Yup checked it out, I got the netfilter flow. I put a nfqueue program in the prerouting and in the input, filter table I was able to see the modified packet. The DHCP server resides on the same server as the firewall so I manipulate the incoming packets. I experimented with just changing the TOS after looking at the ipq_client.c program. And I was able to see the change in the input filter. I'm going to check the program further. I'm not sure a relay server is feasible at the current setup. That's why I'm sorting to this pseudo option 82 solution. ----- Original Message ---- From: Ashok Rao <greatarbor@xxxxxxxxx> To: Vincent Arniego <vincent_arniego@xxxxxxxxx>; netfilter@xxxxxxxxxxxxxxx Sent: Wednesday, January 30, 2008 9:28:16 PM Subject: Re: [NFQUEUE] Help with program that changes DHCP payload Have you looked at the Figures in Oskar Andersson's tutorial on iptables (available through a link on www.netfilter.org) - they show the sequence of tables and chains which are encountered by a packet on it's way in, out, or when forwarded. IMHO that tutorial is mandatory reading for anyone trying to work seriously with iptables. >From your email below, I couldn't make out if your program was accepting packets or sending out packets - if indeed you are capturing incoming packets - modifying them and them sending it to the DHCP process on the same machine - ethereal will never see the modified packets - unless you are sending them back on the wire again. Ashok On Jan 29, 2008 10:58 PM, Vincent Arniego <vincent_arniego@xxxxxxxxx> wrote: > > > > Hi Everyone, > > I'm kinda new here and I would like some help regarding > netfilter_queue. If this is asked already, forgive me I didn't see it in the archives. > > I'm making a program that changes the value of an attribute in the DHCP > payload. > I'm using nfqueue to intercept the packet, change the content of the > payload and resend it again to DHCP > which resides in the same server as the firewall. Why am I doing this? > I'm making a pseudo option 82 using a translated bridge (which the mac > is unchangeable) but I'm using the hostname attribute instead. > > So far, I was able to change the content of the hostname attribute of > the payload, and I checked the packet again > just to be sure its sending the correct content. I use nfq_set_verdict > to resend the packet with the modified payload. > > But it didn't work. > > The next thing is did *just to be sure is just changing the TTL value > of the IP header, then resending again, but it seems its not working. I > used ethereal to capture the packets that are coming in after > modification. And yes I checksummed it. > > These are my questions: > > 1. My firewall rule to intercept the packets is in the PREROUTING > chain, mangle table.Is this the correct way? > 2. The packets that are captured by ethereal, are these the packets > before modification or after? (just to be sure I'm looking it the right > way) > 3. What can I do to verify if the packets are indeed modified? > > If anyone need a snippet of the code, for everyone, I'll just send it > in a reply email. > > Thanks in advanced guys. > > > > > ____________________________________________________________________________________ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping > - > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Ashok Rao Great Arbor Communications 8818 Tallyho Trail Potomac, MD Tel: 301-547-3483 Cell: 703-989-6494 email: greatarbor@xxxxxxxxx www.greatarbor.com ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
