LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-04-2009, 03:26 PM   #1
pumpkin
LQ Newbie
 
Registered: Feb 2009
Posts: 10

Rep: Reputation: 1
Capture, drop packets using C


Hi all,

I have two computers A and B. B connect to the Internet via A:
Internet <------> A <----------> B
I'm trying to write a small program (written by C language) to capture all packets A sent to B and add/modify some fields of packet headers before re-send it from A to B (my program will run on A computer, of course).
I can use the libpcap to sniff all packets A sent to B => Add/modify the packet headers and using libnet to re-send the modified packets to B.
But my problem is the libpcap only sniff the packet (make a copy of packet) and not drop the packet from its route. Therefore, B received both type of packets (original packets and modified packets) from A.

How can I only send to B the modified packets and drop all original packets on A? It's so good for me if you another library like the libcap, but it will drop the packet from its route on capture.
Please tell me any suggestions if you have.

Thanks and kindly regards!

Dat,
 
Old 04-04-2009, 04:04 PM   #2
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 66
It sounds to me like you want to use iptables, which can configure packets into queues, drop packets conditionally and so on (and at the kernel level).

You haven't said what kind of software you are writing, but it looks like a NAT system to me, which again can be handled by iptables.

http://iptables-tutorial.frozentux.n.../iptables.html
 
Old 04-05-2009, 12:48 AM   #3
pumpkin
LQ Newbie
 
Registered: Feb 2009
Posts: 10

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by rjlee View Post
It sounds to me like you want to use iptables, which can configure packets into queues, drop packets conditionally and so on (and at the kernel level).

You haven't said what kind of software you are writing, but it looks like a NAT system to me, which again can be handled by iptables.

http://iptables-tutorial.frozentux.n.../iptables.html
Hi rjlee,

Many thanks for your help! My program is not a NAT system, in my experiment, the B computer have more than one interfaces that simultaneously connect to the same interface of A computer. I want to use IP tunneling to tunnel packets of a connection (connection of an interface on B to A) from A to all interfaces in B.

Your suggestion is good for me, iptables can configure packets into queues or drop packets conditionally...etc. But if I drop all packets A sent to B then iptables will drop all my packets (both original and modified packets). So how can I drop only the original packets and allow IP-in-IP packets to send from A to B?
(If you don't know what do A and B mean, please refer to the first post of this thread)

Thanks to all!

---Dat---

Last edited by pumpkin; 04-05-2009 at 12:50 AM.
 
Old 01-21-2010, 12:51 PM   #4
reta
LQ Newbie
 
Registered: Jan 2010
Posts: 16

Rep: Reputation: 0
Hi

I have the same problem but I used the raw socket to capture the packet and after I modify the packet and sent it to client I see its sended twice the orginal packet and modification one.

If you solve this problem please let me know because that's very important issue for me.

THAK YOU
 
Old 01-21-2010, 11:18 PM   #5
pumpkin
LQ Newbie
 
Registered: Feb 2009
Posts: 10

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by reta View Post
Hi

I have the same problem but I used the raw socket to capture the packet and after I modify the packet and sent it to client I see its sended twice the orginal packet and modification one.

If you solve this problem please let me know because that's very important issue for me.

THAK YOU
Hi reta,

Finally I found the solution for my problem. As above suggestion, we can use iptables to capture all incoming packets and put them into a queue (called User workspace queue). Then we can read one by one packet from that queue to process then re-inject it. It's just simple by checking out how to programming with iptables library (ipq.h).
If you want to know more details, you can contact me via YM (dat.nguyen293) or Gtalk (dat.nguyen293@gmail.com) or Skype (dat.nguyen293). You can also directly post your question in this thread. You are always welcome!

Dat Nguyen,

Last edited by pumpkin; 12-18-2010 at 11:37 PM. Reason: Changed contact ID for receiving help requests
 
Old 01-22-2010, 09:53 AM   #6
reta
LQ Newbie
 
Registered: Jan 2010
Posts: 16

Rep: Reputation: 0
Smile

Quote:
Originally Posted by pumpkin View Post
Hi reta,

Finally I found the solution for my problem. As above suggestion, we can use iptables to capture all incoming packets and put them into a queue (called User workspace queue). Then we can read one by one packet from that queue to process then re-inject it. It's just simple by checking out how to programming with iptables library (ipq.h).
If you want to know more details, you can contact me via YM (dat.nguyen293) or Gtalk (tiendat.vnit@gmail.com) or Skype (pumpkin293). You can also directly post your question in this thread. You are always welcome!

Dat Nguyen,

Hi Dat Nguyen,

Thank you for your help and fast answer

I add you on YM

I need to know the steps you followed to capture-> modify -> reinject the packets.

And I need the links and refrences you have to learn programming with libipq library.

THANKS IN ADVANCE
 
Old 01-22-2010, 10:00 PM   #7
pumpkin
LQ Newbie
 
Registered: Feb 2009
Posts: 10

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by reta View Post
Hi Dat Nguyen,

Thank you for your help and fast answer

I add you on YM

I need to know the steps you followed to capture-> modify -> reinject the packets.

And I need the links and refrences you have to learn programming with libipq library.

THANKS IN ADVANCE
Hi Reta,

Unfortunately for us that you and me are in different timezone, so it's hard for us to online at the same time to chat together.
First of all, if you want to understand the follow of packet capturing and re-injecting process I think you need to understand the operation of the OSI model, especially the Network and Transport layers.
The way to capture and re-inject packet was just simple. If you have configured a filter (firewall) in linux you might be used iptables and the following command might not be new and strange to you:
PHP Code:
iptables -A FORWARD -i eth0 -j QUEUE 
So if that is a new for you, you might search it on the Google or read the man page of iptables command.
It's the answer for the question "how to capture incomming packets?". Then lets take our focus to the packet modifying problem. So, after the previous step we have packets in a QUEUE (the queue created by iptables, lets call it is user space). The ipq (iptables-dev) library provides some functions to read the captured packets from user space to read and modify them. It also provides function to re-inject captured packets into the network.
Unfortunately again, you can NOT find too much of documentation about ipq library on the Internet. Here the best tutorial I saw: http://lists.netfilter.org/pipermail...ry/023029.html

Good luck!

