From owner-freebsd-hackers@FreeBSD.ORG  Fri Dec 12 10:08:21 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0E54F16A4CE
	for <freebsd-hackers@freebsd.org>;
	Fri, 12 Dec 2003 10:08:21 -0800 (PST)
Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27])
	by mx1.FreeBSD.org (Postfix) with SMTP id 054F143D45
	for <freebsd-hackers@freebsd.org>;
	Fri, 12 Dec 2003 10:08:17 -0800 (PST)
	(envelope-from shawnwebb@softhome.net)
Received: (qmail 8446 invoked by uid 417); 12 Dec 2003 18:08:16 -0000
Received: from charleston-.softhome.net (HELO softhome.net) (172.16.2.12)
  by shunt-smtp-out-0 with SMTP; 12 Dec 2003 18:08:16 -0000
Received: from 216.126.195.224 ([216.126.195.224])
  (AUTH: PLAIN shawnwebb@softhome.net)
  by softhome.net with esmtp; Fri, 12 Dec 2003 11:08:14 -0700
From: Shawn Webb <shawnwebb@softhome.net>
To: freebsd-hackers@freebsd.org
Date: Fri, 12 Dec 2003 11:07:27 -0700
User-Agent: KMail/1.5.2
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312121107.27387.shawnwebb@softhome.net>
Subject: recvfrom trouble
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Dec 2003 18:08:21 -0000

I'm intercepting recvfrom() so that I can make an IPS (Itrusion Prevention 
System). What it does (or will do) is check all incoming packets against a 
database (linked-list), and if it matches the database, disconnect the user 
and discard the packet.

Here's what I have so far:

static int hacked_recvfrom(struct proc *p, struct recvfrom_args *uap)
{
	int retval;
	struct sockaddr_in client;
	caddr_t orig = NULL;
	int clisize;

	if (uap->from != NULL) orig = uap->from;
	uap->from = (caddr_t)&client;

	retval = recvfrom(p, uap);

	if (orig != NULL) copyout(&client, orig, sizeof(client));
	if (orig != NULL) uap->from = orig;
	else uap->from = NULL;

	return retval;
}
// end of source snip

it doesn't work with non-TCP sockets (where uap->from == NULL), when I try to 
ping google with the module loaded, I get:

-su-2.05b# ping google.com
ping: cannot resolve google.com: Host name lookup failure

Why doesn't this code work?

Thanks,

Shawn Webb