Find the answer to your Linux question:
Results 1 to 3 of 3
Can anyone help me change the fields of a captured packet using the ipq_set_verdict() function of libipq. I tried to redirect an icmp packet to 172.16.13.35 by changing the destination ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2006
    Posts
    11

    How to modify a packet captured using ipq_read()


    Can anyone help me change the fields of a captured packet using the ipq_set_verdict() function of libipq.
    I tried to redirect an icmp packet to 172.16.13.35 by changing the destination address of the icmp packet(which was originally destined to some other ip address) as shown:

    unsigned char buf[BUFSIZE];
    struct ipq_handle *h;

    h = ipq_create_handle(0, PF_INET);
    ipq_read(h, buf, BUFSIZE, 0);
    ipq_packet_msg_t *m = ipq_get_packet(buf);

    struct iphdr *iph = ((struct iphdr *) msg->payload);
    iph->daddr=inet_addr("172.16.13.35");
    ipq_set_verdict(h, m->packet_id,NF_ACCEPT, BUFSIZE, buf);

    But the above method does not seem to work. Do I also have to change checksum field? If so, how? Please include code , if any, in your reply.
    Thanks.
    Chaitanya

  2. #2
    Just Joined!
    Join Date
    Apr 2005
    Location
    Romania
    Posts
    42
    unsigned char buf[BUFSIZE];
    struct ipq_handle *h;
    struct iphdr *iph;
    struct ipq_packet_msg *m;
    unsigned char *pack;
    int pack_len;
    ...............
    h = ipq_create_handle(0, PF_INET);
    ipq_read(h, buf, BUFSIZE, 0);
    m = ipq_get_packet(buf);
    pack_len=m->data_len+.......;
    pack=(unsigned char *) malloc(pack_len);
    memset((char *)pack, '\0', pack_len);
    /*create IP header*/
    iph = (struct iphdr *) pack;
    iph->ihl=5;
    iph->version=4;
    iph->ttl=128;
    ..............
    iph->protocol=.....;
    iph->daddr=inet_addr("172.16.13.35");
    iph->saddr=.......;
    iph->check = (unsigned short)in_cksum((unsigned short *) iph,
    sizeof(struct iphdr));
    .......
    ipq_set_verdict(h, m->packet_id, NF_ACCEPT, pack_len,
    (unsigned char *) pack);
    ........

  3. #3
    Just Joined!
    Join Date
    Feb 2006
    Posts
    11
    Thanx cbogdan.
    It worked, but the 172.16.13.35 system does not seem to be sending the ICMP reply packets to the request packets it is getting. tcpdump is only showing the request ICMP packets it is getting. If it is of any use, I used the following rule in the ICMP request packet source system:
    iptables -A OUTPUT -p icmp -j QUEUE
    The other chains are set to ACCEPT without any other rules

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •