* Routing packets via a C program @ 2007-01-22 8:58 Luca Bedogni 2007-01-27 14:55 ` Jan Engelhardt 0 siblings, 1 reply; 5+ messages in thread From: Luca Bedogni @ 2007-01-22 8:58 UTC (permalink / raw) To: netfilter Hi all i'm writing down a simple program for routing the packets manually. The idea is: if a packet comes from a specific IP (192.168.0.2) I set ip->saddr to my ip and then accept it. And, if a packets comes from the outside, i set ip->daddr to 192.168.0.2 and then accept it. I recalculate the checksum and it's correct (i can see that by printing out it). The basic problem is that, sniffing packets with wireshark, i can see the packet from 192.168.0.2 to outside, but not mine to outside. I also tried with NF_REPEAT and NF_ACCEPT and NF_QUEUE when calling ipq_set_verdict, but nothing changed.. Any hints? RTFM? Regards -- Debian Powered GNU/Linux User #373118 Bedogni Luca - Blog | http://blog.lucabedogni.it Site | http://www.lucabedogni.it Debianizzati - www.debianizzati.org | Founder Member -- Book: A non-volatile information storage medium. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Routing packets via a C program 2007-01-22 8:58 Routing packets via a C program Luca Bedogni @ 2007-01-27 14:55 ` Jan Engelhardt 2007-01-30 16:14 ` Luca Bedogni 0 siblings, 1 reply; 5+ messages in thread From: Jan Engelhardt @ 2007-01-27 14:55 UTC (permalink / raw) To: Luca Bedogni; +Cc: netfilter On Jan 22 2007 09:58, Luca Bedogni wrote: > >Hi all > i'm writing down a simple program for routing the packets manually. The >idea is: if a packet comes from a specific IP (192.168.0.2) I set ip->saddr to >my ip and then accept it. And, if a packets comes from the outside, i set >ip->daddr to 192.168.0.2 and then accept it. I recalculate the checksum and >it's correct (i can see that by printing out it). What for - are you trying some nifty SNAT/DNAT trick? >The basic problem is that, sniffing packets with wireshark, i can see the >packet from 192.168.0.2 to outside, but not mine to outside. > >I also tried with NF_REPEAT and NF_ACCEPT and NF_QUEUE when calling >ipq_set_verdict, but nothing changed.. You should be fine by QUEUEing packets in PREROUTING (or at least somewhere before the <Routing Decision> in [PacketFlow]), modify them in your userspace program, reinject them, and have the <Routing Decision> do the right then. -`J' -- ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Routing packets via a C program 2007-01-27 14:55 ` Jan Engelhardt @ 2007-01-30 16:14 ` Luca Bedogni 2007-02-01 17:12 ` Luca Bedogni 0 siblings, 1 reply; 5+ messages in thread From: Luca Bedogni @ 2007-01-30 16:14 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter On Saturday 27 January 2007 15:55, Jan Engelhardt wrote: > On Jan 22 2007 09:58, Luca Bedogni wrote: > >Hi all > > i'm writing down a simple program for routing the packets manually. The > >idea is: if a packet comes from a specific IP (192.168.0.2) I set > > ip->saddr to my ip and then accept it. And, if a packets comes from the > > outside, i set ip->daddr to 192.168.0.2 and then accept it. I recalculate > > the checksum and it's correct (i can see that by printing out it). > > What for - are you trying some nifty SNAT/DNAT trick? Yes, i want to monitor performances and such via normal routing and via userspace routing. > >The basic problem is that, sniffing packets with wireshark, i can see the > >packet from 192.168.0.2 to outside, but not mine to outside. > > > >I also tried with NF_REPEAT and NF_ACCEPT and NF_QUEUE when calling > >ipq_set_verdict, but nothing changed.. > > You should be fine by QUEUEing packets in PREROUTING (or at least somewhere > before the <Routing Decision> in [PacketFlow]), modify them in your > userspace program, reinject them, and have the <Routing Decision> do the > right then. Yes i basically do this, but the packets aren't reinjected. I change the IP and recalculate the checksum, but when calling ipq_set_verdict I can't see any packets on the wire :( Any other hint? > -`J' Regards -- Debian Powered GNU/Linux User #373118 Bedogni Luca - Blog | http://blog.lucabedogni.it Site | http://www.lucabedogni.it Debianizzati - www.debianizzati.org | Founder Member -- Better paranoid than sorry ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Routing packets via a C program 2007-01-30 16:14 ` Luca Bedogni @ 2007-02-01 17:12 ` Luca Bedogni 0 siblings, 0 replies; 5+ messages in thread From: Luca Bedogni @ 2007-02-01 17:12 UTC (permalink / raw) To: netfilter On Tuesday 30 January 2007 17:14, Luca Bedogni wrote: > On Saturday 27 January 2007 15:55, Jan Engelhardt wrote: > > On Jan 22 2007 09:58, Luca Bedogni wrote: > > >Hi all > > > i'm writing down