intercept and modify tcp packets
I have to write a vpn module. First of all, I have wrote a kernel module that modifies all the incoming and outgoing TCP packets. It uses netfilter hooks. For the incoming packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by incrementing them by one. For the outgoing packets, I have modified the bytes between (struct sk_buff)->data and (struct sk_buff)->tail pointers by decrementing them by one.
However, I tried to establish a TCP connection between localhost and localhost (by means of netcat) and I had not succeeded. Can you tell me what I am doing wrong? Need I modify some other fields from the struct sk_buff structure?
Is it possible to implement my simple vpn module only from kernel space?(thus without using special libraies such as libnetfilter_queue)?
Have a look at this code...
I believe the way you want to go about this is to actually intercept within the kernel stack by using a modules that can examine the packets as they go to and from the network driver and the kernel.
There is a project created by a Dr. Luca Deri called PF_RING. His goal was not to do a VPN but he was trying to optimize network speeds. He creates a kernel module that sits between the network driver and the kernel and examines the packets and does some work on the as they go by. Essentially the overall architecture for his module is what you want. So, download it and give it a look and see if you can figure out how he does it.
Hope that helps.
(I tried to add the URL but I'm not allowed to post a URL until I've posted at least 15 times, search on Luca Deri and PF_RING)