Hello to everyone,
I am using -j QUEUE to handle some packets myself and then send them
on their way. I am using the perl library IPTables::IPv4::IPQueue in
order to hook myself in the queue and of course NetPacket::* to play
around with the packets.
The following code, can successfully do stuff conserning the packets
it receives, BUT when I try just to decode a packet all the way to
TCP, and then (without changing anything) try to re-encode in order to
send back to netfilter, ethereal reports that my packets have a wrong
checksum.....
<code>
my $queue = new IPTables::IPv4::IPQueue(copy_mode => IPQ_COPY_PACKET,
copy_range => 2048)
or die IPTables::IPv4::IPQueue->errstr;
while(1){
my $msg = $queue->get_message(TIMEOUT);
if (!defined $msg) {
next if IPTables::IPv4::IPQueue->errstr eq 'Timeout';
die IPTables::IPv4::IPQueue->errstr;
}
my my $ip_obj = NetPacket::IP->decode($msg->payload());
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
#Attempt to reencode
$ip_obj->{data} = $tcp_obj->encode($ip_obj); #re-encode the tcp packet
and store inside the IP object
my $ip_packet = $ip_obj->encode; #re-encode the resulting IP
packet(checksums hopefully recalculated)
my $size;
{
use bytes;
$size = length $ip_packet;
}
#try and flush the IP packet down the queue again, the error is probably here...
$queue->set_verdict($msg->packet_id, NF_ACCEPT, $size,
$ip_packet);#just set the NF_ACCEPT verdict and let the packet go
}
</code>
I have not been able to find an example of some code that tries to
alter packets. The exampes that come with perl-ipq are only for
passing the packets back to netfilter. What is the "buf" that one is
suppossed to put in set_verdict? Is it a NetPacket::IP->encode() ed
packet? Or something different?
