LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Lipipq(iptables) . How do I redirect captured packet to another address with iptables
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 05-25-2010, 01:20 AM   #1
inet905
LQ Newbie
 
Registered: May 2010
Posts: 1

Rep: Reputation: 0
Lipipq(iptables) . How do I redirect captured packet to another address with iptables

Hi Developers,

I don't know how to solve my problem.

Is it possible to redirect captured packet with ipq_set_verdict()?

I want to redirect unauthorized users to login page.

Please see my code:

The packets are accepted and my browser opens requested page(not changed destination address)

Code:
void main() { 
    struct ipq_handle* h;

    if (!(h = ipq_create_handle(0, PF_INET))) {
        //error 
        return;
    };

    if ((ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE)) < 0) {
        // error 
        return;
    };


    struct iphdr* ip_pack;
    ipq_packet_msg_t* eth_pack;

    __u32 ip_auth_server = inet_addr("192.168.177.1");
    unsigned char buf[68000];

    if ((ipq_read(h, buf, BUFSIZE, 0)) < 0) {

        //error
        return;

    }


    switch (ipq_message_type(buf)) {
        case NLMSG_ERROR:
            //error
        break;

    case IPQM_PACKET:
    {

        eth_pack = ipq_get_packet(buf);
        ip_pack = (struct iphdr*) eth_pack->payload;
        redirect_server_auth(ip_auth_server, ip_pack, eth_pack->packet_id, h, eth_pack->payload, eth_pack->data_len);

    }


}

u_int16_t ip_checksum(u_int32_t init, const u_int8_t* buf, size_t len) {
    u_int32_t sum = init;
    u_int16_t* shorts = (u_int16_t*) buf;

    while (len > 1) {
        sum += *shorts++;
        len -= 2;
    }

    if (len == 1)
        sum += *((u_int8_t*) shorts);

    while (sum >> 16)
        sum = (sum >> 16) + (sum & 0xFFFF);

    return ~sum;
}

u_int16_t tcp_checksum(const struct iphdr* iph, const struct tcphdr* tcph,
        size_t len) {
    u_int32_t cksum = 0;

    cksum += (iph->saddr >> 16) & 0x0000ffff;
    cksum += iph->saddr & 0x0000ffff;
    cksum += (iph->daddr >> 16) & 0x0000ffff;
    cksum += iph->daddr & 0x0000ffff;
    cksum += htons(iph->protocol & 0x00ff);
    cksum += htons(len);
    return ip_checksum(cksum, (unsigned char*) tcph, len);
}

void handle_packet(unsigned char* pkt, size_t len, __u32 dest_addr, int port_dest) {
    struct iphdr* iph = (struct iphdr*) pkt;
    struct tcphdr* tcph = (struct tcphdr*) (pkt + iph->ihl * 4);


    iph->daddr = dest_addr;
    //      syslog(LOG_DEBUG, "PORT");
    //syslog(LOG_DEBUG, tcph->dest); //tcph->dest = htons(80);

    iph->check = 0;
    iph->check = ip_checksum(0, pkt, iph->ihl * 4);
    tcph->check = 0;
    tcph->check = tcp_checksum(iph, tcph, len - (iph->ihl * 4));

}

void redirect_server_auth(__u32* ip_srv, struct iphdr* ip_pack,
        unsigned long packet_id, ipq_handle* handle,
        unsigned char* buf, int size_buf) {

    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(
            *((struct in_addr*) & ip_pack->daddr)));


    handle_packet(buf, size_buf, *ip_srv, 80);


    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(

            *((struct in_addr*) & ip_pack->daddr)));

    int v = ipq_set_verdict(handle, packet_id, NF_ACCEPT, size_buf, buf);

    if (v < 0) {
        syslog(LOG_DEBUG, "problems");
        syslog(LOG_DEBUG, ipq_errstr());
    }

}
what is wrong? I'm looking forward your help. Thanks for your time.
Last edited by inet905; 05-25-2010 at 01:23 AM.
 
  


Reply

Tags
iptables, libipq



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES PORT TRANSLATION / REDIRECT to a different address daveginorge Linux - Newbie 2 05-07-2010 01:59 PM
iptables redirect address 1200 Linux - Networking 6 04-18-2008 01:22 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
How do I get iptables to redirect my default gateway address? Paul Woodhouse Linux - Networking 3 11-11-2003 08:52 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:01 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration