Hi,
i have a simple netfilter program from which im trying to steal the packets passing accross the network im using NF_STOLEN and i need to display the stolen packets


my netfilter program:

//Filtering packets based on their source address
/* Sample code to install a Netfilter hook function that will
* drop all incoming packets from an IP address we specify */

// #define __KERNEL__
// #define MODULE

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/ip.h> /* For IP header */
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>

/* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;

/* IP address we want to drop packets from, in NB order */
static unsigned char *drop_ip = "\xac\x01\x02\x6a"; /*172.1.2.106*/

/* This is the hook function itself */
unsigned int hook_func(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *sb = *skb;

if (sb->nh.iph->saddr ==*(unsigned int*) drop_ip) {
/*here im just tryng to print srcaddr and total length just for my refeence*/
printk("\n\nIP source address:%d",sb->nh.iph->saddr);
printk("\n\nTotal Length:%d",sb->nh.iph->tot_len);
/*printk("Dropped packet from... %d.%d.%d.%d\n",
*drop_ip, *(drop_ip + 1),
*(drop_ip + 2), *(drop_ip + 3));
return NF_DROP;*/
return NF_STOLEN;

} else {
return NF_ACCEPT;
}
}

/* Initialisation routine */
int init_module()
{
/* Fill in our hook structure */
nfho.hook = hook_func;
/* Handler function */
nfho.hooknum = NF_IP_PRE_ROUTING;/*First for IPv4 */
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; /* Make our func first */

nf_register_hook(&nfho);

return 0;
}

/* Cleanup routine */
void cleanup_module()
{
nf_unregister_hook(&nfho);
}
MODULE_LICENSE("GPL");
MODULE_AUTHOR("VENKAT");

then i compiled the above program using :

gcc -I/lib/modules/`uname -r`/build/include -D__KERNEL__ -DMODULE -DLINUX -O2 -c -o nfaddr.o nfaddr.c

compilation successfull.....

i inserted the module using:
insmod nfaddr.o

module insertion succesfull........

then next step was

ping 172.1.2.106

output on console was:

[root@localhost venki]# ping 172.1.2.106
PING 172.1.2.106 (172.1.2.106) 56(84) bytes of data.

--- 172.1.2.106 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2025ms

so this means that the packets are not received and they are stolen now where are these stolen packets and how do i display them on to console....



The below statements were just to check if module was successfull r not.
i cheacked the messages at /var/log/messages

Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:06 localhost kernel: IP source address:1778516396
Apr 6 11:37:06 localhost kernel:
Apr 6 11:37:07 localhost kernel: Total Length:21504
Apr 6 11:37:07 localhost kernel:
Apr 6 11:37:07 localhost kernel: IP source address:1778516396
Apr 6 11:37:07 localhost kernel:
Apr 6 11:37:08 localhost kernel: Total Length:21504
Apr 6 11:37:08 localhost kernel:
Apr 6 11:37:08 localhost kernel: IP source address:1778516396
Apr 6 11:37:08 localhost kernel:


now how do i display the stolen packets