Hi i'm noob to VMWare (and to virtulization in general)... i'm using Red Hat 9 + VMWare Workstation 6.0.0
Guest's n/w is configured as "Bridged"
I've created a kernel module which simply hooks into netfilter arch and reads the packets... after printing info from packet header i'm allowing it flow its normal course...
The problem is all the n/w traffic between host and any remote host is visible (when hooked at PF_INET at NF_IP_LOCAL_IN and NF_IP_LOCAL_OUT hooks), but i'm not able to see any trace of packet flow between guest OS to any remote host (I tried all the hook points)
even i tried to hook into PF_BRIDGE protocol stack but no outcome...
I also tried the same thing with CentOS 5.2 + VMWare Workstation 6.0.0 setup but results are similar, i.e. no packets from guests
here's my code looks like....
IMPORTANT: u may need to change the protocol family appropriately and this code is for 2.4 kernel
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
//#include <linux/list.h>
#include <linux/netfilter.h>
#include <linux/netfilter_bridge.h>
#include <linux/netfilter_ipv4.h>
//#include <linux/spinlock.h>
//#include <linux/brlock.h>
//#include <linux/sysctl.h>
//#include <net/sock.h>
static unsigned int ebq_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
if(ntohs(ETH_P_IP) != (*pskb)->mac.ethernet->h_proto) //why to q non ip packets???
{
return NF_ACCEPT;
}
printk(KERN_INFO "indev: %s outdev: %s\n", in->name, out->name);
printk(KERN_INFO "Device: %s \n", (*pskb)->dev->name);
printk(KERN_INFO "src_ip: %d.%d.%d.%d dst_ip: %d.%d.%d.%d\n",
NIPQUAD((pskb)->nh.iph->saddr), NIPQUAD((pskb)->nh.iph->daddr));
return NF_ACCEPT;
}
static struct nf_hook_ops ebq_ops = //u may hv to change... look protocol family (pf)
{
.hook = ebq_hook,
.pf = PF_BRIDGE,
.hooknum = NF_BR_FORWARD, //also change this according to protocol family
//.hooknum = NF_BR_PRE_ROUTING,
.priority = NF_IP_PRI_FIRST
};
static struct nf_hook_ops ebq_ops_in = //u may hv to change... look protocol family (pf)
{
.hook = ebq_hook,
.pf = PF_BRIDGE,
//.pf = PF_INET,
.hooknum = NF_BR_PRE_ROUTING, //also change this according to protocol family
//.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_FIRST
};
static struct nf_hook_ops ebq_ops_out = //u may hv to change... look protocol family (pf)
{
.hook = ebq_hook,
//.pf = PF_INET,
.pf = PF_BRIDGE,
.hooknum = NF_BR_POST_ROUTING, //also change this according to protocol family
//.hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_FIRST
};
int enter_da_dragon(void) //module loading....
{
int status = -ENOMEM;
printk(KERN_INFO "eb_queue: registering hook & queue handler\n");
//status = nf_register_hook(&ebq_ops);
status = nf_register_hook(&ebq_ops_in);
status = nf_register_hook(&ebq_ops_out);
if(status < 0)
{
printk(KERN_ERR "eb_queue: failed to register hook\n");
//goto err_hook;
}
return status;
}
void exit_da_dragon(void) //module exitin....
{
printk(KERN_INFO "eb_queue: unregistering hook & queue handler\n");
//nf_unregister_hook(&ebq_ops);
nf_unregister_hook(&ebq_ops_in);
nf_unregister_hook(&ebq_ops_out);
}
module_init(enter_da_dragon);
module_exit(exit_da_dragon);
MODULE_AUTHOR("Ratnaraj Mirgal");
MODULE_DESCRIPTION("netfilter hook!!!");
MODULE_LICENSE("GPL");
so is there any way to do this????
TIA
