Visit Jeremy's Blog.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 05-25-2010, 01:20 AM   #1
LQ Newbie
Registered: May 2010
Posts: 1

Rep: Reputation: 0
Lipipq(iptables) . How do I redirect captured packet to another address with iptables

Hi Developers,

I don't know how to solve my problem.

Is it possible to redirect captured packet with ipq_set_verdict()?

I want to redirect unauthorized users to login page.

Please see my code:

The packets are accepted and my browser opens requested page(not changed destination address)

void main() { 
    struct ipq_handle* h;

    if (!(h = ipq_create_handle(0, PF_INET))) {

    if ((ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE)) < 0) {
        // error 

    struct iphdr* ip_pack;
    ipq_packet_msg_t* eth_pack;

    __u32 ip_auth_server = inet_addr("");
    unsigned char buf[68000];

    if ((ipq_read(h, buf, BUFSIZE, 0)) < 0) {



    switch (ipq_message_type(buf)) {
        case NLMSG_ERROR:

    case IPQM_PACKET:

        eth_pack = ipq_get_packet(buf);
        ip_pack = (struct iphdr*) eth_pack->payload;
        redirect_server_auth(ip_auth_server, ip_pack, eth_pack->packet_id, h, eth_pack->payload, eth_pack->data_len);



u_int16_t ip_checksum(u_int32_t init, const u_int8_t* buf, size_t len) {
    u_int32_t sum = init;
    u_int16_t* shorts = (u_int16_t*) buf;

    while (len > 1) {
        sum += *shorts++;
        len -= 2;

    if (len == 1)
        sum += *((u_int8_t*) shorts);

    while (sum >> 16)
        sum = (sum >> 16) + (sum & 0xFFFF);

    return ~sum;

u_int16_t tcp_checksum(const struct iphdr* iph, const struct tcphdr* tcph,
        size_t len) {
    u_int32_t cksum = 0;

    cksum += (iph->saddr >> 16) & 0x0000ffff;
    cksum += iph->saddr & 0x0000ffff;
    cksum += (iph->daddr >> 16) & 0x0000ffff;
    cksum += iph->daddr & 0x0000ffff;
    cksum += htons(iph->protocol & 0x00ff);
    cksum += htons(len);
    return ip_checksum(cksum, (unsigned char*) tcph, len);

void handle_packet(unsigned char* pkt, size_t len, __u32 dest_addr, int port_dest) {
    struct iphdr* iph = (struct iphdr*) pkt;
    struct tcphdr* tcph = (struct tcphdr*) (pkt + iph->ihl * 4);

    iph->daddr = dest_addr;
    //      syslog(LOG_DEBUG, "PORT");
    //syslog(LOG_DEBUG, tcph->dest); //tcph->dest = htons(80);

    iph->check = 0;
    iph->check = ip_checksum(0, pkt, iph->ihl * 4);
    tcph->check = 0;
    tcph->check = tcp_checksum(iph, tcph, len - (iph->ihl * 4));


void redirect_server_auth(__u32* ip_srv, struct iphdr* ip_pack,
        unsigned long packet_id, ipq_handle* handle,
        unsigned char* buf, int size_buf) {

    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(
            *((struct in_addr*) & ip_pack->daddr)));

    handle_packet(buf, size_buf, *ip_srv, 80);

    syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(

            *((struct in_addr*) & ip_pack->daddr)));

    int v = ipq_set_verdict(handle, packet_id, NF_ACCEPT, size_buf, buf);

    if (v < 0) {
        syslog(LOG_DEBUG, "problems");
        syslog(LOG_DEBUG, ipq_errstr());

what is wrong? I'm looking forward your help. Thanks for your time.

Last edited by inet905; 05-25-2010 at 01:23 AM.


iptables, libipq

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES PORT TRANSLATION / REDIRECT to a different address daveginorge Linux - Newbie 2 05-07-2010 01:59 PM
iptables redirect address 1200 Linux - Networking 6 04-18-2008 01:22 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
How do I get iptables to redirect my default gateway address? Paul Woodhouse Linux - Networking 3 11-11-2003 08:52 AM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:57 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration