Igor 'Lo' (И.L. <bombsiteunrested <at> gmail.com> writes: > > Hi all. > > What I look for is reimplementing a part of NFQUEUE functionality at > the stage where TCP packet is formed before sending to network. > It seems that NFQUEUE can't just handle expanded (> MTU) packet, and > also want to have control over SEQ/ACK numbers assigned to > both packets and connection structures. > > But errr.. where to look for? The sources are too complex and there's > not enough guides. > Actually I have this doc only: > http://www.nsnam.org/wiki/index.php/GSOC2009Netfilter#Callback_Priority > > Can anyone point me to correct place in kernel sources to see/attach > with SystemTap and track how SEQs are generated and how outgoing > packets are planned to be fragmented or even dropped? Deliberately > want a good tour. > > P.S. There's at least 2 projects that can benefit from such > transparent packet size growing, one is mine and second is StegBox > (steganography based covert channels in traffic) > Hi, Have you ever got any solution for doing that? I have been involved a project with this kind of problem. In my project I need to put 32 byte more in IpOption. I did it and it works for packet_length < (MTU-32). But for the packet_length > (MTU-32) each packet should be fragmented with 2 packets. The problem is how can I use nfq_set_verdict() for both of those packets? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
