Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-08-2014, 03:30 AM
|
#1
|
Member
Registered: Sep 2012
Posts: 126
Rep:
|
edit packets before forwarding in a linux router
Hi
I have a linux box which i have installed a bird router on it.
My linux box acts as a router now.
I need to edit the packets before forwarding, specifically editing Identification field of IPv4 packet for IP traceback purposes.
how can i perform this ?
any suggestion would be greatly appreciated.
best
|
|
|
04-08-2014, 04:30 PM
|
#2
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
You can add a hook in netfilter.
|
|
|
04-09-2014, 05:24 AM
|
#3
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
Dear nini09
Very thanks to answer but can you explain more and how (a little more help) ?
Can I add this functionality to the existing hook in Netfilter or it is better to add another hook in Netfilter?
If u don't have time to explain more i will solve my problem alone.
best
Last edited by kikilinux; 04-09-2014 at 05:29 AM.
|
|
|
04-09-2014, 05:42 AM
|
#4
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
Hi again
I found this function at http://www.cs.fsu.edu/~baker/devices...inetpeer.h#L42 website :
static inline __u16 inet_getid(struct inet_peer *p, int more)
Is it logical to modify this function to create our custom IP ID field?
best
Last edited by kikilinux; 04-09-2014 at 06:19 AM.
|
|
|
04-09-2014, 03:51 PM
|
#5
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
|
|
1 members found this post helpful.
|
04-11-2014, 07:00 AM
|
#6
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
Dear nini09
Maybe this is the last question on this thread.
If i choose netfilter hook to edit IP ID does it has the minimum effect on router performance?
Does it exist another way to perform the similar work with lesser performance effects than netfilter hook?
best
|
|
|
04-11-2014, 03:36 PM
|
#7
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
If the NIC support checksum offload, effect should be very tiny. But if no checksum offload support on the NIC, it could affect performance because checksum has be calculate checksum again after IP id is changed.
|
|
|
04-13-2014, 01:57 PM
|
#8
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
but every router has to decrease TTL and recalculate checksum ...
|
|
|
04-14-2014, 03:32 PM
|
#9
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
Yes, the checksum is recalculated after TTL is decreased. It is expensive action and can be avoided.
If you can trace kernel code to find out where the TTL is modified and adding your hook before TTL is changed, your recalculation can be avoided.
|
|
|
04-14-2014, 04:17 PM
|
#10
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
Dear nini09
Because in routers the packets must be forwarded and not Destined to router itself can i use my netfilter hook
in :
"ip_forward.c" file
in :
"int ip_forward(struct sk_buff *skb)" function
right before bellow line ??
return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev,ip_forward_finish);
|
|
|
04-15-2014, 03:36 PM
|
#11
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
Yes, you can do like that.
|
|
|
05-12-2014, 03:10 AM
|
#12
|
Member
Registered: Sep 2012
Posts: 126
Original Poster
Rep:
|
Hi again
I have this code which i have access to every field of ip header except option field.
how can i access to option field or create option field and append it to ip header ?
static unsigned int hook_func(unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *ip_header;
struct tcphdr *tcp_header;
ip_header = ip_hdr(skb);
//ip_header = (struct iphdr *)skb_network_header(skb);
skb_set_transport_header(skb, ip_header->ihl * 4);
tcp_header = (struct tcphdr *)skb_transport_header(skb);
return NF_ACCEPT;
}
|
|
|
05-12-2014, 03:26 PM
|
#13
|
Senior Member
Registered: Apr 2009
Posts: 1,889
Rep:
|
It is easy to access IP option field if ip header is got. IP option is after IP header, just shifting 20 bytes.
It is difficult to create a new option. The IP and MAC header have to be shifted at first and then a new option can be added.
|
|
|
All times are GMT -5. The time now is 07:56 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|