Sending a packet

[bhupeshchawda]

Hi friends,
I have a captured packet say a TCP packet. Now I want to send this packet to another IP address. I have modified the packet destination ip to go to that address. How do I inject the prebuilt packet with the ethernet header onto the network interface?? Please help me...

[cyberinstru]

Hi,

Use iptables QUEUE feature to queue the packet from stack to userspace, alter the packet as u wish, then put the packet back to the stack, with the verdict of what to be done to the packet (like ACCEPT, DROP or REJECT).

When you queue the packets to userspace with QUEUE option, you need one application on the userspace to take up the packets. Or else, that packet will be dropped.

You can use, libipq to write this spl application to take up packet on user space.

Please refer to libipq and iptables - QUEUE

http://www.cs.princeton.edu/~nakao/libipq.htm

[bhupeshchawda]

Hi,

Use iptables QUEUE feature to queue the packet from stack to userspace, alter the packet as u wish, then put the packet back to the stack, with the verdict of what to be done to the packet (like ACCEPT, DROP or REJECT).

When you queue the packets to userspace with QUEUE option, you need one application on the userspace to take up the packets. Or else, that packet will be dropped.

You can use, libipq to write this spl application to take up packet on user space.

Please refer to libipq and iptables - QUEUE

http://www.cs.princeton.edu/~nakao/libipq.htm

...Hi, U did not get me...I already have a packet captured using pcap, and I need to inject this packet on to a network interface. Can u solve my problem??

[cyberinstru]

Hi, U did not get me...I already have a packet captured using pcap, and I need to inject this packet on to a network interface. Can u solve my problem??

I think, I understood your problem. U have captured it using pcap. Simply capturing the packet using pcap will not stop the actual packet from leaving your box.

This is my understanding of your problem, please correct me, if I am wrong:

1. You want to capture the packet before it leaves your box
2. Alter the packet
3. Put it back to the stack so that it leaves your box with the changes u made.

If this is the case, then using pcap will not solve your issue.

Reason:
By the time u start processing the captured packet, the packet wud have left ur box. And though u manage to send the packet with modifications, ur packet will be considered as a duplicate packet and will be rejected by the destination.

[bhupeshchawda]

Hmmm...I think u r right. So can u please assist me in writing that script as I am a newbie to linux programming and I didn't get the QUEUE functionality in iptables so nicely.
Thanx a lot.

[bhupeshchawda]

Hi friend, I read a bit about libipq and managed to execute a small example.
Ok my friend please tell me one thing :

"Is it necessary that ipq_set_verdict() works only on packets those have been sent to user space by the QUEUE target in the firewall...Does it work for packets constructed manually??"

Thanx a lot!!

[bhupeshchawda]

Another question...
"If we modify the packets in the user space...is it necessary to compute the checksum again?? If so how to tackle this?? " Thanx a lot!!

[cyberinstru]

If we modify the packets in the user space...is it necessary to compute the checksum again?? If so how to tackle this?? " T

Yes, if you modify IP header, then u need to re-calculate IP checksum.

Calculating IP checksum is pretty simple (taken from http://wiki.linux360.ro/wiki/Libipq_by_example).

/* Checksum for IP header
*/
unsigned short checksum(unsigned short *addr, int len)
{
int nleft=len;
int sum=0;
unsigned short *w=addr;
unsigned short answer=0;

while(nleft>1){
sum+=*w++;
nleft-=2;
}
if(nleft==1){
*(unsigned char *)(&answer)=*(unsigned char *)w;
sum+=answer;
}
sum=(sum>>16)+(sum&0xffff);
sum+=(sum>>16);
answer=~sum;
return answer;
}

Please refer http://wiki.linux360.ro/wiki/Libipq_by_example

[cyberinstru]

Is it necessary that ipq_set_verdict() works only on packets those have been sent to user space by the QUEUE target in the firewall...Does it work for packets constructed manually??"

I think so... It shud not work on new packets constructed by u. Coz, for new packets u can inject it with the help of this IPQ.

Whereas, when u queue it, it is taken off from the stack and it keeps track on the packet queued to the userspace. So it works only for the packets queued using IPT_QUEUE.

Someone, please correct me, if I am wrong.

[bhupeshchawda]

Hi, I verified what u said and found that ipq_set_verdict does not work on manually created packets as it already uses a handle created in ipq_create_handle.

Any way I was thinking of using the write() call to inject manually created packets to the ethernet device.
The problem I am now facing is how to get the ethernet device descriptor?? Will this work?? Please let me know...Thanx