Dat Nguyen

Last edited by pumpkin; 01-22-2010 at 10:02 PM.
 
Old 01-24-2010, 02:41 AM   #8
reta
LQ Newbie
 
Registered: Jan 2010
Posts: 16

Rep: Reputation: 0
Quote:
Originally Posted by pumpkin View Post
Hi Reta,

Unfortunately for us that you and me are in different timezone, so it's hard for us to online at the same time to chat together.
First of all, if you want to understand the follow of packet capturing and re-injecting process I think you need to understand the operation of the OSI model, especially the Network and Transport layers.
The way to capture and re-inject packet was just simple. If you have configured a filter (firewall) in linux you might be used iptables and the following command might not be new and strange to you:
PHP Code:
iptables -A FORWARD -i eth0 -j QUEUE 
So if that is a new for you, you might search it on the Google or read the man page of iptables command.
It's the answer for the question "how to capture incomming packets?". Then lets take our focus to the packet modifying problem. So, after the previous step we have packets in a QUEUE (the queue created by iptables, lets call it is user space). The ipq (iptables-dev) library provides some functions to read the captured packets from user space to read and modify them. It also provides function to re-inject captured packets into the network.
Unfortunately again, you can NOT find too much of documentation about ipq library on the Internet. Here the best tutorial I saw: http://lists.netfilter.org/pipermail...ry/023029.html

Good luck!

Dat Nguyen


Hi Dat Nguyen
thanks for your help

I know the operation of the OSI model, only the thing that was not clear to me how to use the libipq library , but now it's ok I understand it.

I want to ask you about the skb socket if you use it before , does it give me the same result as libipq I mean can I use it to modify the original packet not the copy of it.

I wish I can help you in any thing you need, please don't hesitate to tell me if you need any thing, and if I can I will help you.

God bless you
 
Old 01-24-2010, 11:09 PM   #9
pumpkin
LQ Newbie
 
Registered: Feb 2009
Posts: 10

Original Poster
Rep: Reputation: 1
Hi Reta,

First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?

Thanks so much,

Dat Nguyen
 
Old 01-26-2010, 04:55 AM   #10
reta
LQ Newbie
 
Registered: Jan 2010
Posts: 16

Rep: Reputation: 0
Quote:
Originally Posted by pumpkin View Post
Hi Reta,

First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?

Thanks so much,

Dat Nguyen

Hi Dat Nguyen

If I get any result in skb then I will send it to you
 
Old 02-15-2012, 05:01 PM   #11
arsipk
LQ Newbie
 
Registered: Feb 2012
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by pumpkin View Post
Hi Reta,

First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?

Thanks so much,

Dat Nguyen
Hi,
I have a project pretty much similar to yours and i have been searching for days for someone who can assist me on this. Is it possible you can add me in msn or yahoo so that i can discuss with you on this issue. My msn id is arsi_pk@hotmail.com. The problem i am facing is such. I have the following connections:

comp1<----->main<----->comp2
The comp1 sends tcp packet to main. In my main i have set rules to intercept packet at input chain and put it in queue 0 using iptables. then i modify the content of the packet so that the destination is now comp2 and source is main and i reinject the packet by setting NF_ACCEPT in verdict. But my packet never goes from main to comp2. And i feel this is because if you intercept packet at input chain after that even if you change destination address it just ignores it cuz it has already been routed. Your help would be really really appreciated.thanks
 
Old 02-19-2012, 08:28 AM   #12
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 66
Quote:
Originally Posted by arsipk View Post
Hi,
I have a project pretty much similar to yours and i have been searching for days for someone who can assist me on this. Is it possible you can add me in msn or yahoo so that i can discuss with you on this issue. My msn id is arsi_pk@hotmail.com. The problem i am facing is such. I have the following connections:

comp1<----->main<----->comp2
The comp1 sends tcp packet to main. In my main i have set rules to intercept packet at input chain and put it in queue 0 using iptables. then i modify the content of the packet so that the destination is now comp2 and source is main and i reinject the packet by setting NF_ACCEPT in verdict. But my packet never goes from main to comp2. And i feel this is because if you intercept packet at input chain after that even if you change destination address it just ignores it cuz it has already been routed. Your help would be really really appreciated.thanks
You are correct; the input queue is only for data coming into the computer. You need to find a way to put the packet into the forward queue as per pumpkin's iptables example.

Hope that helps,

—Robert J Lee
 
Old 03-14-2012, 04:36 AM   #13
divdelleah
LQ Newbie
 
Registered: Jan 2012
Posts: 7

Rep: Reputation: Disabled
i'm doing a similar project as yours....can u tell me how did u open the packet to read the data.....i need to access the packet and print the data in kernel...
 
  


Reply

Tags
capture, drop, packets, using


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sudden drop of TX packets which unables me to browse Choucete Linux - Networking 1 09-18-2008 12:47 PM
drop packets for specific port with iptables ohcarol Linux - Security 1 07-03-2005 10:48 AM
drop incoming/outgoing packets using iptables doshiaj Linux - Security 1 06-08-2004 10:38 AM
How to intentionally drop packets? imarunner Linux - Networking 5 12-31-2003 08:10 AM
why does the kernel drop packets ? mr.moto Linux - Networking 3 12-08-2002 12:47 AM


All times are GMT -5. The time now is 03:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration