netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: aft <aftnix@gmail.com>
To: netfilter@vger.kernel.org
Subject: bizarre behavior of NFQUEUE for tcp socket
Date: Tue, 4 Aug 2015 18:24:49 +0600	[thread overview]
Message-ID: <CAGuaRCtn_qN4zRx9Ox8MpeaOOiZSzPWAoGu6d30t4fa1=kU-Bw@mail.gmail.com> (raw)

I have a NFQUEUE which gets packets destined for a tcp socket. I
change some contents of the tcp payload and calculate new checksum for
the packet. The payload contains mostly encrypted stun messages. I
decrypt it from the NFQUEUE callback. After decrypting the payload, i
calculate a new checksum.

But from the server, which is listening at that tcp port, it gets
initial tcp packets fine(with decrypted stun payload). But after
couple of packets, when stun data indication packets starts to flow,
it suddenly reports a huge 2096 bytes packets and breaks down.
Although from the NFQUEUE cb, all send indication packets are reported
to have a length of 68 bytes.

What explains this bizarre behavior?

Thanks in Advance.

                 reply	other threads:[~2015-08-04 12:24 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGuaRCtn_qN4zRx9Ox8MpeaOOiZSzPWAoGu6d30t4fa1=kU-Bw@mail.gmail.com' \
    --to=aftnix@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).