how can I modify the network packet payload?

I captured the packets I'm sending out by "iptables -A OUTPUT -j
QUEUE"
And use C code with libipq to parse the packet structure, and change
every character into '!' as below:

ipq_packet_msg_t *m = ipq_get_packet(buf);
struct iphdr *iph = ((struct iphdr *)m->payload);
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
+ (tcp->doff << 2));
iphdr_size = (iph->ihl << 2);
tcphdr_size = (tcp->doff << 2);
port = ntohs(tcp->dest);
if (payload_length) {
int i;
for (i=0; i<payload_length-1; i++)
*(m->payload + payload_offset + i) = '!';

}

however, the packets sending out is still the original string, not the
one with all '!' string. what should I do to change the payload of the
tcp packet?

Thank you

On Oct 22, 8:42*pm, jimmy <jimmy.ask...@gmail.com> wrote:
> I captured the packets I'm sending out by "iptables -A OUTPUT -j
> QUEUE"
> And use C code with libipq to parse the packet structure, and change
> every character into '!' as below:
>
> ipq_packet_msg_t *m = ipq_get_packet(buf);
> struct iphdr *iph = ((struct iphdr *)m->payload);
> struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
> payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
> payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
> + (tcp->doff << 2));
> iphdr_size = (iph->ihl << 2);
> tcphdr_size = (tcp->doff << 2);
> port = ntohs(tcp->dest);
> if (payload_length) {
> * * * * int i;
> * * * * for (i=0; i<payload_length-1; i++)
> * * * * * * * * *(m->payload + payload_offset + i) = '!';
>
> }
>
> however, the packets sending out is still the original string, not the
> one with all '!' string. what should I do to change the payload of the
> tcp packet?
>
> Thank you

Do you call ipq_set_verdict? Do you fix the checksum?

DS

On Oct 23, 1:48 pm, David Schwartz <dav...@webmaster.com> wrote:
> On Oct 22, 8:42 pm, jimmy <jimmy.ask...@gmail.com> wrote:
>
>
>
> > I captured the packets I'm sending out by "iptables -A OUTPUT -j
> > QUEUE"
> > And use C code with libipq to parse the packet structure, and change
> > every character into '!' as below:
>
> > ipq_packet_msg_t *m = ipq_get_packet(buf);
> > struct iphdr *iph = ((struct iphdr *)m->payload);
> > struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
> > payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
> > payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
> > + (tcp->doff << 2));
> > iphdr_size = (iph->ihl << 2);
> > tcphdr_size = (tcp->doff << 2);
> > port = ntohs(tcp->dest);
> > if (payload_length) {
> > int i;
> > for (i=0; i<payload_length-1; i++)
> > *(m->payload + payload_offset + i) = '!';
>
> > }
>
> > however, the packets sending out is still the original string, not the
> > one with all '!' string. what should I do to change the payload of the
> > tcp packet?
>
> > Thank you
>
> Do you call ipq_set_verdict? Do you fix the checksum?
>
> DS

yeah I use the ipq_set_verdict as below:
status = ipq_set_verdict(h, m-
>packet_id, NF_ACCEPT, 0, NULL);
if (status < 0)
die(h);

But I didn't change the checksum of packet header, since I didn't
change the header.
I don't know how to change the payload's checksum.

I'm wondering whether the ipq_set_mode is the problem since I use
IPQ_COPY_PACKET. I don't know if there are other options.
I use the following the lines in front of the previous codes.
h = ipq_create_handle(0, PF_INET);
if (!h)
die(h);
status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
die(h);

Can any one give some hints?

Thank you

On Oct 23, 7:00*am, jimmy <jimmy.ask...@gmail.com> wrote:

> yeah I use the ipq_set_verdict as below:
> * * * * * * * * * * * * * * * *status =ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);

Umm, no wonder. You modified your copy of the packet data, but never
did anything with the modified data!

> I'm wondering whether the ipq_set_mode is the problem since I use
> IPQ_COPY_PACKET. I don't know if there are other options.
> I use the following the lines in front of the previous codes.
> * * * * h = ipq_create_handle(0, PF_INET);
> * * * * if (!h)
> * * * * * * * * die(h);
> * * * * status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
> * * * * if (status < 0)
> * * * * * * * * die(h);
>
> Can any one give some hints?

1) You got a copy of the packet.

2) You modified your copy.

3) You didn't do anything with your copy.

Read the docs for ipq_set_verdict carefully.

DS

On Oct 24, 7:13 am, David Schwartz <dav...@webmaster.com> wrote:
> On Oct 23, 7:00 am, jimmy <jimmy.ask...@gmail.com> wrote:
>
> > yeah I use the ipq_set_verdict as below:
> > status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
>
> Umm, no wonder. You modified your copy of the packet data, but never
> did anything with the modified data!
>
> > I'm wondering whether the ipq_set_mode is the problem since I use
> > IPQ_COPY_PACKET. I don't know if there are other options.
> > I use the following the lines in front of the previous codes.
> > h = ipq_create_handle(0, PF_INET);
> > if (!h)
> > die(h);
> > status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
> > if (status < 0)
> > die(h);
>
> > Can any one give some hints?
>
> 1) You got a copy of the packet.
>
> 2) You modified your copy.
>
> 3) You didn't do anything with your copy.
>
> Read the docs for ipq_set_verdict carefully.
>
> DS


Yeah. It works. Thank you very much

On Oct 24, 7:13 am, David Schwartz <dav...@webmaster.com> wrote:
> On Oct 23, 7:00 am, jimmy <jimmy.ask...@gmail.com> wrote:
>
> > yeah I use the ipq_set_verdict as below:
> > status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
>
> Umm, no wonder. You modified your copy of the packet data, but never
> did anything with the modified data!
>
> > I'm wondering whether the ipq_set_mode is the problem since I use
> > IPQ_COPY_PACKET. I don't know if there are other options.
> > I use the following the lines in front of the previous codes.
> > h = ipq_create_handle(0, PF_INET);
> > if (!h)
> > die(h);
> > status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
> > if (status < 0)
> > die(h);
>
> > Can any one give some hints?
>
> 1) You got a copy of the packet.
>
> 2) You modified your copy.
>
> 3) You didn't do anything with your copy.
>
> Read the docs for ipq_set_verdict carefully.
>
> DS


Sorry. It has some new problem.

The packet data is changed when I send and receive both on the
localhost. The tcp packets are changed, sent and recv all through
127.0.0.1. It works well on the same laptop.

But when I send and recv at different laptop through ad hoc network,
the receiver cannot receive anything. At the sender side, the packets
seem changed and sent out. And after 6 or 7 packets sent out, the
sender seems hanged there and will not send any more packets.

I impose the iptable to capture the OUTPUT tcp packet at the sender
side.

I only change the tcp data with the condition of my defined string,
like the data has a string of "today" (then I change only the "today"
string). I'm not sure whether the capture and modification process
stops any tcp communication packets which help to maintain the tcp
connection.

Anybody has an idea of what may why the receiver cannot receive the
modified packet?

On Oct 29, 8:52*pm, jimmy <jimmy.ask...@gmail.com> wrote:

> The packet data is changed when I send and receive both on the
> localhost. The tcp packets are changed, sent and recv all through
> 127.0.0.1. It works well on the same laptop.

> But when I send and recv at different laptop through ad hoc network,
> the receiver cannot receive anything. At the sender side, the packets
> seem changed and sent out. And after 6 or 7 packets sent out, the
> sender seems hanged there and will not send any more packets.

I believe that you need to update the checksum.

DS

David Schwartz <(E-Mail Removed)> wrote:
> I believe that you need to update the checksum.

And may need to do so differently if the NIC in use will be using
ChecKsum Offload (CKO).

rick jones
--
portable adj, code that compiles under more than one compiler
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Oct 30, 6:17 pm, David Schwartz <dav...@webmaster.com> wrote:
> On Oct 29, 8:52 pm, jimmy <jimmy.ask...@gmail.com> wrote:
>
> > The packet data is changed when I send and receive both on the
> > localhost. The tcp packets are changed, sent and recv all through
> > 127.0.0.1. It works well on the same laptop.
> > But when I send and recv at different laptop through ad hoc network,
> > the receiver cannot receive anything. At the sender side, the packets
> > seem changed and sent out. And after 6 or 7 packets sent out, the
> > sender seems hanged there and will not send any more packets.
>
> I believe that you need to update the checksum.
>
> DS


Yeah. It's really the TCP checksum problem.

I found these links. Hope they may be helpful to the others.

http://sysnet.ucsd.edu/~cfleizac/iptcphdr.html
http://www.tcpipguide.com/free/t_TCP...doHeader-2.htm