Extending packet header from within a Netfilter hook

I want to prepend IP header on an existing IP packet while inside NF_HOOK_LOCAL_OUT. The issue I face is that the skb expansion functions (such as copy/clone/expand/reallocate header) allocate a new sk_buff. We can not return this newly allocated pointer since netfilter hook function no longer (kernel version 2.6.31) passes the skb pointer's address (passes by value). How I solved the issue is as follows: 1. I got a new skb using skb_header_realloc(). This copies all the data from skb. 2. I modified the new skb (call it skb2) to prepend the new IP header, set appropriate values in the new IP header. 3. Replace the contents of the original skb (passed in the Netfilter hook function) with the contents of the skb2 using skb_morph(). Returned NF_ACCEPT.

Is this the only way of achieving what I intended to? Is there a more efficient solution? Are there other use cases of skb_morph (besides the IP reassembly code)?

-------------Problems Reply------------

This works for me, in 2.6 kernels:

struct iphdr* iph;
if (skb_headroom(skb) < sizeof(struct iphdr))
if (0 != pskb_expand_head(skb, sizeof(struct iphdr) - skb_headroom(skb), 0, GFP_ATOMIC)) {
return NF_STOLEN;
iph = (struct iphdr*) skb_push(skb, sizeof(struct iphdr));
//Fill ip packet
return NF_ACCEPT;

Hope it helps.

Category:network programming Views:3 Time:2011-04-14

Related post

  • detect packet fragmentation in kernel module netfilter hooking 2011-11-16

    I am not able to detect if packet fragmented or not and packet offset. I dump header data printk("frt_offset=%d ", ((ip_header->frag_off)));//print all, not 13 bytes of it printk("fr_cf=%d ", (ntohs(ip_header->frag_off) & IP_CE) > 0); pr

  • Netfilter hooks on multi-core system 2011-09-19

    We have wrote LKM that is using netfilter hooks to intercept IP packets. The problem is that on 1Gb/s payload we see that hooks load only one CPU core via soft irq. Other 15 cores is idle. So i make conclusion that hooks isn't multithreading. So my q

  • Can I implement a traffic identifiter (layer 7) based on netfilter hook functions (layer 3)? 2011-04-15

    I want to write a simple traffic identifiter based on netfilter hook functions because I think netfilter hook is easier to implement. I want this using regular expression to identify some layer-7 traffic such as ftp,p2p. But , considering ftp traffic

  • netfilter hook function memory reference crashed my system 2012-04-21

    please look at the code snippet char ipAddr[] = {192, 168, 88, 2}; struct iphdr *ip_hdr = (struct iphdr*)(some_valid_eth_hdr_pointer + 1); if (0 == memcmp((void*)(ip_hdr->saddr), (void*)ipAddr, 4)) /*memcmp cause my whole system crashed*/ { printk

  • Can any body tell me is significance of NF_STOP in netfilter hook returns? 2013-11-13

    Can any body tell me is significance of NF_STOP in netfilter hook returns i.e. when can a hook function return NF_STOP? --------------Solutions------------- NF_STOP is similar to NF_STOLEN , only difference is function callback is called on return in

  • Is it possible to hook a packet after NF_IP_POST_ROUTING step of Netfilter? 2009-07-27

    I think that detection of source/destination mac addresses of a packet is done after NF_IP_POST_ROUTING step of Netfilter. Is it possible to hook the packet after this step with correct mac addrs? I want to decide about the out-going packet from my N

  • How to alter an Ethernet Packet (a packet that comes from the NIC)? Can I Use Netfilter Hooks? 2011-07-31

    I want to catch a packet before that packet come up tcp/ip layers and give it to user space with C++ and a UI. How can I do this? Is Qt & Netfilter something that can do this? --------------Solutions------------- Qt is helpless there. What you ne

  • $PATH extended at .bashrc not available within git hook script 2012-02-23

    I need to run a certain command when a push is received in a repository. That binary is located at a custom path which I added to .bashrc and works normally from the shell. I wrote a little script as a git hook. However, the .bashrc additions don't s

  • linux netfilter pass the packet content to user space socket app 2009-08-17

    I want to write a Linux 2.6 netfilter module, which can check the incoming IP packet information, such as dest-ip, source-ip. After that pass these information to user space app which (i.e Socket app) will handle these information as soon as the pack

  • Which module in linux 2.6 kernel should I modify to count the number of ip packets sent/received? 2011-04-20

    I need to modify a kernel module(s) to count number of packets that the machine has sent / received over my wireless adapter for the linux 2.6 kernel. Please let me know which modules should I modify. Any references would also be helpful. -----------

  • Sending a packet through a kernel module 2011-11-15

    I am trying to create a kernel module that will be able to send out modified packets from ones it receives through netfilter hooking. I'm using a code skeleton provided here. I am creating a raw socket inside the kernel simply using this code: struct

  • Routing all packets through my program? 2012-01-10

    I want to build an application that routes all network traffic (not just HTTP) through my application. Basically, what I want is all the traffic to be given to my application (they should never reach the actual target, my application should handle th

  • Convert source IP address from struct iphdr* to string equivalent using Linux netfilter 2012-02-15

    I want to convert the source & destination IP addresses from a packet captured using netfilter to char *. In my netfilter hook function, I have: sock_buff = skb; // argument 2 of hook function // ip_header is struct iphdr* ip_header = (struct iph

  • Check port number in Linux Kernel Module using Netfilter 2012-02-15

    Referring to the Netfilter hook code at this page The port to be checked against is declared as: /* Port we want to drop packets on */ static const uint16_t port = 25; The comparison is made as: return (tcph->dest == port) ? NF_DROP : NF_ACCEPT; I

  • I have an issue with Linux's network stack while sniffing packets 2012-03-17

    I have a question for the Low-level networking/Linux gurus, I have to build two tools for a security project at my university. The first tool is an ARP Poisonning attacker which will poison the ARP cache from a remote host in order to retrieve the da

  • How to captuare an IP packet, change its content and resend it on Linux? 2012-04-03

    My question is: How to captuare an incoming IP packet from a network interface, change its content and resend it from another network interface? --------------Solutions------------- The choice is yours, there is no preference (and hence no "normal").

  • Mangling sk_buff data in a Netfilter module 2013-08-14

    I am building a module that does massive mangling of the protocol contained within. I am only mangling Layer 4 packets. I convert them back on the other end to how they should be. The packet size is still 1:1, so there really isn't a need to realloca

  • How extension methods hook up 2010-12-18

    I was just curious to know how Extension methods are hooked up to the Original class. I know in IL code it gives a call to Static Method, but how it does that and why dosen't it break encapsulation. --------------Solutions------------- Extension meth

  • Packets: Effectively representing different packet types 2012-02-12

    I'm trying to design a server/client architecture, and I'd wanted to ping you guys to determine the best way to represent and parse different types of packets. Each packet type would need to be parsed differently. Below represents the type of packets

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.165 (s). 11 q(s)