libnetfilter_queue: extracting TCP options.

libnetfilter_queue: extracting TCP options.

[Igor 'Lo' (И.L.)]

Hi all,

How one can get TCP packet's options (especially timestamp and MD5)
using only libnetfilter_queue in userspace?
Having a callback routine(struct nfq_q_handle *qh, struct nfgenmsg
*nfmsg, struct nfq_data *nfa, void *data) - which structure may
contain the desired options set?

Most adequate Netfilter-based code to solve this problem was found in
linux/net/netfilter/nf_conntrack_proto_tcp.c - not a best kind of
documentation, but provided a nice method of reading a structure. Now
just need to get a bytes to read.

cheers,
Igor

Re: libnetfilter_queue: extracting TCP options.

[Yechiel Levi]

Hi,

You should use the nfq_handle_packet method, and in the callback it
activates use a casting of tcp struct on the payload (nfq_get_payload
method)

timestamp can be achieved from netfilter using the :
nfq_get_timestamp (struct nfq_data *nfad, struct timeval *tv)



2010/11/14 Igor 'Lo' (И.L.) <bombsiteunrested@gmail.com>:
> Hi all,
>
> How one can get TCP packet's options (especially timestamp and MD5)
> using only libnetfilter_queue in userspace?
> Having a callback routine(struct nfq_q_handle *qh, struct nfgenmsg
> *nfmsg, struct nfq_data *nfa, void *data) - which structure may
> contain the desired options set?
>
> Most adequate Netfilter-based code to solve this problem was found in
> linux/net/netfilter/nf_conntrack_proto_tcp.c - not a best kind of
> documentation, but provided a nice method of reading a structure. Now
> just need to get a bytes to read.
>
> cheers,
> Igor
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
Kind Regards,
Yechiel Levi
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: libnetfilter_queue: extracting TCP options.

[Igor 'Lo' (И.L.)]

Hi,
which .h contains a correct struct tcp? I guess it is tcphdr from
netinet/tcp.h, which only gives a doff (whole header length), so have
to get payload, skip header length and read the options by byte?

2010/11/14 Yechiel Levi <gmistick@gmail.com>:
> Hi,
>
> You should use the nfq_handle_packet method, and in the callback it
> activates use a casting of tcp struct on the payload (nfq_get_payload
> method)
>
> timestamp can be achieved from netfilter using the :
> nfq_get_timestamp (struct nfq_data *nfad, struct timeval *tv)
>
cheer,
Igor.

Re: libnetfilter_queue: extracting TCP options.

[Yechiel Levi]

Hi,

You said you want the Checksum and Timestamp.
1. Timestamp as i said could be achieved from nfq_get_timestamp,
2. Checksum could be achieved from the tcphdr,
3. Data length could be computed with iphdr(get the data length - tcp
header length ) ...

I guess that if you want to get the other options, you could just use
the tcphdr, and address the wanted members of the struct...


2010/11/14 Igor 'Lo' (И.L.) <bombsiteunrested@gmail.com>:
> Hi,
> which .h contains a correct struct tcp? I guess it is tcphdr from
> netinet/tcp.h, which only gives a doff (whole header length), so have
> to get payload, skip header length and read the options by byte?
>
> 2010/11/14 Yechiel Levi <gmistick@gmail.com>:
>> Hi,
>>
>> You should use the nfq_handle_packet method, and in the callback it
>> activates use a casting of tcp struct on the payload (nfq_get_payload
>> method)
>>
>> timestamp can be achieved from netfilter using the :
>> nfq_get_timestamp (struct nfq_data *nfad, struct timeval *tv)
>>
> cheer,
> Igor.
>



-- 
Kind Regards,
Yechiel Levi
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html