Find the answer to your Linux question:
Results 1 to 7 of 7
I have to write a vpn module. First of all, I have wrote a kernel module that modifies all the incoming and outgoing TCP packets. It uses netfilter hooks. For ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3

    intercept and modify tcp packets


    I have to write a vpn module. First of all, I have wrote a kernel module that modifies all the incoming and outgoing TCP packets. It uses netfilter hooks. For the incoming packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by incrementing them by one. For the outgoing packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by decrementing them by one.

    However, I tried to establish a TCP connection between localhost and localhost (by means of netcat) and I had not succeeded. Can you tell me what I am doing wrong? Need I modify some other fields from the struct sk_buff structure?

    Is it possible to implement my simple vpn module only from kernel space?(thus without using special libraies such as libnetfilter_queue)?

    Thank you.

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,752
    Have you looked at OpenVPN to see how that does it? It should provide some good indications of what you need to do.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3
    From what I have read, openvpn doesn't use sk_buff structure.....

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,752
    That wasn't my point. You say that you are trying to write a VPN application. There are likely good reasons why applications such as OpenVPN do what they do, the way that they do. Understanding that can help you understand what you need to do to accomplish your goals. Fixating on a particular approach (using sk_buff as you mention), doesn't help, IMO. So, is your goal to use sk_buff in the creation of a VPN, or is your goal to create a VPN?
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  6. #5
    Just Joined!
    Join Date
    Jan 2010
    Posts
    3
    I think I must have a hook at un upper layer. Any suggestions? My goal is not to use sk_buff, but to implement the solution in kernel. So where can I modify the tcp packets in the network stack?


    Thank you.

  7. #6
    Just Joined!
    Join Date
    Jul 2009
    Posts
    49

    Have a look at this code...

    I believe the way you want to go about this is to actually intercept within the kernel stack by using a modules that can examine the packets as they go to and from the network driver and the kernel.

    There is a project created by a Dr. Luca Deri called PF_RING. His goal was not to do a VPN but he was trying to optimize network speeds. He creates a kernel module that sits between the network driver and the kernel and examines the packets and does some work on the as they go by. Essentially the overall architecture for his module is what you want. So, download it and give it a look and see if you can figure out how he does it.

    Hope that helps.

    (I tried to add the URL but I'm not allowed to post a URL until I've posted at least 15 times, search on Luca Deri and PF_RING)

    Cheers!!

  8. #7
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,752
    Quote Originally Posted by bloggins666 View Post
    (I tried to add the URL but I'm not allowed to post a URL until I've posted at least 15 times, search on Luca Deri and PF_RING)
    A lot of people simply put some spaces between the URL identifying characters which allow you to post them, and we only need to remove the spaces to get a workable URL. Example: http : / / www . linuxforms . org
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •