Re: Re: info su VM kernel

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Novembre 2001 ml@sikurezza.org
Soggetto: Re: Re: info su VM kernel
Mittente: Monaco Mauro (Rozzano)
Data: 29 Nov 2001 11:42:58 -0000


L'errore era di copia incolla: 
> if (kvm_nlist(kd, namelist)) 
                       { ^^^^^^^^ 


Il codice che ho scritto è questo:

#include <sys/types.h>
#include <netinet/tcp.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <stdio.h>
#include <nlist.h>
#include <kvm.h>
#include <sys/types.h>
#include <sys/fcntl.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/in_pcb.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/icmp_var.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <netinet/tcp_seq.h>
#define TCPSTATES
#include <netinet/tcp_fsm.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/tcp_debug.h>


struct nlist nl[] = {
#define N_TCB           0
        { "_tcb" },
        "",
};

struct inpcb pcb;
struct tcpcb tcb;

#define FIX

main(char *argv[], int argvi)
{
   kvm_t *kd;
   struct inpcb *curr,*prev=NULL,*next,*orig;
   struct socket *soc;
   int i;


   if(!(kd = kvm_open(NULL, NULL, NULL, O_RDWR, argv[0]))) {
      perror("kvm_open");
      printf("%s", argv[0]);
      exit(1);
   }

   if(kvm_nlist(kd, nl)) {                   /* il problema è
qua!!!!!!!!!!!!!!*/
      perror("kvm_nlist");
      exit(1);
   }
   
   if(nl[N_TCB].n_value==0) {
     perror("kvm_nlist value 0");
      exit(1);
   }
     
   curr = orig = (struct inpcb *) nl[N_TCB].n_value;


   do {
      if((kvm_read(kd, (u_long) curr, &pcb, sizeof pcb) != sizeof pcb)
         || (prev && (prev != pcb.inp_prev))) {
         perror("read current");
         exit(1);
      }

      if(!pcb.inp_ppcb)
         continue;

      if((kvm_read(kd, (u_long) pcb.inp_ppcb, &tcb, sizeof tcb)
         != sizeof tcb) || (curr != tcb.t_inpcb)) {
         perror("read tcpcb");
         exit(1);
      }

#ifndef FIX
      if((kvm_read(kd, (u_long) pcb.inp_socket, &soc, sizeof soc)!= sizeof
soc)
         || (curr != (struct inpcb *) soc.so_pcb)) {
         perror("read soc");
         exit(1);
      }
#endif

/* only deal with closing... */

/*
 * T2&& (possibly) T1 && (close_wait||last_ack||closing||fin_wait_1)
 */

#ifdef FIX
      if ( /* tcb.t_state != SYN_RCVD && */
           tcb.t_state != TCPS_LAST_ACK &&
           tcb.t_state != TCPS_CLOSE_WAIT &&
           tcb.t_state != TCPS_FIN_WAIT_1 &&
           tcb.t_state != TCPS_CLOSING )
         continue;

      if ( tcb.t_timer[TCPT_REXMT] !=0 ||
           tcb.t_timer[TCPT_2MSL] !=0 )
         continue;
#else
      /* skip uninteresting states: up to est. and normal finish */
      if ( tcb.t_state <= TCPS_ESTABLISHED ||
           tcb.t_state == TCPS_TIME_WAIT && tcb.t_timer[TCPT_2MSL] != 0)
         continue;
#endif

      printf("s=%s %d ", inet_ntoa(pcb.inp_laddr), pcb.inp_lport);
      printf("d=%s %d ",  inet_ntoa(pcb.inp_faddr), pcb.inp_fport);

      if (tcb.t_state < 0 || tcb.t_state >= TCP_NSTATES)
         printf("st=%d", tcb.t_state);
      else
         printf("st=%s", tcpstates[tcb.t_state]);

#ifndef FIX
      printf(" so_st=%d ",soc.so_state);
/*
      printf("ka=%d ",soc.so_state&SO_KEEPALIVE);
      printf(" ling=%d ",soc.so_state&SO_LINGER);
*/
      printf("wupalt=%p",soc.so_wupalt);
#endif

      printf("\n");

      for (i=0; i<TCPT_NTIMERS; i++) printf("T(%d)= %5d ",i,tcb.t_timer[i]);
      printf("\n");

#ifdef FIX
      if ( tcb.t_timer[TCPT_KEEP] > 3 && ( tcb.t_timer[TCPT_PERSIST] == 0 ||
           tcb.t_timer[TCPT_PERSIST] > 3 ) ) {
         /*
          * Get out of wait free:
          * Since tcp_close calls soisdisconnected we can do this
          * as that call is need to transition to CLOSE_WAIT .
          *
          */
         tcb.t_state = TCPS_TIME_WAIT;
         tcb.t_timer[TCPT_PERSIST] = 0;
         tcb.t_timer[TCPT_KEEP] = 0;
         tcb.t_timer[TCPT_2MSL] = 10;

         if((kvm_write(kd, (u_long) pcb.inp_ppcb, &tcb, sizeof tcb)
            != sizeof tcb) ) {
            perror("kvm_write");
            exit(1);
         }
      }
#endif

   } while ( prev = curr, curr = pcb.inp_next, curr != orig );

}



il problema lo trovo con la funzione  kvm_nlist, perchè il valore è nullo e
quindi esce
nel successivo controllo    if(nl[N_TCB].n_value==0).

Riesco compilare, ma a run time si ferma su questo controllo, non capisco
perchè, grazie dell'interessamento.
 Ciao.


 Cordiali saluti.

Mauro Monaco
SARITEL S.p.A.
DTM (Data Messaging)
email: m.monaco@saritel.it
Tel. +39-0289204238
Fax.+39-0289204600


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: OpenBSD 3.0 out (?), larry wall
- successivo: Re: Impedimente dell'eseguzione di McafeeViruscan 4.x.x [teoria], ---Antonio Di Maria---[LordZe]--->
- indice

Argomento:
- precedente: Re: info su VM kernel, Andrea Campi
- successivo: Re: info su VM kernel, Francesco Trentini
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005