hi yes i cud have tried it on the netfilter architecture..but it wouldnt help because i think the routing code drops packets which have the source address of the host machine...tht is wat i want to avoid.if u see the ip_route_input() function in net/ipv4/route.c it has been said explicitly there that packets with the host ip address as source address are dropped to prevent ip spoofing.That is wat i want to avoid.Basically wat i want to do is something like this. There are 3 machines, A,B(my machine) and C.Now wat i want to do is tht if machine A telnets to machine B it is telnetted to machine C.i know the ip address of machine C.So i just change the source and destination address in the packet from A and B to B and C respectively and do vice versa when packet comes back from machine C.My module does the changes and makes changes to the chksum also.Now wat i want is tht the routing table should find a route from say 144.16.100.43 (my machine ,B) to 144.16.100.126(machine C) and then call NF_IP_FORWARD.But it drops the packet returning -EINVAL.Netfilter returns -EPERM.plz help. thanks vaibhav On Tue, 4 Jun 2002, Sumit Pandya wrote: > Hi, > Why don't you try this on the netfilter architecture? > > -- Sumit > > -----Original Message----- > > From: linux-net-owner@vger.kernel.org > > [mailto:linux-net-owner@vger.kernel.org]On Behalf Of Vaibhav > > > > hi > > > > i m writing a small kernel module for a college project.wat i want to do > > is that if the source address of the packet matches a particular ip and > > the port is telnet i change the source address in the packet to my > > address.i intercept the packet from net_rx_action in net/core/dev.c make > > changes to the source address and checksum and then let the packet go up > > the stack.But the packet is dropped all the time.Because i guess of a > > check in the linux kernel that prevents packets with source address of the > > host machine to go up the stack. this is to prevent ip spoofing. now i > > want to bypass it. how do i do it? > > -- - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
