Hi all,
I need to do some tasks about translating address in user-space. So, I
first tried using libipq because it seems to me a library present in a
great variety of linux distros. But it was unsuccessful, the changes
done on packets appeared to be simply 'ignored'.
So, now I want to do it with libnfqueue. Before starting a possibly
unsuccessful try, I want to know if is there any documents about it,
and if anybody should give me some idea about it.
Just to get in touch with the reasons the first trying was
unsuccesful, the above code is the one which don't work(please forgive
me by the portuguese strings and comments and ignore it):
/*
* This code is GPL.
*/
#include <sys/types.h>
#include <limits.h>
#include <net/if.h>
#include <netinet/ip.h>
#include <linux/netfilter_ipv4.h>
#include <linux/tcp.h>
#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>
#include <stdlib.h>
#define BUFSIZE 2048
#define DECIMAL_BYTE_VALUE 255
unsigned int inet_addr(char *ip)
{
int a,b,c,d;
sscanf(ip,"%d.%d.%d.%d",&a,&b,&c,&d);
char arr[4];
arr[0]=a;arr[1]=b;arr[2]=c;arr[3]=d;
return *(unsigned int*)arr;
}
static void die(struct ipq_handle *h)
{
ipq_perror("Erro na libipq: ");
/* destró socket criado pela ipq_create_handle */
ipq_destroy_handle(h);
exit(1);
}
int main(int argc, char **argv)
{
int status;
unsigned char buf[BUFSIZE];
struct ipq_handle *h;
unsigned char *payload;
int curr_ip = 0;
/*
* Cria o sokect de comunicao, para receber
* os pacotes do kernel space
*/
h = ipq_create_handle(0, PF_INET);
if (!h)
die(h);
/*
* Configura para receber o payload (pacote completo)
*/
status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
{
die(h);
}
do{
/*
* Entra em estado de espera por pacotes enviados àila.
* Para cada pacote, faz uma có da informaç, em
* memó apontada por buf
*/
status = ipq_read(h, buf, BUFSIZE, 0);
if (status < 0)
die(h);
/*
* Verifica o tipo da mensagem em fila
*/
switch (ipq_message_type(buf)) {
case NLMSG_ERROR:
/* Opz, algo errado acorreu. */
fprintf(stderr, "Received error message %d\n",
ipq_get_msgerr(buf));
break;
case IPQM_PACKET: {
/*
* Recebemos um pacote.
*/
ipq_packet_msg_t *m = ipq_get_packet(buf);
/*
* Como pedimos o payload, vamos pegar o cabeçho
* ip do pacote (que estáo inío da estrutura)
* e guardar o endereçdele em um ponteiro
* especíco para esse tipo de estrutura.
*/
struct iphdr *iph = ((struct iphdr *)m->payload);
if (!iph) {
}
if (curr_ip % argc == 0) {
curr_ip++;
}
printf("Usando IP: %s\n",argv[curr_ip % argc]);
printf("IP Atual: %ld\n", iph->saddr);
iph->saddr = inet_addr(argv[curr_ip % argc]);
curr_ip++;
printf("IP Novo: %ld\n", iph->saddr);
status = ipq_set_verdict(h, m->packet_id,
NF_ACCEPT, m->data_len, m->payload);
if (status < 0) {
die(h);
}
break;
}
default:
printf("Defaulting...\n");
break;
}
} while (1); /* loop infinito, enquanto nao der erro, leia pacotes */
/* finaliza a conexao */
ipq_destroy_handle(h);
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
