Hi everyone, Any help or pointers in the right direction would be greatly
appreciated.
I have an LKM that hooks into the NF_IP_PRE_ROUTING hook for IP traffic. The
kernel module examines certain fields of the IP header and then makes a
decision as to either allow the packet on to its intended destination or to
re-route the packet to another system.
However I?m having a problem re-routing the traffic. I can change the IP
address but this invalidates the TCP checksum and simple won?t work for the
TCP handshake anyway. I?d like to use DNAT to hold connection tracking
information and to handle changing IP addresses and checksums but have been
unable to use iptables for this; although I?m not too sure why iptables
doesn?t work (I think it could be something to do with the fact that both
the iptables version of DNAT and my LKM use the same NF hook, although my
LKM NF hook has a priority of NF_IP_PRI_FIRST).
Anyway, I guess my question is:
Does anyone know how to implement DNAT from within an LKM?
And if so, is it possible to just call the same functions iptables would
call? Or would it be necessary to shamelessly steel the code straight from
the iptables source? Both would be fine for me!
Any pointers towards code or articles would be great.
Thanks for reading, Tom
_________________________________________________________________
MSN Hotmail is evolving ? check out the new Windows Live Mail
http://ideas.live.com
