LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 03-25-2006, 03:27 PM   #1
tim24
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Rep: Reputation: 0
netfilter hook forward packets


Hi all,
I'm writing a simple netfilter hook module to redirect the traffic thru a tunnel between 2 machines (B and C)
Assume that i dont want to config netfilter/iptable to do anything.

The path looks like:
A-----B-------C----D

Assume on A, i add a route to forward packet (from A<->D) to B
and on D, i add a route to forward packet (from A<->D) to C

My module will be running on machines B and C.

Here are the steps what i do in my module (running on B and C)
On machine B:
1. capture packet at NF_IP_PRE_ROUTING
2. receive packet from A->D
3. append one more ip/tcp headers from B->C to the packet
4. send it out

On machine C:
after i receive the packet, i will
5. remove the external ip/tcp headers
6. send it out to D


My question is at steps 3 and 5, after append/remove the packet and recalc the checksum, do i have to do something else relate to the socket/sock owner?

How to do steps 4 and 6 to send packet out?

Thank you very much for any help
Tim
 
Old 03-25-2006, 04:15 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
Are you going to do the whole processing (appending headers and removing them) in the module or you plan to get it all out via sockets (on B and C)? Also, what kind of encapsulation do you think about? Remember, more complicated protocols mean more processing needed from your module. I think that IP over IP would be enough in most cases.
 
Old 03-25-2006, 04:59 PM   #3
tim24
LQ Newbie
 
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Hi Mara, thanks for quick response,
Yes, i plan to do the whole thing in the module (kernel 2.4 netfilter hook). No user level program involved.

My task is provide a tunnel between B and C.

that will include:
-get the packet
-expand the packet by adding 2 more headers [IP header|TCP header][orginal ip packet]

-send the new one out

Assume I have enough information to fill up those extra headers (ips,ports,seq,ack...)

I just don't know what functions should I call in my module in order to send the packet out on the wire.

I know I have to do something like:
-create new skb (skb_copy_expand, skb_put...)
-fill up headers
-calc checksum

after this, what else should I do ? do i have to call skb_set_owner_w or something else related to skb->sk and skb->dev ?

and which function to send out the packet ?

THanks again. Please provide me some help.
 
Old 03-27-2006, 04:14 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
You don't have to use any specific function to send it. You'll probably write a target. It doesn't really matter. What matters is the result (code) returned by your functions.

You just need to fill the packet (and the checksums). No need to run more things, with an exception, of course, when you need a specific thing done.

BTW In 2.6 there's ipt_REDIRECT. It may be interesting for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
netfilter hook function error jinxcat Programming 1 09-23-2005 05:24 PM
forward packets between two interfaces sehh Linux - Networking 2 08-30-2005 04:11 PM
how netfilter handles fragmented packets??? cranium2004 Linux - Networking 1 11-21-2004 01:47 PM
iptables (netfilter) losing packets! koningshoed Linux - Security 4 06-28-2003 05:09 PM
Netfilter / iptables - forward port 80 Ratclaws Linux - Networking 8 10-27-2002 05:08 PM


All times are GMT -5. The time now is 10:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration