LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 05-25-2010, 01:20 AM   #1
inet905
LQ Newbie
 
Registered: May 2010
Posts: 1

Rep: Reputation: 0
Lipipq(iptables) . How do I redirect captured packet to another address with iptables


Hi Developers,

I don't know how to solve my problem.

Is it possible to redirect captured packet with ipq_set_verdict()?


I want to redirect unauthorized users to login page.

Please see my code:

The packets are accepted and my browser opens requested page(not changed destination address)

Code:
void main() { 
    struct ipq_handle* h;

    if (!(h = ipq_create_handle(0, PF_INET))) {
        //error 
        return;
    };

    if ((ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE)) < 0) {
        // error 
        return;
    };


    struct iphdr* ip_pack;
    ipq_packet_msg_t* eth_pack;

    __u32 ip_auth_server = inet_addr("192.168.177.1");
    unsigned char buf[68000];

    if ((ipq_read(h, buf, BUFSIZE, 0)) < 0) {

        //error
        return;

    }


    switch (ipq_message_type(buf)) {
        case NLMSG_ERROR:
            //error
        break;

    case IPQM_PACKET:
    {

        eth_pack = ipq_get_packet(buf);
        ip_pack = (struct iphdr*) eth_pack->payload;
        redirect_server_auth(ip_auth_server, ip_pack, eth_pack->packet_id, h, eth_pack->payload, eth_pack->data_len);

    }


}

u_int16_t ip_checksum(u_int32_t init, const u_int8_t* buf, size_t len) {
    u_int32_t sum = init;
    u_int16_t* shorts = (u_int16_t*) buf;

    while (len > 1) {
        sum += *shorts++;
        len -= 2;
    }

    if (len == 1)
        sum += *((u_int8_t*) shorts);

    while (sum >> 16)
        sum = (sum >> 16) + (sum & 0xFFFF);

    return ~sum;
}

u_int16_t tcp_checksum(const struct iphdr* iph, const struct tcphdr* tcph,
        size_t len) {
    u_int32_t cksum = 0;

    cksum += (iph->saddr >> 16) & 0x0000ffff;
    cksum += iph->saddr & 0x0000ffff;
    cksum += (iph->daddr >> 16) & 0x0000ffff;
    cksum += iph->daddr & 0x0000ffff;
    cksum += htons(iph->protocol & 0x00ff);
    cksum += htons(len);
    return ip_checksum(cksum, (unsigned char*) tcph, len);
}

void handle_packet(unsigned char* pkt, size_t len, __u32 dest_addr, int port_dest) {
    struct iphdr* iph = (struct iphdr*) pkt;
    struct tcphdr* tcph = (struct tcphdr*) (pkt + iph->ihl * 4);


    iph->daddr = dest_addr;
    //      syslog(LOG_DEBUG, "PORT");
    //syslog(LOG_DEBUG, tcph->dest); //tcph->dest = htons(80);

    iph->check = 0;
    iph->check = ip_checksum(0, pkt, iph->ihl * 4);
    tcph->check = 0;
    tcph->check = tcp_checksum(iph, tcph, len - (iph->ihl * 4));

}

void redirect_server_auth(__u32* ip_srv, struct iphdr* ip_pack,
        unsigned long packet_id, ipq_handle* handle,
        unsigned char* buf, int size_buf) {

    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(
            *((struct in_addr*) & ip_pack->daddr)));


    handle_packet(buf, size_buf, *ip_srv, 80);


    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(

            *((struct in_addr*) & ip_pack->daddr)));

    int v = ipq_set_verdict(handle, packet_id, NF_ACCEPT, size_buf, buf);

    if (v < 0) {
        syslog(LOG_DEBUG, "problems");
        syslog(LOG_DEBUG, ipq_errstr());
    }

}
what is wrong? I'm looking forward your help. Thanks for your time.

Last edited by inet905; 05-25-2010 at 01:23 AM.
 
  


Reply

Tags
iptables, libipq


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES PORT TRANSLATION / REDIRECT to a different address daveginorge Linux - Newbie 2 05-07-2010 01:59 PM
iptables redirect address 1200 Linux - Networking 6 04-18-2008 01:22 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
How do I get iptables to redirect my default gateway address? Paul Woodhouse Linux - Networking 3 11-11-2003 08:52 AM


All times are GMT -5. The time now is 10:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration