Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have two computers A and B. B connect to the Internet via A:
Internet <------> A <----------> B
I'm trying to write a small program (written by C language) to capture all packets A sent to B and add/modify some fields of packet headers before re-send it from A to B (my program will run on A computer, of course).
I can use the libpcap to sniff all packets A sent to B => Add/modify the packet headers and using libnet to re-send the modified packets to B.
But my problem is the libpcap only sniff the packet (make a copy of packet) and not drop the packet from its route. Therefore, B received both type of packets (original packets and modified packets) from A.
How can I only send to B the modified packets and drop all original packets on A? It's so good for me if you another library like the libcap, but it will drop the packet from its route on capture.
Please tell me any suggestions if you have.
It sounds to me like you want to use iptables, which can configure packets into queues, drop packets conditionally and so on (and at the kernel level).
You haven't said what kind of software you are writing, but it looks like a NAT system to me, which again can be handled by iptables.
It sounds to me like you want to use iptables, which can configure packets into queues, drop packets conditionally and so on (and at the kernel level).
You haven't said what kind of software you are writing, but it looks like a NAT system to me, which again can be handled by iptables.
Many thanks for your help! My program is not a NAT system, in my experiment, the B computer have more than one interfaces that simultaneously connect to the same interface of A computer. I want to use IP tunneling to tunnel packets of a connection (connection of an interface on B to A) from A to all interfaces in B.
Your suggestion is good for me, iptables can configure packets into queues or drop packets conditionally...etc. But if I drop all packets A sent to B then iptables will drop all my packets (both original and modified packets). So how can I drop only the original packets and allow IP-in-IP packets to send from A to B?
(If you don't know what do A and B mean, please refer to the first post of this thread)
I have the same problem but I used the raw socket to capture the packet and after I modify the packet and sent it to client I see its sended twice the orginal packet and modification one.
If you solve this problem please let me know because that's very important issue for me.
I have the same problem but I used the raw socket to capture the packet and after I modify the packet and sent it to client I see its sended twice the orginal packet and modification one.
If you solve this problem please let me know because that's very important issue for me.
THAK YOU
Hi reta,
Finally I found the solution for my problem. As above suggestion, we can use iptables to capture all incoming packets and put them into a queue (called User workspace queue). Then we can read one by one packet from that queue to process then re-inject it. It's just simple by checking out how to programming with iptables library (ipq.h).
If you want to know more details, you can contact me via YM (dat.nguyen293) or Gtalk (dat.nguyen293@gmail.com) or Skype (dat.nguyen293). You can also directly post your question in this thread. You are always welcome!
Dat Nguyen,
Last edited by pumpkin; 12-18-2010 at 11:37 PM.
Reason: Changed contact ID for receiving help requests
Finally I found the solution for my problem. As above suggestion, we can use iptables to capture all incoming packets and put them into a queue (called User workspace queue). Then we can read one by one packet from that queue to process then re-inject it. It's just simple by checking out how to programming with iptables library (ipq.h).
If you want to know more details, you can contact me via YM (dat.nguyen293) or Gtalk (tiendat.vnit@gmail.com) or Skype (pumpkin293). You can also directly post your question in this thread. You are always welcome!
Dat Nguyen,
Hi Dat Nguyen,
Thank you for your help and fast answer
I add you on YM
I need to know the steps you followed to capture-> modify -> reinject the packets.
And I need the links and refrences you have to learn programming with libipq library.
I need to know the steps you followed to capture-> modify -> reinject the packets.
And I need the links and refrences you have to learn programming with libipq library.
THANKS IN ADVANCE
Hi Reta,
Unfortunately for us that you and me are in different timezone, so it's hard for us to online at the same time to chat together.
First of all, if you want to understand the follow of packet capturing and re-injecting process I think you need to understand the operation of the OSI model, especially the Network and Transport layers.
The way to capture and re-inject packet was just simple. If you have configured a filter (firewall) in linux you might be used iptables and the following command might not be new and strange to you:
PHP Code:
iptables -A FORWARD -i eth0 -j QUEUE
So if that is a new for you, you might search it on the Google or read the man page of iptables command.
It's the answer for the question "how to capture incomming packets?". Then lets take our focus to the packet modifying problem. So, after the previous step we have packets in a QUEUE (the queue created by iptables, lets call it is user space). The ipq (iptables-dev) library provides some functions to read the captured packets from user space to read and modify them. It also provides function to re-inject captured packets into the network.
Unfortunately again, you can NOT find too much of documentation about ipq library on the Internet. Here the best tutorial I saw: http://lists.netfilter.org/pipermail...ry/023029.html
Unfortunately for us that you and me are in different timezone, so it's hard for us to online at the same time to chat together.
First of all, if you want to understand the follow of packet capturing and re-injecting process I think you need to understand the operation of the OSI model, especially the Network and Transport layers.
The way to capture and re-inject packet was just simple. If you have configured a filter (firewall) in linux you might be used iptables and the following command might not be new and strange to you:
PHP Code:
iptables -A FORWARD -i eth0 -j QUEUE
So if that is a new for you, you might search it on the Google or read the man page of iptables command.
It's the answer for the question "how to capture incomming packets?". Then lets take our focus to the packet modifying problem. So, after the previous step we have packets in a QUEUE (the queue created by iptables, lets call it is user space). The ipq (iptables-dev) library provides some functions to read the captured packets from user space to read and modify them. It also provides function to re-inject captured packets into the network.
Unfortunately again, you can NOT find too much of documentation about ipq library on the Internet. Here the best tutorial I saw: http://lists.netfilter.org/pipermail...ry/023029.html
Good luck!
Dat Nguyen
Hi Dat Nguyen
thanks for your help
I know the operation of the OSI model, only the thing that was not clear to me how to use the libipq library , but now it's ok I understand it.
I want to ask you about the skb socket if you use it before , does it give me the same result as libipq I mean can I use it to modify the original packet not the copy of it.
I wish I can help you in any thing you need, please don't hesitate to tell me if you need any thing, and if I can I will help you.
First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?
First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?
Thanks so much,
Dat Nguyen
Hi Dat Nguyen
If I get any result in skb then I will send it to you
First of all I want to say that you got a good research in this field by finding the SKB socket
I tried it before and get some results but it's too hard for me to develop an application using it. So, if you have successfully built a complete application using it, can you send me an example?
Thanks so much,
Dat Nguyen
Hi,
I have a project pretty much similar to yours and i have been searching for days for someone who can assist me on this. Is it possible you can add me in msn or yahoo so that i can discuss with you on this issue. My msn id is arsi_pk@hotmail.com. The problem i am facing is such. I have the following connections:
comp1<----->main<----->comp2
The comp1 sends tcp packet to main. In my main i have set rules to intercept packet at input chain and put it in queue 0 using iptables. then i modify the content of the packet so that the destination is now comp2 and source is main and i reinject the packet by setting NF_ACCEPT in verdict. But my packet never goes from main to comp2. And i feel this is because if you intercept packet at input chain after that even if you change destination address it just ignores it cuz it has already been routed. Your help would be really really appreciated.thanks
Hi,
I have a project pretty much similar to yours and i have been searching for days for someone who can assist me on this. Is it possible you can add me in msn or yahoo so that i can discuss with you on this issue. My msn id is arsi_pk@hotmail.com. The problem i am facing is such. I have the following connections:
comp1<----->main<----->comp2
The comp1 sends tcp packet to main. In my main i have set rules to intercept packet at input chain and put it in queue 0 using iptables. then i modify the content of the packet so that the destination is now comp2 and source is main and i reinject the packet by setting NF_ACCEPT in verdict. But my packet never goes from main to comp2. And i feel this is because if you intercept packet at input chain after that even if you change destination address it just ignores it cuz it has already been routed. Your help would be really really appreciated.thanks
You are correct; the input queue is only for data coming into the computer. You need to find a way to put the packet into the forward queue as per pumpkin's iptables example.
i'm doing a similar project as yours....can u tell me how did u open the packet to read the data.....i need to access the packet and print the data in kernel...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
