On Saturday 2010-09-04 19:09, Nicola Padovano wrote:
>Hi all! I'm write a simple netfilter module which recognize a fragmented packet.
iptables -f? ip6tables -m frag? They already exist :)
>First of all, i've used hping to send frag packet to my host (local
>host), in particular i create only one packet (40 byte for default,
>20bytes of header and 20 bytes of payload) specifying an MTU of 4
>byte, so in this way i've to receive 5 packet (20bytes/4bytes of MTU).
>
>So, this is the piece of code
>
>[CODE]
>#define FRAG_OFF(x) ntohs(x->frag_off) & IP_OFFSET
>#define MORE_FRAG(x) ntohs(x->frag_off) & IP_MF
>...
>printk(KERN_INFO "sk_buff len: %d\n",skb->size);
>...
>struct iphdr *ip_header = (struct iphdr *)skb_network_header(skb);
>...
>if (FRAG_OFF || MORE_FRAG) {
> printk(KERN_INFO "!!!fragmented!!!\n");
> printk(KERN_INFO "frag off: %d\n",FRAG_OFF);
> printk(KERN_INFO "\n\n");
>}
>[/CODE]
>
>then iptables (where TAR is my new target)
>[IPTABLES]
>iptables -t mangle -A PREROUTING -p tcp -s localhost -j TAR
>[/IPTABLES]
>(note: i use mangle table to have available PREROUTING hook, where the
>packets are not yet defragmented)
The mangle table does already receive defragmented packets (if defrag
module is loaded).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
