Not seeing injected packets traversing iptables

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Not seeing injected packets traversing iptables
@ 2004-07-01 12:03 JOSE MIGUEL MARTINEZ
  2004-07-04 13:15 ` Antony Stone
  0 siblings, 1 reply; 2+ messages in thread
From: JOSE MIGUEL MARTINEZ @ 2004-07-01 12:03 UTC (permalink / raw)
  To: netfilter, txemi2

I am injecting packets in a network. I can see this packets from 
libpcap 
from several machines so the packets are there. The machine supposed 
to receive 
the packets can see them too in a tcpdump. Besides it answers to some 
of them 
(syn/ack if I inject tcp syncs) so packets are arriving. The tools I 
use to inject 
packets are packit, nemesis and others home-made over libnet. The 
problem is that 
in spite of packets being received they does not seem to enter 
iptables as I cannot 
LOG or ULOG them in destination machine. This does not happen with 
convencional traffic as pings or tcp connections that can be logged 
normally. 
It seems to be a problem related to "artificially" injected traffic 
not reaching iptables. 
¿Is conttrack or some part of iptables realising this packets are not 
legal enough to reach 
iptables? 

logging rule is quite simple 

root@bipt08:~# iptables-save 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*nat 
:PREROUTING ACCEPT [737:65375] 
:POSTROUTING ACCEPT [1962:84481] 
:OUTPUT ACCEPT [1962:84481] 
-A PREROUTING -i eth1 -j ULOG --ulog-prefix "catch it please" 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*filter 
:INPUT ACCEPT [31481:4480745] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [37288:10900591] 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*mangle 
:PREROUTING ACCEPT [31500:4483968] 
:INPUT ACCEPT [31482:4480797] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [37289:10900787] 
:POSTROUTING ACCEPT [37289:10900787] 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 

--  
 ______________________________ 
< hola, soy una firma horrible > 
 ------------------------------ 
        \   ^__^ 
         \  (oo)\_______ 
            (__)\       )\/\ 
                ||----w | 
                ||     || 

mail: txemi <txemi2@euskalnet.net> 
web: http://txemi.webhop.org 
mirror: http://txemi2.webhop.org

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Not seeing injected packets traversing iptables
  2004-07-01 12:03 Not seeing injected packets traversing iptables JOSE MIGUEL MARTINEZ
@ 2004-07-04 13:15 ` Antony Stone
  0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2004-07-04 13:15 UTC (permalink / raw)
  To: netfilter

On Thursday 01 July 2004 1:03 pm, JOSE MIGUEL MARTINEZ wrote:

> I am injecting packets in a network. I can see this packets from libpcap
> from several machines so the packets are there. The machine supposed to
> receive the packets can see them too in a tcpdump. Besides it answers to
> some of them (syn/ack if I inject tcp syncs) so packets are arriving. The
> tools I use to inject packets are packit, nemesis and others home-made over
> libnet. The problem is that in spite of packets being received they does not
> seem to enter iptables as I cannot LOG or ULOG them in destination machine.
> This does not happen with convencional traffic as pings or tcp connections
> that can be logged normally.
> It seems to be a problem related to "artificially" injected traffic not
> reaching iptables. ¿Is conttrack or some part of iptables realising this
> packets are not legal enough to reach iptables?

Sounds very much like it to me, yes.

I would say it's probably just the normal TCP/IP stack in the Linux kernel, 
not specifically netfilter, which is rejecting the packets.   Most likely 
cause would be a checksum error, I'd guess.

Try capturing a real packet using tcpdump or ethereal (one which comes from a 
normal machine and is accepted and processed normally), then try to generate 
a fake version of the same packet, and look at the difference between the two 
tcpdump outputs - that should show you what's not right about the artificial 
packets.

Regards,

Antony.

-- 
In Heaven, the police are British, the chefs are Italian, the beer is Belgian, 
the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American, 
the mechanics are French, the lovers are Swiss, the entertainment is Belgian, 
and everything is organised by the Italians.

                                                     Please reply to the list;
                                                           please don't CC me.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-07-04 13:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-01 12:03 Not seeing injected packets traversing iptables JOSE MIGUEL MARTINEZ
2004-07-04 13:15 ` Antony Stone

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox