Problem modifying TCP packets

Problem modifying TCP packets

[rigoberto perez]

I modify packets using skb_padto and adding a trailer
to every datagram, i change the protocol too. It´s
work OK, but when i receive the datagrams I have
problems in the inverse process. 

I mean, when I capture datagrams with my own protocol
I restore the original packet using skb_trim and put
the original protocol (previoulsy saved in my
trailer). This works for icmp packets but when I do it
in tcp packets I only receive a fews bytes and don´t
have any reports of errors (maybe there is but i can´t
see them).

Let me show you my code and comments in order to
explain better my trouble:

{
struct sk_buff *skb2 = *skb; //To work simplest
tTrailer *h; //Pointer to my own data

if (skb_is_nonlinear(skb2)) 
{
    if (skb_linearize(skb2, GFP_ATOMIC) != 0) 
    {
	printk(KERN_ERR"Error linearizing\n");
	return -ENOMEM;
    }
}
//First point to my own data
h=(tTrailer *)&skb2->data[skb2->len-sizeof(tTrailer)];

//Restore the saved protocol
skb2->nh.iph->protocol = h->proto; 
//Delete my trailer
skb_trim(skb2, skb2->len-sizeof(tTrailer)); 
//Restore the original size
skb2->nh.iph->tot_len = htons(skb2->len); 
//Recompute the cksum (is that necesary?)
skb2->ip_summed = CHECKSUM_UNNECESSARY; 
skb2->nh.iph->check = 0;
skb2->nh.iph->check = ip_fast_csum((unsigned char
*)skb2->nh.iph, skb2->nh.iph->ihl);
*skb = skb2; 
return NF_ACCEPT; 
}

This code is in a NF_IP_LOCAL_IN hook with priority
NF_IP_PRI_CONNTRACK_DEFRAG. I use SUSE 10.x with
kernel 2.6.16.x and the module ip_conntrack is loaded.
I saw in old reference that in older kernels the
nfcache skbuff parameter must be NFC_ALTERED but in
this kernels this parameter not exists.

Why tcp descard my packets?

Thanks


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs