Home/ Questions/Q 8680661
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T21:18:25+00:00

I am capturing some packets using iptables queue, and analysing them in a libnetfilter_queue

  • 0

I am capturing some packets using iptables queue, and analysing them in a libnetfilter_queue module, now i wish to make some changes in the packet, but even if i change a single character, the packet is rejected, perhaps, while checking the checksum! Is there any way to prevent it from being rejected:

static int callBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,struct nfq_data *nfa, void *data)
{
 int len=0,id=0;
 char *pktData;
 string pktString;
 struct nfqnl_msg_packet_hdr *pktHeader;
 pktHeader = nfq_get_msg_packet_hdr(nfa);
 if (pktHeader) 
 {
   id = ntohl(pktHeader->packet_id);
 }
 len = nfq_get_payload(nfa, &pktData);
 if(len) 
 {
  int pos;
  pktString.assign(pktData,len);
  pos=pktString.find("oldstring",0);
  if(pos>0)
 {
    pktString.replace(pos,9,"newstring");
    unsigned char* newPktData=(unsigned char*)pktString.c_str();
    len=pktString.size();
    return nfq_set_verdict(qh, id, NF_ACCEPT,len,newPktData);
}
}   
return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you change anything you have to update the checksum to prevent rejection, otherwise the packet will be considered to be corrupted…
    edit: assuming you are working on IP packets, the above only applies for changes in the IP header, since only the header, not the payload, is ‘protected’ by the IP checksum.

    • 0