Brand New Day


It’s a brand new day with no novelty! Back to the lab today trying to now get access to the packet data to calculate the hash values. I suspect that inside netfilter’s sk_buff structure there’s an unsigned char* data field. This probably is exactly what I need to get the hash values. There’s this awesome link which has great information about sk_buff structure. The unsigned int len; has the size of the complete input data including the headers. I guess if this len value == size of the actual data for the IP header (which could be TCP header / UDP header / ICMP header) then if we are using chunks of this data to find hashes then the following algorithm could be used:

no_of_chunks = len / BYTE_SIZE_FOR_SIGN;

addendum = len % BYTE_SIZE_FOR_SIGN;

for (int i = 0; i < no_of_chunks; i++)
(i+1)*BYTE_SIZE_FOR_SIGN - 1 ,0));
no_of_chunks*BYTE_SIZE_FOR_SIGN+addendum, 0)

This are my initial thoughts let’s see how it works out!

Rajat’s Homepage


9 hrs…still capturing packets!


9 hrs down the line I’m still capturing packets, now comes the challenging part-to make the hash tables of raw data! My Rabin’s hash algo seems to be working but the only hiccup that could happen was when the negative hash values are obtained. I don’t know whether it is a bug in my code or what but I got negative values for Rabin’s Hash when I gave the string “this is test”! This is gonna test me for sure.