I am currently writing a kernel module that modifies the package payload as a learning experience. I have package modifications, but now I want to send this new modified package after the original (I do not want to abandon the original). I can't seem to find a kernel function that sends an SKB for transmission. I tried dev_queue_xmit(nskb) , but it causes a kernel panic, I also tried skb->next = nskb , but it does nothing. Should I do SKB list processing? I'm not sure how to do this, as this article seems outdated .
EDIT:
So, I was able to fix the kernel panic when calling dev_queue_xmit (nskb), I accidentally did dev_queue_xmit (skb), which removes skb and causes panic from the network filter. The problem is that everything works, but I do not see sending repeated packets, there is no trace of the second packet being sent. TCPDump on the machine does not see anything, and TPCDump on the target does not see anything, the following is my code.
unsigned int in_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct sk_buff *nskb = skb_copy(skb, GFP_KERNEL); __u32 saddr, daddr; saddr = ntohl(iph->saddr); if (saddr == ipToInt(10,0,2,12) || saddr == ipToInt(10,0,2,13)) { if (saddr == ipToInt(10,0,2,13)) { dev_queue_xmit(nskb); } } return NF_ACCEPT; }
My network setup is as follows: 3 Ubuntu Server VM, all of them SSH'd from the host computer (macOS, if that matters, I don't know at the moment). A computer running the above kernel module tricks two other virtual machines. Then, the other two virtual machines communicate with each other through a netcat session. I hope that when I send one message from a virtual machine with ip 10.0.2.13, 10.0.2.12 will see two identical messages. I know that a confirmation error will confirm the connection, but I do not understand this. TCPDump on any of the three computers does not show anything except packets that should be sent.
I have so far tried dev_queue_xmit(nskb) as well as nskb->dev->netdev_ops->ndo_start_xmit(nskb, skb->dev) .