Search code examples
linux-kernelkernel-modulenetfilter

Netfilter in Kernel Module causes my system to crash

I have written this Kernel Module and everytime I load it, it crashes the whole system(even my keyboard leds start flashing)

Here's the code of what I am doing:

/* 
    Coder: Adel *. ******
    Creation Date: April/5th/2012
    Last Modification Date: April/6th/2012
    Purpose: A module to test capturing traffic and just letting it go after knowing if it's an ICMP traffic or not
    Notes: This modules has always been crashing the kernel I am running it on(it shouldn't), my kernel is 2.6.32-33 (Note by Adel)
 */
#include <linux/module.h>       /* Needed by all modules */
#include <linux/kernel.h>       /* Needed for KERN_INFO */
#include <linux/init.h>         /* Needed for the macros */

#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

#include <linux/skbuff.h>       /* For the sk_buff struct, which is the struct that contains EVERYTHING in a network packet */
#include <linux/ip.h>                  /* For IP header */
#include <linux/icmp.h>            /* For ICMP Header */

#include <linux/in.h> /* For the IPPROTO_ICMP enum */ 

/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;

/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
                       struct sk_buff **skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff *))
{
    struct sk_buff *sb = *skb;
    struct iphdr* iph;
    struct icmphdr *icmph;  
    iph = ip_hdr(sb);
    if(sb == NULL)
        return NF_ACCEPT;
    if(iph != NULL){
        printk(KERN_DEBUG"IP header is not null\n");
        if(iph->protocol == IPPROTO_ICMP){
            icmph = icmp_hdr(sb);
            if(icmph != NULL){
                printk(KERN_DEBUG"ICMP header is not null\n");
                return NF_ACCEPT;
            }/* If ICMP not null */
            return NF_ACCEPT;
        }/* if IPPROTO_ICMP */
        return NF_ACCEPT;
    }
    return NF_DROP;/* The packet is NULL */
}


static int __init hello_start(void)
{
    printk(KERN_INFO "Loading Test module...\n");
    printk(KERN_ALERT "Hello world\n");
    /* Fill in our hook structure */
        nfho.hook = hook_func;         /* Handler function */
        nfho.hooknum  = NF_INET_POST_ROUTING; /* POST_ROUTING Traffic before it hits the wire */
        nfho.pf       = PF_INET;
        nfho.priority = NF_IP_PRI_FIRST;   /* Make our function first */

        nf_register_hook(&nfho);
    return 0;
}

static void __exit hello_end(void)
{
    nf_unregister_hook(&nfho);
    printk(KERN_ALERT "Goodbye Mr.\n");
}

module_init(hello_start);
module_exit(hello_end);

As you can see, I am capturing the traffic right before it goes the NIC(right?), check if it's ICMP and print, that's all.
What could the error be here?

