Hi All,
firstly, Thanks for great design of Netfilter, which gives me no strain to
write hacks I wanted.
My UNIX machine does remote logging with help of syslogd. I wanted to
maintain duplicate logging of those logs. For that I started writing with a
netfilter extension "COPY". My all essential development is over, except
proper routing and then sending new sk_buff. The code started with baseline
of MIRROR. This code is intended to work on syslog udp packets and don't
worry I'm generating UDP packets only in my test cases.
A part of actual work, in pointer to "target" function, is as follows:
static unsigned int ipt_copy_target(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const void *targinfo,
void *userinfo)
{
struct sk_buff *newskb = skb_copy(*pskb, GFP_ATOMIC);
struct iphdr *iph = newskb->nh.iph;
struct rt_key key;
if (newskb) {
/* Alter IP address, adjust IP checksum */
iph->daddr = ((const struct copy_info*)targinfo)->dup_ip;
iph->check = 0;
iph->check = ip_compute_csum((unsigned char *)iph,
sizeof(*iph));
key = { dst:iph->daddr, src:iph->saddr,
oif:0, tos:(RT_TOS(iph->tos)| RTO_CONN) };
if( ip_route_output_key(&rt, &key) ) {
/* Don't let conntrack code see this packet */
ip_direct_send(newskb);
} else
DEBUGP("COPY: ip_route_output_key failed\n");
}
kfree_skb(newskb);
}
return IPT_CONTINUE;
}
# iptables -t mangle -I PREROUTING -d 216.115.102.78 -s 192.168.1.102 \
-p udp -j COPY --sendto 10.10.10.1
I get kernel message logged "COPY: ip_route_output_key failed" :-(. What
essential task I am missing before calling to ip_route_output_key. No
question on routes, I have all routes properly set :-). Also all tables are
fresh and only entry of my test-case :-)
I moved this rule in FORWARD too, but again helpless.
# iptables -t filter -I FORWARD -d 216.115.102.78 -s 192.168.1.102 \
-p udp -j COPY --sendto 10.10.10.1
Thanks for your inspirations.
-- Sumit
