Hello, I am trying to write a xtables hook which would append a 32bit packet signature in a TCP packet. To achieve this, what I do is... 1. I copy the SKB into a new SKB with the additional tail-room using skb_copy_expand. 2. I calculate the signature of the packet. 3. Update the 'tot_len' field in the IP header. 4. Calculate the checksum of the IP header using ip_send_check. 5. Append the signature to the packet and update the checksum of the sk_buff using skb_add_data. 6. Attach the Netfilter connection tracking details of the old sk_buff to the new sk_buff 7. Call the dst->output of the new sk_buff. 8. Drop the old sk_buff. I have placed this target hook in the 'nat' table with hook number as NF_INET_LOCAL_OUT. The problem is that the hook receives the packet, modifies it successfully but after sending the packet does not reach its destination. I have tried out many possibilities but none of them worked. It would be great if someone could point out what I am doing wrong. Following is the code snippet... [struct sk_buff* _pOldSKB] [const struct xt_target_param* _pParam] struct iphdr* _pIPHeader = ip_hdr(_pOldSKB); if(_pParam && _pIPHeader && (_pParam->hooknum == NF_INET_LOCAL_OUT) && (_pIPHeader->protocol == IPPROTO_TCP)) { struct sk_buff* _pNewSKB = skb_copy_expand(_pOldSKB, 0, sizeof(unsigned int), GFP_ATOMIC); if(_pNewSKB) { struct iphdr* _pNewIPHeader = ip_hdr(_pNewSKB); unsigned char* _pStart = (unsigned char*)(_pNewSKB->data + _pNewIPHeader->ihl + sizeof(struct tcphdr)); unsigned int _nSignature = calculate_signature((const unsigned char*)_pStart, (unsigned int)(_pNewSKB->tail - _pStart)); _pNewIPHeader->tot_len = htons(ntohs(_pNewIPHeader->tot_len) + sizeof(unsigned int)); ip_send_check(_pNewIPHeader); skb_add_data(_pNewSKB, (char*)&_nSignature, sizeof(unsigned int)); nf_ct_attach(_pNewSKB, _pOldSKB); _pNewSKB->dst->output(_pNewSKB); return NF_DROP; } } Thank you and regards, Subhadeep Ghosh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html