intercept and modify tcp packets

[corina_fff]

I have to write a vpn module. First of all, I have wrote a kernel module that modifies all the incoming and outgoing TCP packets. It uses netfilter hooks. For the incoming packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by incrementing them by one. For the outgoing packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by decrementing them by one.

However, I tried to establish a TCP connection between localhost and localhost (by means of netcat) and I had not succeeded. Can you tell me what I am doing wrong? Need I modify some other fields from the struct sk_buff structure?

Is it possible to implement my simple vpn module only from kernel space?(thus without using special libraies such as libnetfilter_queue)?

Thank you.

[Rubberman]

Have you looked at OpenVPN to see how that does it? It should provide some good indications of what you need to do.

[corina_fff]

From what I have read, openvpn doesn't use sk_buff structure.....

[Rubberman]

That wasn't my point. You say that you are trying to write a VPN application. There are likely good reasons why applications such as OpenVPN do what they do, the way that they do. Understanding that can help you understand what you need to do to accomplish your goals. Fixating on a particular approach (using sk_buff as you mention), doesn't help, IMO. So, is your goal to use sk_buff in the creation of a VPN, or is your goal to create a VPN?

[corina_fff]

I think I must have a hook at un upper layer. Any suggestions? My goal is not to use sk_buff, but to implement the solution in kernel. So where can I modify the tcp packets in the network stack?


Thank you.

[bloggins666]

I believe the way you want to go about this is to actually intercept within the kernel stack by using a modules that can examine the packets as they go to and from the network driver and the kernel.

There is a project created by a Dr. Luca Deri called PF_RING. His goal was not to do a VPN but he was trying to optimize network speeds. He creates a kernel module that sits between the network driver and the kernel and examines the packets and does some work on the as they go by. Essentially the overall architecture for his module is what you want. So, download it and give it a look and see if you can figure out how he does it.

Hope that helps.

(I tried to add the URL but I'm not allowed to post a URL until I've posted at least 15 times, search on Luca Deri and PF_RING)

Cheers!!

[Rubberman]

(I tried to add the URL but I'm not allowed to post a URL until I've posted at least 15 times, search on Luca Deri and PF_RING)

A lot of people simply put some spaces between the URL identifying characters which allow you to post them, and we only need to remove the spaces to get a workable URL. Example: http : / / www . linuxforms . org