 in ?? ()
0x6e051a02 in ?? ()
0x223832c4 in CurrentUser ()
0x5cb97229 in cirQueue ()
0xfbdde312 in ?? ()
0x6b213649 in ?? ()
0x44285109 in CurrentUser ()
0xcdfd7b4f in ?? ()
I have 6 header file & one .cpp file.
- definition.h // contains all global variable & function deceleration
#define QSIZE 500000
#define USER_NUMBER 3000
#define CURR_SESSION_SIZE 6000
#define QTHREAD_SIZE 1
typedef struct{
long key;
Session CurrentSession[QTHREAD_SIZE][CUR_SESSION_SIZE];
char macAddress[MAC_LEN];
char ipAddress[IP_LEN];
int cgwFailedCnt;
long sessionCnt[QTHREAD_SIZE];
bool redChain;
bool blockUser;
bool lock;
bool cgwDataGuard;
time_t lastUpdateTime;
int lIndx, rIndx;
}user;
locIp locIpChk[20];
allSharedValue sharedVal;
user CurrentUser[USER_NUMBER];
packetData cirQueue[QSIZE];
spoofing spoofedPkt[STACK_SIZE];
2. bwp.cpp // contains main() & callBack()
int callBack(struct nfq_q_handle *qHandler, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data) {
short qId, l3L4HeadersLen, syncFlagBit = -1, verdict = -1;
int srcIpInt[4], destIpInt[4], id, itr;
long pktSize = 0;
unsigned int srcPort, destPort;
char macAddress[MAC_LEN], srcIpAddress[IP_LEN], destIpAddress[IP_LEN], src[MSG_LEN];
unsigned char *srcAddress = NULL, *destAddress = NULL;
char *ipLayerData = NULL, *applicationLayerData = NULL;
struct nfqnl_msg_packet_hdr *phandler = NULL;
struct nfqnl_msg_packet_hw *hardwarePacketHeader = NULL;
static struct iphdr *ipLayerStructure = NULL;
static struct tcphdr *l4Structure = NULL;
memset(macAddress, 0, MAC_LEN);
memset(srcIpAddress, 0, IP_LEN);
memset(destIpAddress, 0, IP_LEN);
qId = *(short*)data;
SPRINTF(src, sizeof(src), "NFQUEUE_%d", qId);
phandler = nfq_get_msg_packet_hdr(nfa);
if (phandler) {
id = ntohl(phandler->packet_id);
if (!BWP_ENABLE && !CGW_ENABLE && !FIREWALL_ENABLE)
return nfq_set_verdict(qHandler, id, NF_ACCEPT, 0, NULL);
pktSize = nfq_get_payload(nfa, (unsigned char **)&ipLayerData);
ipLayerStructure = (struct iphdr *)ipLayerData;
hardwarePacketHeader = nfq_get_packet_hw(nfa);
if (hardwarePacketHeader)
SPRINTF(macAddress, sizeof(macAddress), "%02X:%02X:%02X:%02X:%02X:%02X", hardwarePacketHeader->hw_addr[0], hardwarePacketHeader->hw_addr[1], hardwarePacketHeader->hw_addr[2], hardwarePacketHeader->hw_addr[3], hardwarePacketHeader->hw_addr[4], hardwarePacketHeader->hw_addr[5]);
else
strcpy(macAddress, "NOT FOUND");
srcAddress = (unsigned char *)&ipLayerStructure->saddr;
destAddress = (unsigned char *)&ipLayerStructure->daddr;
SPRINTF(srcIpAddress, sizeof(srcIpAddress), "%d.%d.%d.%d", srcAddress[0], srcAddress[1], srcAddress[2], srcAddress[3]);
SPRINTF(destIpAddress, sizeof(destIpAddress), "%d.%d.%d.%d", destAddress[0], destAddress[1], destAddress[2], destAddress[3]);
srcIpInt[0] = srcAddress[0]; destIpInt[0] = destAddress[0]; srcIpInt[1] = srcAddress[1]; destIpInt[1] = destAddress[1];
srcIpInt[2] = srcAddress[2]; destIpInt[2] = destAddress[2]; srcIpInt[3] = srcAddress[3]; destIpInt[3] = destAddress[3];
l4Structure = (struct tcphdr *)(ipLayerData + sizeof(*ipLayerStructure));
srcPort = ntohs(l4Structure->source);
destPort = ntohs(l4Structure->dest);
if (ipLayerStructure->protocol == ICMP)
return nfq_set_verdict(qHandler, id, NF_ACCEPT, 0, NULL);
else if (ipLayerStructure->protocol == TCP){
l3L4HeadersLen = sizeof(*ipLayerStructure) + sizeof(*l4Structure);
syncFlagBit = ipLayerData[SYNC_BIT_POSITION];
}
else if (ipLayerStructure->protocol == UDP){
l3L4HeadersLen = sizeof(*ipLayerStructure) + UDP_HEADER_LENGTH * sizeof(char);
}
else
return nfq_set_verdict(qHandler, id, NF_ACCEPT, 0, NULL);
applicationLayerData = &ipLayerData[l3L4HeadersLen];
// logActivity(__FUNCTION__, src, E_DEBUG_MAJOR, "macAddress: %s, srcIp: %s, destIp: %s, srcPrt: %d, destPort: %d, l3Protocol: %d, pktSize: %ld, qId: %d ", macAddress, srcIpAddress, destIpAddress, srcPort, destPort, ipLayerStructure->protocol, pktSize, qId);
verdict = extractAppProtocolInfo(src, macAddress, srcIpAddress, srcIpInt, destIpAddress, destIpInt, srcPort, destPort, ipLayerStructure->protocol, l3L4HeadersLen, pktSize, applicationLayerData, syncFlagBit, qId);
if (verdict == ACCEPT_PKT)
return nfq_set_verdict(qHandler, id, NF_ACCEPT, 0, NULL);
else if (verdict == DROP_PKT)
return nfq_set_verdict(qHandler, id, NF_DROP, 0, NULL);
else if (verdict == SPOOF_PKT)
{
spoofedMemory(srcIpAddress, destIpAddress, srcPort, destPort);
if (destPort == 80)
{
ipLayerStructure->daddr = inet_addr(DEVICE_IP);
}
if (!strcmp(srcIpAddress, DEVICE_IP) && (srcPort == 80)){
itr = sharedVal.top;
for (--itr; itr > 0; --itr){
if (spoofedPkt[itr].srcPort == destPort && strcmp(spoofedPkt[itr].destIp, DEVICE_IP) != 0)
{
ipLayerStructure->saddr = inet_addr(spoofedPkt[itr].destIp);
break;
}
}
}
ipLayerStructure->check = csumIp((unsigned short *)ipLayerData, 10);
csumTcp(ipLayerStructure, (unsigned short *)l4Structure);
return nfq_set_verdict(qHandler, id, NF_ACCEPT, pktSize, (unsigned char*)ipLayerStructure);
}
}
return 0;
}
Aucun commentaire:
Enregistrer un commentaire