I modify packets using skb_padto and adding a trailer
to every datagram, i change the protocol too. It´s
work OK, but when i receive the datagrams I have
problems in the inverse process.
I mean, when I capture datagrams with my own protocol
I restore the original packet using skb_trim and put
the original protocol (previoulsy saved in my
trailer). This works for icmp packets but when I do it
in tcp packets I only receive a fews bytes and don´t
have any reports of errors (maybe there is but i can´t
see them).
Let me show you my code and comments in order to
explain better my trouble:
{
struct sk_buff *skb2 = *skb; //To work simplest
tTrailer *h; //Pointer to my own data
if (skb_is_nonlinear(skb2))
{
if (skb_linearize(skb2, GFP_ATOMIC) != 0)
{
printk(KERN_ERR"Error linearizing\n");
return -ENOMEM;
}
}
//First point to my own data
h=(tTrailer *)&skb2->data[skb2->len-sizeof(tTrailer)];
//Restore the saved protocol
skb2->nh.iph->protocol = h->proto;
//Delete my trailer
skb_trim(skb2, skb2->len-sizeof(tTrailer));
//Restore the original size
skb2->nh.iph->tot_len = htons(skb2->len);
//Recompute the cksum (is that necesary?)
skb2->ip_summed = CHECKSUM_UNNECESSARY;
skb2->nh.iph->check = 0;
skb2->nh.iph->check = ip_fast_csum((unsigned char
*)skb2->nh.iph, skb2->nh.iph->ihl);
*skb = skb2;
return NF_ACCEPT;
}
This code is in a NF_IP_LOCAL_IN hook with priority
NF_IP_PRI_CONNTRACK_DEFRAG. I use SUSE 10.x with
kernel 2.6.16.x and the module ip_conntrack is loaded.
I saw in old reference that in older kernels the
nfcache skbuff parameter must be NFC_ALTERED but in
this kernels this parameter not exists.
Why tcp descard my packets?
Thanks
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