Note that I am running this code on Ubuntu 10.04 LTS and the kernel 2.6.32-33


This is part of the kernel log file that I get to see when the crash happens

Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350142] Modules linked in: myModule(P) hid_a4tech binfmt_misc rfcomm ppdev sco bridge stp bnep l2cap joydev fbcon tileblit font bitblit softcursor vga16fb vgastate snd_hda_codec_realtek pcmcia snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi arc4 snd_rawmidi snd_seq_midi_event snd_seq radeon iwlagn snd_timer iwlcore ttm drm_kms_helper snd_seq_device tifm_7xx1 yenta_socket mac80211 led_class psmouse uvcvideo sony_laptop btusb bluetooth tifm_core rsrc_nonstatic videodev v4l1_compat v4l2_compat_ioctl32 snd video output pcmcia_core serio_raw cfg80211 intel_agp drm i2c_algo_bit soundcore snd_page_alloc lp parport usbhid hid ohci1394 ieee1394 r8169 mii [last unloaded: myModule]
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350193] Pid: 1545, comm: clock-applet Tainted: P   M  D    2.6.32-33-generic #70-Ubuntu VGN-CR31Z_R
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350196] RIP: 0010:[<ffffffffa045a00c>]  [<ffffffffa045a00c>] hook_func+0xc/0x38 [myModule]
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350200] RSP: 0018:ffff88012ab87a88  EFLAGS: 00010246
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350202] RAX: ffffffffa045a360 RBX: ffff88012ab87b10 RCX: ffff88012c5c0000
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350203] RDX: 0000000000000000 RSI: ffff880138c4bee8 RDI: 0000000000000003
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350205] RBP: ffff88012ab87a88 R08: ffffffff81491b20 R09: ffff88012ab87b10
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350207] R10: 0000000000000000 R11: 0000000000000003 R12: 0000000080000000
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350209] R13: ffffffff81831070 R14: ffff880138c4bee8 R15: 0000000000000003
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350212] FS:  00007f81d59b5800(0000) GS:ffff880028300000(0000) knlGS:0000000000000000
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350214] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350216] CR2: 00000000000000c0 CR3: 000000012c25f000 CR4: 00000000000006e0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350218] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350220] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350222] Process clock-applet (pid: 1545, threadinfo ffff88012ab86000, task ffff88012c4a0000)
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350226]  ffff88012ab87ad8 ffffffff81486f1c ffff88012c5c0000 0000000000000000
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350229] <0> ffff88012ab87ac8 ffffffff81491b20 0000000000000003 ffff880138c4bee8
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350233] <0> 0000000000000000 ffff88012c5c0000 ffff88012ab87b48 ffffffff81486fd4
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350243]  [<ffffffff81486f1c>] nf_iterate+0x6c/0xb0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350247]  [<ffffffff81491b20>] ? dst_output+0x0/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350250]  [<ffffffff81486fd4>] nf_hook_slow+0x74/0x100
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350253]  [<ffffffff81491b20>] ? dst_output+0x0/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350256]  [<ffffffff81493c3f>] __ip_local_out+0x9f/0xb0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350258]  [<ffffffff81493c66>] ip_local_out+0x16/0x30
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350261]  [<ffffffff814944a0>] ip_queue_xmit+0x190/0x410
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350266]  [<ffffffff8105ccc2>] ? default_wake_function+0x12/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350269]  [<ffffffff8105ccb0>] ? default_wake_function+0x0/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350271]  [<ffffffff8105cb2b>] ? try_to_wake_up+0x2fb/0x480
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350276]  [<ffffffff815418fe>] ? _spin_lock+0xe/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350280]  [<ffffffff814a8fb1>] tcp_transmit_skb+0x3f1/0x790
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350283]  [<ffffffff814ab8a3>] tcp_write_xmit+0x1d3/0x4b0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350286]  [<ffffffff814abd10>] __tcp_push_pending_frames+0x30/0xa0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350289]  [<ffffffff814abdf2>] tcp_send_fin+0x72/0x1d0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350292]  [<ffffffff8149d276>] tcp_close+0x2e6/0x460
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350295]  [<ffffffff814bf517>] inet_release+0x47/0x70
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350301]  [<ffffffff8144ee29>] sock_release+0x29/0x90
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350304]  [<ffffffff8144eea7>] sock_close+0x17/0x30
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350310]  [<ffffffff81145b15>] __fput+0xf5/0x210
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350313]  [<ffffffff81145c55>] fput+0x25/0x30
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350316]  [<ffffffff81141d7d>] filp_close+0x5d/0x90
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350320]  [<ffffffff810685ef>] put_files_struct+0x7f/0xf0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350323]  [<ffffffff810686b4>] exit_files+0x54/0x70
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350326]  [<ffffffff8106ac1b>] do_exit+0x15b/0x390
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350329]  [<ffffffff8106aea5>] do_group_exit+0x55/0xd0
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350332]  [<ffffffff8106af37>] sys_exit_group+0x17/0x20
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350336]  [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350356]  RSP <ffff88012ab87a88>
Apr  5 23:21:27 DHS-CYB1022 kernel: [ 2754.350360] ---[ end trace ee59092f1ae9cbf0 ]---
Apr  5 23:21:37 DHS-CYB1022 kernel: Kernel logging (proc) stopped.

EDIT : Please guys, excuse my ignorance and correct me If I mentioned something wrong, I am almost totally new to this.

Solution

  • You seem to have completely ignored the warnings emitted by the compiler. For one, your function signature does not match that required of NF hooks for 2.6.32.