2009/8/27 Michael Lawson (mshindo) <michael@xxxxxxxxxxx>
>
> Thanks for the pointers, am still having problems sadly.
>
> Does it matter where I intercept the packets? As a dev system, I have
> been using a rule like: iptables -t filter -I OUTPUT -s ipaddress -j
> QUEUE
If you're using libnetfilter_queue, you'll need to use NFQUEUE target
instead of QUEUE. And remember, tcpdump is your best friend.
>
> This rule certainly picks up the packets, interestingly enough the
> checksum is equal to zero, which according to the rfc is correct, this
> I think is where my problem is coming from. Should I be queuing direct
> from the wire? am wondering if the linux tcp/ip stack is playing games
> with me ^_^
>
> On Thu, Aug 27, 2009 at 5:34 PM, Kuzin Andrey<kuzinandrey@xxxxxxxxx> wrote:
> > MLm> Hi,
> > MLm> I am attempting to adjust contents of tcp packets using the nf queue
> > MLm> system, the queue part is working as I expected, however I am running
> > MLm> into problems recalculating the tcp checksum. At the moment, the
> > MLm> packet isnt being changed, and I am simply reading the checksum, then
> > MLm> trying to regenerate it, these values arent matching and I am at a
> > MLm> loss as to where I am going wrong.
> > MLm> Any help or suggestions please? I am at a loss
> >
> > Try this code stolen from tcpdump and other cool stuff.
> >
> > /*
> > * IP header checksum.
> > * don't modifiy the packet.
> > */
> > u_short
> > in_cksum(const u_short *addr, register u_int len, int csum)
> > {
> > int nleft = len;
> > const u_short *w = addr;
> > u_short answer;
> > int sum = csum;
> >
> > /*
> > * Our algorithm is simple, using a 32 bit accumulator (sum),
> > * we add sequential 16 bit words to it, and at the end, fold
> > * back all the carry bits from the top 16 bits into the lower
> > * 16 bits.
> > */
> > while (nleft > 1) {
> > sum += *w++;
> > nleft -= 2;
> > }
> > if (nleft == 1)
> > sum += htons(*(u_char *)w<<8);
> >
> > /*
> > * add back carry outs from top 16 bits to low 16 bits
> > */
> > sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
> > sum += (sum >> 16); /* add carry */
> > answer = ~sum; /* truncate to 16 bits */
> > return (answer);
> > }
> >
> > static int tcp_cksum(register const struct ip *ip,
> > register const struct tcphdr *tp,
> > register u_int len)
> > {
> > union phu {
> > struct phdr {
> > u_int32_t src;
> > u_int32_t dst;
> > u_char mbz;
> > u_char proto;
> > u_int16_t len;
> > } ph;
> > u_int16_t pa[6];
> > } phu;
> > const u_int16_t *sp;
> >
> > /* pseudo-header.. */
> > phu.ph.len = htons((u_int16_t)len);
> > phu.ph.mbz = 0;
> > phu.ph.proto = IPPROTO_TCP;
> > memcpy(&phu.ph.src, &ip->ip_src.s_addr, sizeof(u_int32_t));
> > if ( (ip->ip_hl & 0x0f) == 5)
> > memcpy(&phu.ph.dst, &ip->ip_dst.s_addr, sizeof(u_int32_t));
> > else
> > phu.ph.dst = ip_finddst(ip);
> >
> > sp = &phu.pa[0];
> > return in_cksum((u_short *)tp, len,
> > sp[0]+sp[1]+sp[2]+sp[3]+sp[4]+sp[5]);
> > }
> >
> >
> > void recalculate_tcp_checksum(unsigned char *packet)
> > {
> > struct ip *ip_packet = NULL;
> > struct tcphdr *tcp_packet = NULL;
> > u_int16_t word16, padd = 0, i, sum = 0, tcp_len;
> > unsigned char *buff;
> > if (!packet) return;
> >
> > ip_packet = (struct ip *)packet;
> > tcp_packet = (struct tcphdr *)(packet + (ip_packet->ip_hl << 2));
> > tcp_len = ntohs(ip_packet->ip_len) - (ip_packet->ip_hl << 2);
> >
> > sum = tcp_cksum(ip_packet,tcp_packet,tcp_len);
> > tcp_packet->check = sum; //ntohs(sum);
> > }
> >
> >
> > Use recalculate_tcp_checksum() on your modified payload in this way:
> >
> >
> > void *packet;
> > struct ip *ip_packet = NULL;
> > struct tcphdr *tcp_packet = NULL;
> > unsigned char *tcp_packet_content = NULL;
> >
> > .......
> > ip_packet = ((struct ip *)packet);
> >
> > if (ip_packet->ip_p == IPPROTO_TCP) {
> > tcp_packet = (struct tcphdr *)(packet + sizeof(struct ip));
> > tcp_packet_content = (unsigned char *)(packet + sizeof(struct ip) + sizeof(struct tcphdr));
> > tcp_packet_content_size = htons(ip_packet->ip_len) - sizeof(struct ip) - sizeof(struct tcphdr);
> > .......
> > // modify payload...
> > .......
> > // calculate
> > tcp_packet->check = 0;
> > recalculate_tcp_checksum(packet);
> > }
> >
> > You also can move some of this code to recalculate_tcp_checksum() and
> > simply call recalculate_tcp_checksum() without any payload preparations.
> >
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Kuzin Andrey - kuzinandrey@xxxxxxxxx
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >
> >
> >
> >
>
>
>
> --
> Michael Lawson (mshindo)
>
>
>
> --
> Michael Lawson (mshindo)
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
