Hello,
I've started playing around with netfilter with the aim of
doing a new match. I started with Rusty Russel's example
module in Linux Magazine (June 2000): created a C file,
compiled it, insmod'ed it, pinged another host and looked at
dmesg output.
Everything else works except the IP+ICMP packet (ping)
doesn't get altered when the packet length is 100. Using
Ethereal I was able to verify that the received IP+ICMP
packet has the correct checksum even after it has gone
through the following code snippet:
case 100:
printk("linuxmag: corrupting packet\n");
data[99]++;
(*pskb)->nfcache |= NFC_ALTERED;
return NF_ACCEPT;
I.e. returning NF_ACCEPT I was able to grant the packet send
permission, but for some reason the ICMP data corruption
(data[99]++;) had no taken place even when there is the
NFC_ALTERED notion in nfcache.
What have I missed? All help is warmly welcomed.
I'm using RH 7.2 with 2.4.9-21 kernel (from RH rpm) and the
RH gcc 2.96.
Rgds,
Jussi Kuosa
============================================================
The information contained in this message may be privileged
and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any
reproduction, dissemination or distribution of this
communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
Thank you.
Tellabs
============================================================
