8

I am trying to create a kernel module that will be able to send out modified packets from ones it receives through netfilter hooking. I'm using a code skeleton provided here. I am creating a raw socket inside the kernel simply using this code: 

struct socket *sockptr;
sock_create(PF_INET, SOCK_RAW, IPPROTO_TCP, &sockptr);

The sendpacket function is called by this:

len = sendpacket(sockptr, dev, IPPROTO_TCP, duplicate, ntohs(dupiph->tot_len));

socketptr being the raw socket I created, dev being the net_device in passed to me by the hooking function, and duplicate being a modified copy of the original packet.

The return from the call to dev_queue_xmit indicates that the packet was transmitted successfully but I cannot see the packet on the wire. I have two questions: first, I would like to be able to better debug what is happening so any advice concerning that is much appreciated. Also, I am wondering if I am handling the socket creation properly or if there is some type of configuration I am missing. This is all very new to me so it very well could be that I am missing something silly.

Community
  • 1
  • 1
bschulte3
  • 172
  • 7
  • Can you explain what you did when saying "I cannot see the packet on the wire." I suggest to install wireshark or another sniffer program. – Michel Nov 15 '11 at 19:10
  • Sorry, I should have clarified. The interface being used is "venet0" which is the interface used by openvz containers. I was observing traffic on that interface using Wireshark and did not see the packets. – bschulte3 Nov 15 '11 at 19:16
  • Are you sure that iptables has been configured correctly to pass such packets? – Dan Nov 16 '11 at 04:51
  • There isn't any iptables rules related to that interface so I don't see what could be affecting it from iptables. – bschulte3 Nov 16 '11 at 17:37
  • What kernel are you using? What flavor of linux? – Mike Pennington Nov 18 '11 at 10:03
  • Modifying the packets in the sense are you trying to add new header to out going packet.Are you fiddling around with the sk_buff? – Santi1986 Nov 27 '11 at 09:59

1 Answers1

1

It is unlikely that you need to modify the kernel to accomplish your task. Have you considered using tun or tap interface so you can do all of your work in user space? Here's a tutorial: http://backreference.org/2010/03/26/tuntap-interface-tutorial/

TJD
  • 11,800
  • 1
  • 26
  • 34