[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    NFQUEUE: best way to deal with changed SEQ/ACK in a stream?
From:       <bombsiteunrested () gmail ! com>
Date:       2011-02-24 23:26:18
Message-ID: AANLkTimKfmmACTGEuP1PE2SasYsbjyzHDGBTE3aJbtVq () mail ! gmail ! com
[Download RAW message or body]

Hi all.

I ran into problem while developing custom traffic filter; it is
needed to change TCP options in some of connection packets (signing
the transmission), and thereby tcp data offset is increased, network
(sender size) starts to duplicate missing bytes (length - data offset
increase).

I guess there's two ways of solving this - 1) getting custom module to
the place before SEQ/ACK are set for first packet and doing NFQUEUE
work there 2) constantly changing SEQ/ACK for a whole connection using
connmark.

What else can be recommended and how may the NFQUEUE transparency be
preserved whilst having SEQ/ACKs changed in a whole stream?

Seen that those guys -
http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables
- had solved this somehow.

-- 
cheers,
Igor
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]