how can I modify the network packet payload?

[WarHammer]

I captured the packets I'm sending out by "iptables -A OUTPUT -j QUEUE" And use C code with libipq to parse the packet structure, and change every character into '!' as below:

ipq_packet_msg_t *m = ipq_get_packet(buf);
struct iphdr *iph = ((struct iphdr *)m->payload);
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
+ (tcp->doff << 2));
iphdr_size = (iph->ihl << 2);
tcphdr_size = (tcp->doff << 2);
port = ntohs(tcp->dest);
if (payload_length) {
int i;
for (i=0; i<payload_length-1; i++)
*(m->payload + payload_offset + i) = '!';

}

however, the packets sending out is still the original string, not the one with all '!' string. what should I do to change the payload of the tcp packet? Thank you

[Marco-D]

I captured the packets I'm sending out by "iptables -A OUTPUT -j QUEUE" And use C code with libipq to parse the packet structure, and change every character into '!' as below:

ipq_packet_msg_t *m = ipq_get_packet(buf);
struct iphdr *iph = ((struct iphdr *)m->payload);
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
+ (tcp->doff << 2));
iphdr_size = (iph->ihl << 2);
tcphdr_size = (tcp->doff << 2);
port = ntohs(tcp->dest);
if (payload_length) {
int i;
for (i=0; i<payload_length-1; i++)
*(m->payload + payload_offset + i) = '!';

}

however, the packets sending out is still the original string, not the one with all '!' string. what should I do to change the payload of the tcp packet? Thank you

Do you call ipq_set_verdict? Do you fix the checksum?

[WarHammer]

yeah I use the ipq_set_verdict as below:

status = ipq_set_verdict(h, m- packet_id, NF_ACCEPT, 0, NULL);
if (status < 0)
die(h);

But I didn't change the checksum of packet header, since I didn't change the header. I don't know how to change the payload's checksum. I'm wondering whether the ipq_set_mode is the problem since I use IPQ_COPY_PACKET. I don't know if there are other options. I use the following the lines in front of the previous codes
.
h = ipq_create_handle(0, PF_INET);
if (!h)
die(h);
status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
die(h);

Can any one give some hints?

Thank you

[Marco-D]

1) You got a copy of the packet.

2) You modified your copy.

3) You didn't do anything with your copy.

Read the docs for ipq_set_verdict carefully.

[WarHammer]

Yeah. It works. Thank you very much but Sorry. It has some new problem. The packet data is changed when I send and receive both on the localhost. The tcp packets are changed, sent and recieve all through 127.0.0.1. It works well on the same laptop. But when I send and recv at different laptop through ad hoc network,the receiver cannot receive anything. At the sender side, the packets seem changed and sent out. And after 6 or 7 packets sent out, the sender seems hanged there and will not send any more packets. I impose the iptable to capture the OUTPUT tcp packet at the sender side. I only change the tcp data with the condition of my defined string,like the data has a string of "today" (then I change only the "today" string). I'm not sure whether the capture and modification process stops any tcp communication packets which help to maintain the tcp connection.Anybody has an idea of what may why the receiver cannot receive the modified packet?

[Marco-D]

Yeah. It works. Thank you very much but Sorry. It has some new problem. The packet data is changed when I send and receive both on the localhost. The tcp packets are changed, sent and recieve all through 127.0.0.1. It works well on the same laptop. But when I send and recv at different laptop through ad hoc network,the receiver cannot receive anything. At the sender side, the packets seem changed and sent out. And after 6 or 7 packets sent out, the sender seems hanged there and will not send any more packets. I impose the iptable to capture the OUTPUT tcp packet at the sender side. I only change the tcp data with the condition of my defined string,like the data has a string of "today" (then I change only the "today" string). I'm not sure whether the capture and modification process stops any tcp communication packets which help to maintain the tcp connection.Anybody has an idea of what may why the receiver cannot receive the modified packet?

I believe that you need to update the checksum.

[WarHammer]

I believe that you need to update the checksum.

Yeah. It's really the TCP checksum problem.thanks you.