netfilter, libpcap and packet processing

netfilter, libpcap and packet processing

Post by Filip Pacholczy » Fri, 14 Mar 2003 21:00:21


   I'm writing a program to mangle incoming and/or outgoing IP and TCP
 packets. My goal is to change the content of some headers at the
 source (leaving the payload untouched), send changed packets, and
 re-change headers at the destination, so the applicatons that send and
 receive data wouldn't know about this operation. I've been thinking
 about using libpcap, writing own kernel module (an extension to
 netfilter probably) and finally decided to use netfilter's queue
 mechanism to process packets in userspace (using PREROUTING and
 POSTROUTING chains). Does anybody have better idea?

   I am looking for detailed description of packet flow on the Linux
 box: what is the order of processing packets by libpcap, netfilter and
 encapsulating data from upper (>4) layers? What happens *before*
 packet is matched in PREROUTING chain in netfilter and *after*
 processing in POSTROUTING chain? I've read Netfilter hacking howto,
 Advanced Routing Howto, but still can't find information I'm looking
 for. Can anybody point some sources?

TIA, regards,

Filip "zaraza" Pacholczyk   

[                        RPG Famous Last Words:                        ]
[                 "Hey, I found it.  I'm keeping it."                  ]


1. non-blocking packet pacture (libpcap)

Hey folks.

I was wondering if someone here knows if there's function/parameter or
technique of making pcap_next (or whatever) non-blocking. I'd like something
to return -1 if the packet is invalid/isn't received. Changing libpcap
would be the easiest right now, But that's now what i want. I dont want
my program to be dependable only on my patched version of pcap.

                                        Marko Mlakar

2. ADSL support?

3. Should I install BSD packet filter to using the libpcap library?

4. Sound on RedHat 3.03

5. sending packet is not working - Building firewall/proxyserver using libpcap

6. <defunct> state of processes

7. skipping a packet in libpcap

8. S:VT220-Terminal-Unterlagen

9. sending packet is not working - Building firewall/proxyserver using libpcap

10. DLPI interface, libpcap, packet filtering

11. unaligned libpcap packets???

12. skipping a packet in libpcap

13. libpcap packet capture in kernel space or usermod in linux??