>> Cut from libnetfilter_queue.c >> ================================ >> int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, >> u_int32_t verdict, u_int32_t data_len, >> unsigned char *buf) >> ================================ >> >> You call this function in this way: >> return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); >> >> I think right function call: >> =================== >> ret = nfq_set_verdict(qh, id, NF_ACCEPT, new_len, newPayload); >> free(newPayload); >> return ret; >> =================== >> and my be without any memcpy() >> >> Try this... OD> Thank you all. It worked for me. OD> Now I think I am in right direction :) OD> However, now I am having problem with checksum. After processing OD> payload, I set the iphdr checksum value to 0 hoping system would OD> automatically compute the check sum but it is not. Tcpdump shows "bad OD> checksum" value (0). OD> Or do I need to compute and set checksum manually. Ideally I would OD> like to offload-checksum when possible. OD> Looking for your suggestions. OD> thanks again :) OD> Bikrant I found some useful links for you ! Here use checksum compute for tcp and ip packets (some code from TCPDUMP): http://code.google.com/p/quefuzz/source/browse/trunk/quefuzz.c?r=5 Here use another cksum() function: https://trac.luffy.cx/udpproxy/browser/src https://trac.luffy.cx/udpproxy/browser/src/cksum.c https://trac.luffy.cx/udpproxy/browser/src/proxy.c Question is what function calculate checksum faster and rigth for nf_queue ?! May be this help to you ! Write something about that. I also need this experience, but i don't have any time for experiments now. Any comments from nfq developers also appreciated. Why your nfq_set_verdict with payload don't compute checksum automatically ???!!! Google say what whole the world have difficults with that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
