For testing purposes I simply rewrote the nfq_test.c application in
libnetfilter_queue/utils, such that the reinjected packet should have
the ttl field modified.
1) receive original payload and length with nfq_get_payload
2) modify payload
3) call nfq_set_verdict(qh, id, NF_ACCEPT, len, modified_payload)
I tried to find a place where things go wrong, but as far as I can
see, everything looks fine all the way down to the actual sendmsg call
on the netlink socket (i.e. nfnl_sendiov() in libnfnetlink.c).
On the "receiver" side I checked nfqnl_recv_verdict(), which is part
of nfnetlink_queue module
(linux-2.6.16/net/netfilter/nfnetlink_queue.c). The check
if (nfqa[NFQA_PAYLOAD-1]) {
// call nfqnl_mangle
}
fails. However, a raw dump of the skb that nfqnl_recv_verdict()
operates, reveals that the payload IS there, WITH the modifications
that have been applied.
I haven't gain enought insight into the *nfqa[] stuff, yet, so any
help would be appreciated. Maybe I'm looking for a solution in all the
wrong places. What do I do wrong?
David
