Hi,
I am trying to spoof a connection ...
machine A --> machine B, a TCP connection.
what I do is, I catch a packet from machine A going(the module to do this
sits on machine A itself) to machine B. modify the packet, interchange src,
dest ip, port numbers, ack and seq, recalculate the checksums and try to
send it back to the src(i.e machine A). And for this modified packet I call
netif_rx ( originally i thought I would call ip_local_deliver, but that is
not exported by the kernel). Now for any skb for which netif_rx ix called,
it is important to fill in the skb->in_dev field(or atleast soi feel). I
have just one nic card on the machine , so here I set skb->in_dev to a
in_dev value for someother packet, which was received from th nic, and then
call netif_rx(). The modified packet has RST set. But Machine A somehow
doesnt get this packet, its dropped somewhere by the kernel or maybe my
checksum is incorrect, i dont know whats happening. Any clues ?
So the question is :
what does a driver have to do to make sure that a packet for which it
called a netif_rx(skb) is not dropped by IP.
1) checksums have to be correct
2) in dev filed shld have some correct incoming interface set
3)packets length etc shld match to what we have in the header
any other thing that might go wrong ?
4) can this work, this approach of modifyin packet and then using
netif_rx(), and trying to make a socket believe that it is a valid packet
destined for it.
I tried disabling the netif_rx() call in the module to let the packet go to
the wire, but tcpdump doesnt log it either, so the packet it dropped by IP,
as soon as it leaves the module. If someone knows about netfilter,
ip_local_out hook of netfilter modifies and sends the packet and
ip_post_routing is also not able to capture it. So means there is some
problem with the packet I make.
Thanks
Amit
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
