Re: how to update payload using QUEUE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Nov 10, 2008 at 12:58 AM, Kuzin Andrey <kuzinandrey@xxxxxxxxx> wrote:
> OD> I am trying to use netfilter QUEUE to process IP payload in
> OD> user-space. So far I have successfully retrived the packet (payload),
> OD> done with my processing but I don't know how to put it back (modified
> OD> payload) back to original outbound packet.
> OD> this is what I have tried:
> OD> --------------
> OD> len  = nfq_get_payload(tb, &payload);
> OD> if (len >>= 0 ) {
> OD>     new_len = process_payload(payload, *newPayload, len);
> OD>    //trying memcpy
> OD>    memcpy(payload, newPayload, len);
> OD>    pkt->ip->check = 0;
> OD>    free(newPayload);
> OD> }
> OD> return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
> OD> --------------
> OD> I tried using memcpy() to copy new payload data to existing, but I
> OD> think that is being done on user space only. or do  I need to call
> OD> some nfa_set.. function ?
> OD> I will be glad if someone could point me to right direction.
>
> OD> Thank you,
>
> Cut from libnetfilter_queue.c
> ================================
> int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id,
>                u_int32_t verdict, u_int32_t data_len,
>                unsigned char *buf)
> ================================
>
> You call this function in this way:
> return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
>
> I think right function call:
> ===================
> ret = nfq_set_verdict(qh, id, NF_ACCEPT, new_len, newPayload);
> free(newPayload);
> return ret;
> ===================
> and my be without any memcpy()
>
> Try this...

Thank you all. It worked for me.
Now I think I am in right direction :)

However, now I am having problem with checksum. After processing
payload, I set the iphdr checksum value to 0 hoping system would
automatically compute the check sum but it is not. Tcpdump shows "bad
checksum" value (0).

Or do I need to compute and set checksum manually. Ideally I would
like to offload-checksum when possible.

Looking for your suggestions.

thanks again :)

Bikrant
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux