All geek questions in one place

Change caption of captured packet

I am trying to change the IP header to include more IP parameters with libnetfiletr_queue. So far, I have managed to get to the point where I receive the package, as shown below.

if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
    fprintf(stderr, "Unable to set nfq_set_mode\n");
    exit(1);
}

Then I managed to go far, as shown below,

static int my_callBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,struct nfq_data *tb)
{   
    int id = 0;
    int packet_len;
    unsigned char *data;
    struct nfqnl_msg_packet_hdr *packet_hdr;
    unsigned char *data;

    packet_hdr = nfq_get_msg_packet_hdr(tb);

    if (packet_hdr) {
        id = ntohl(packet_hdr->packet_id);          
    }

    packet_len = nfq_get_payload(tb, &data);

    if (packet_len >= 0) {
        //print payload length
        printf("payload_length = %d ", packet_len);
        //modify packet ip header  
    }

    return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}

But from here I got a little confused about how to continue modifying the IP headercaptured packet in //modify packet ip headercomment.Example about modifying the IP header (e.g. traffic class (IPV6) / IP options / version / flags / destination address) is normal, since I only need to understand how modification works :).

I tried a lot of resources and could not achieve further success. You will be very grateful for the expert advice and help on this. :)

Many thanks:)

+4
1

IP, , . , , RFC , .

RFC IPv6: https://tools.ietf.org/html/rfc2460#section-3

IPv6 , , . Version 4 , - 8 , - 20 . - 320 (40 ), 256 - src dest. 64 , , , :

struct ipv6_hdr {
    uint32_t row1;
    uint16_t payload_length;
    uint8_t next_header;
    uint8_t hop_limit;
    uint16_t src[8];
    uint16_t dest[8];
};

, :

#define VERSION_MASK 0xF0000000
#define TRAFFIC_CLASS_MASK 0x0FF00000
#define FLOW_LABEL_MASK 0x000FFFFF

struct ipv6_hdr foo;

...

nfq_get_payload(tb, &foo); // Just an example; don't overflow your buffer!

// bit-wise AND gets masked field from row1
uint8_t version = (uint8_t) ((foo->row1 & VERSION_MASK) >> 28);  // shift (32-4) bits

, , , :

version = 6;

// bit-wise OR puts our value in the right place in row1
foo->row1 &= ~(VERSION_MASK) // clear out the old value first
foo->row1 = ((uint32_t) version << 28) | foo->row1;

src dest 16- , IPv6 8, 16- . .

, , .

, IPv4, RFC: http://tools.ietf.org/html/rfc791#section-3.1

, (, , , , ).

RFC : https://tools.ietf.org/html/rfc1071

.

+4

Source: https://habr.com/ru/post/1530731/

More articles:


All Articles