On Fri, Jun 14, 2002 at 08:03:38AM -0600, Shipman, Jeffrey E wrote: > I'm currently writing a netfilter module to modify > some options in TCP packets. Currently, I'm just > trying to learn a bit about it so I've written a > module that 1) Sets the PSH flag in all TCP packets > and 2) Modifies the destination address to be the > source address. > > I wrote a small function that uses tcp_v4_check() > and ip_fast_csum() to recalculate the checksums > on the packets.
This is wrong. Just think of a packet arriving with broken checksum, and then you recalculate the checksum - passing on a broken packet with a valid checksum. Please use incremental checksumming, as used by netfilter/iptables all over the place (like in ipt_TOS.c, or ipt_TCPMSS.c) > Jeff Shipman - CCD > Sandia National Laboratories -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
msg01326/pgp00000.pgp
Description: PGP signature
