From: Vincent Arniego <vincent_arniego@yahoo.com>
To: Ashok Rao <greatarbor@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: [NFQUEUE] Help with program that changes DHCP payload
Date: Wed, 30 Jan 2008 21:56:46 -0800 (PST) [thread overview]
Message-ID: <603205.23615.qm@web58307.mail.re3.yahoo.com> (raw)
Yup checked it out, I got the netfilter flow.
I put a nfqueue program in the prerouting and in the input, filter table
I was able to see the modified packet.
The DHCP server resides on the same server as the firewall so I manipulate the incoming packets.
I experimented with just changing the TOS after looking at the ipq_client.c program.
And I was able to see the change in the input filter.
I'm going to check the program further.
I'm not sure a relay server is feasible at the current setup. That's why I'm sorting to this pseudo option 82 solution.
----- Original Message ----
From: Ashok Rao <greatarbor@gmail.com>
To: Vincent Arniego <vincent_arniego@yahoo.com>; netfilter@vger.kernel.org
Sent: Wednesday, January 30, 2008 9:28:16 PM
Subject: Re: [NFQUEUE] Help with program that changes DHCP payload
Have
you
looked
at
the
Figures
in
Oskar
Andersson's
tutorial
on
iptables
(available
through
a
link
on
www.netfilter.org)
-
they
show
the
sequence
of
tables
and
chains
which
are
encountered
by
a
packet
on
it's
way
in,
out,
or
when
forwarded.
IMHO
that
tutorial
is
mandatory
reading
for
anyone
trying
to
work
seriously
with
iptables.
From
your
email
below,
I
couldn't
make
out
if
your
program
was
accepting
packets
or
sending
out
packets
-
if
indeed
you
are
capturing
incoming
packets
-
modifying
them
and
them
sending
it
to
the
DHCP
process
on
the
same
machine
-
ethereal
will
never
see
the
modified
packets
-
unless
you
are
sending
them
back
on
the
wire
again.
Ashok
On
Jan
29,
2008
10:58
PM,
Vincent
Arniego
<vincent_arniego@yahoo.com>
wrote:
>
>
>
>
Hi
Everyone,
>
>
I'm
kinda
new
here
and
I
would
like
some
help
regarding
>
netfilter_queue.
If
this
is
asked
already,
forgive
me
I
didn't
see
it
in
the
archives.
>
>
I'm
making
a
program
that
changes
the
value
of
an
attribute
in
the
DHCP
>
payload.
>
I'm
using
nfqueue
to
intercept
the
packet,
change
the
content
of
the
>
payload
and
resend
it
again
to
DHCP
>
which
resides
in
the
same
server
as
the
firewall.
Why
am
I
doing
this?
>
I'm
making
a
pseudo
option
82
using
a
translated
bridge
(which
the
mac
>
is
unchangeable)
but
I'm
using
the
hostname
attribute
instead.
>
>
So
far,
I
was
able
to
change
the
content
of
the
hostname
attribute
of
>
the
payload,
and
I
checked
the
packet
again
>
just
to
be
sure
its
sending
the
correct
content.
I
use
nfq_set_verdict
>
to
resend
the
packet
with
the
modified
payload.
>
>
But
it
didn't
work.
>
>
The
next
thing
is
did
*just
to
be
sure
is
just
changing
the
TTL
value
>
of
the
IP
header,
then
resending
again,
but
it
seems
its
not
working.
I
>
used
ethereal
to
capture
the
packets
that
are
coming
in
after
>
modification.
And
yes
I
checksummed
it.
>
>
These
are
my
questions:
>
>
1.
My
firewall
rule
to
intercept
the
packets
is
in
the
PREROUTING
>
chain,
mangle
table.Is
this
the
correct
way?
>
2.
The
packets
that
are
captured
by
ethereal,
are
these
the
packets
>
before
modification
or
after?
(just
to
be
sure
I'm
looking
it
the
right
>
way)
>
3.
What
can
I
do
to
verify
if
the
packets
are
indeed
modified?
>
>
If
anyone
need
a
snippet
of
the
code,
for
everyone,
I'll
just
send
it
>
in
a
reply
email.
>
>
Thanks
in
advanced
guys.
>
>
>
>
>
____________________________________________________________________________________
>
Looking
for
last
minute
shopping
deals?
>
Find
them
fast
with
Yahoo!
Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
>
-
>
To
unsubscribe
from
this
list:
send
the
line
"unsubscribe
netfilter"
in
>
the
body
of
a
message
to
majordomo@vger.kernel.org
>
More
majordomo
info
at
http://vger.kernel.org/majordomo-info.html
>
--
Ashok
Rao
Great
Arbor
Communications
8818
Tallyho
Trail
Potomac,
MD
Tel:
301-547-3483
Cell:
703-989-6494
email:
greatarbor@gmail.com
www.greatarbor.com
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
next reply other threads:[~2008-01-31 5:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-31 5:56 Vincent Arniego [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-01-31 6:02 [NFQUEUE] Help with program that changes DHCP payload Vincent Arniego
2008-01-30 3:58 Vincent Arniego
2008-01-30 13:28 ` Ashok Rao
2008-01-30 21:22 ` Martijn Lievaart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=603205.23615.qm@web58307.mail.re3.yahoo.com \
--to=vincent_arniego@yahoo.com \
--cc=greatarbor@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox