* unable to reinject the IP packets using ipq_set_verdict (libipq API)
@ 2004-12-20 12:03 Srinivas G.
2004-12-20 12:35 ` Javier Valencia
0 siblings, 1 reply; 2+ messages in thread
From: Srinivas G. @ 2004-12-20 12:03 UTC (permalink / raw)
To: netfilter-devel; +Cc: rsamprat, munky, greearb, schuster.sven, jz105
Dear All,
I developed a small application which uses the libipq APIs to capture
the IP packets using netfilter hook. (Here I am not using the iptables.
I used the netfilter hook module to queue the packets in the kernel
space using NF_QUEUE verdict. At the user side I am using the ip_queue
module and then libipq APIs to read the queued packets from the kernel
space)
When I try to print the packet's data in the libipq application it was
printed perfectly. But when I try to reinject the modified packet back
to kernel space using the ipq_set _verdict, it was not working. See the
attached code below.
case IPQM_PACKET:
{
ipq_packet_msg_t *m = ipq_get_packet(buf);
unsigned char *packet = (unsigned char *)m +
sizeof(*m);
unsigned int header_length = 0;
struct iphdr *iph;
struct tcphdr *tcph;
unsigned char *payload;
/* calculate the IP header length */
iph = (struct iphdr *)packet;
header_length += iph->ihl * 4;
/* calculate the TCP header */
tcph = (struct tcphdr *)(packet +
header_length);
header_length += tcph->doff * 4;
/* compute the payload */
payload = packet + header_length;
printf("Packet receivd!\n");
/* length of the packet data is */
printf("Packet length = %d!\n",m->data_len);
/* address of the packet in the memory */
printf("Packet address in the memory :
%X!\n",packet);
/* address of the payload in the memory */
printf("payload address in the memory :
%X!\n",payload);
for(i=0;i<20;i++)
{
printf("%c",*(payload + i));
*(payload + i) = 'a';
}
printf("\n");
/* after modification re-inject the packet into
* the kernel space i.e. issue the verdict */
status = ipq_set_verdict(pHandle, m->packet_id,
NF_ACCEPT, 0, NULL);
if (status < 0)
die(pHandle);
break;
}
I modified the following line in different ways with different arguments
for the 4th and 5th parameters. I read the man page of ipq_set_verdict
and modified those variables.
status = ipq_set_verdict(pHandle, m->packet_id, NF_ACCEPT, 0, NULL);
Instead of sending the 0 and NULL, I send
1. Application defined buffer length and application
defined buffer pointer.
2. m->data_len and packet pointer
3. 20 (number of character I modified in the
application) and payload pointer
4. m->data_len and m
I tried with other combinations, not only above mentioned combinations.
Even though, I was unable to retransmit the modified packet.
How am I testing it? I connected two individual systems using CROSS
CABLE. On one system I am running the client program and another system
I am running the server program and libipq application. On server
machine I am receiving the original data instead of modified one.
Any help greatly appreciated.
Thanks and regards,
Srinivas G
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: unable to reinject the IP packets using ipq_set_verdict (libipq API)
2004-12-20 12:03 unable to reinject the IP packets using ipq_set_verdict (libipq API) Srinivas G.
@ 2004-12-20 12:35 ` Javier Valencia
0 siblings, 0 replies; 2+ messages in thread
From: Javier Valencia @ 2004-12-20 12:35 UTC (permalink / raw)
To: netfilter-devel
Are calculating checksums? If a checksum is invalid, no packet will be
accepted.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-12-20 12:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-20 12:03 unable to reinject the IP packets using ipq_set_verdict (libipq API) Srinivas G.
2004-12-20 12:35 ` Javier Valencia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.