a simple program for routing the packets manually. The > > >idea is: if a packet comes from a specific IP (192.168.0.2) I set > > > ip->saddr to my ip and then accept it. And, if a packets comes from the > > > outside, i set ip->daddr to 192.168.0.2 and then accept it. I > > > recalculate the checksum and it's correct (i can see that by printing > > > out it). > > > > What for - are you trying some nifty SNAT/DNAT trick? > > Yes, i want to monitor performances and such via normal routing and via > userspace routing. > > > >The basic problem is that, sniffing packets with wireshark, i can see > > > the packet from 192.168.0.2 to outside, but not mine to outside. > > > > > >I also tried with NF_REPEAT and NF_ACCEPT and NF_QUEUE when calling > > >ipq_set_verdict, but nothing changed.. > > > > You should be fine by QUEUEing packets in PREROUTING (or at least > > somewhere before the <Routing Decision> in [PacketFlow]), modify them in > > your userspace program, reinject them, and have the <Routing Decision> do > > the right then. > > Yes i basically do this, but the packets aren't reinjected. I change the IP > and recalculate the checksum, but when calling ipq_set_verdict I can't see > any packets on the wire :( ATM i've wrote this piece of code that would be sufficient: /* * This code is GPL. */ #include <linux/netfilter.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <netinet/udp.h> #include <netinet/in.h> #include <net/if.h> #include <linux/icmp.h> #include <libipq/libipq.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <getopt.h> #include <stdio.h> #include <stdlib.h> #include <ifaddrs.h> #include <netdb.h> #include <string.h> #include <unistd.h> #define BUFSIZE 8194 int main (int argc, char **argv) { int status; int n_interfaces; unsigned char buf[BUFSIZE]; struct ipq_handle *h; h = malloc(sizeof(struct ipq_handle)); /* Creating an handle */ h = ipq_create_handle (0, PF_INET); if (!h) iptables_die (h); /* Copying all the packet and not only metadata */ status = ipq_set_mode (h, IPQ_COPY_PACKET, BUFSIZE); if (status < 0) iptables_die (h); do { if ((status = ipq_read (h, buf, BUFSIZE, 0)) < 0) iptables_die (h); switch (ipq_message_type (buf)) { case NLMSG_ERROR: fprintf (stderr, "Received error message %d\n",ipq_get_msgerr (buf)); break; case IPQM_PACKET: fprintf(stderr,""); ipq_packet_msg_t *m = ipq_get_packet (buf); struct iphdr *ip = (struct iphdr *) m->payload; if (ip->saddr == inet_addr("192.168.0.2")) { ip->saddr = inet_addr("192.168.1.5"); } else { ip->daddr = inet_addr("192.168.0.2"); } ip->check = ip_checksum(ip); status = ipq_set_verdict (h, m->packet_id, NF_ACCEPT, 0, NULL); if (status < 0) iptables_die (h); break; default: fprintf (stderr, "Unknown message type!\n"); break; } } while (1); ipq_destroy_handle (h); return 0; } This is a very ugly "routing", i now, but would be enough for me. I can see the packets entering on my machine but nothing can exit my pc. I think the code is ok, but maybe's wrong -_- Regards -- Debian Powered GNU/Linux User #373118 Bedogni Luca - Blog | http://blog.lucabedogni.it Site | http://www.lucabedogni.it Debianizzati - www.debianizzati.org | Founder Member -- Programming is like sex: One mistake and you have to support it your lifetime. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Routing packets via a C program
@ 2007-01-22 9:05 bedogniluca-linux
0 siblings, 0 replies; 5+ messages in thread
From: bedogniluca-linux @ 2007-01-22 9:05 UTC (permalink / raw)
To: netfilter
Hi all
i'm writing down a simple program for routing
the packets manually.
The idea is:
if a packet comes from a specific IP (192.168.0.2) I
set ip->saddr to my ip
and then accept it. And, if a packets comes from the
outside, i set ip->daddr
to 192.168.0.2 and then accept it.
I recalculate the checksum and it's correct (i can see
that by printing it out).
The basic problem is that, sniffing packets with
wireshark, i can see the
packet from 192.168.0.2 to outside, but not mine to
outside.
I also tried with NF_REPEAT and NF_ACCEPT and NF_QUEUE
when calling
ipq_set_verdict, but nothing changed..
Any hints? RTFM?
Regards
___________________________________
Vinci i biglietti per FIFA World Cup in Germania!
yahoo.it/concorso_messenger
^ permalink raw reply [flat|nested] 5+ messages in threadend of thread, other threads:[~2007-02-01 17:12 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-01-22 8:58 Routing packets via a C program Luca Bedogni 2007-01-27 14:55 ` Jan Engelhardt 2007-01-30 16:14 ` Luca Bedogni 2007-02-01 17:12 ` Luca Bedogni -- strict thread matches above, loose matches on Subject: below -- 2007-01-22 9:05 bedogniluca-linux
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.