I want to implement a network delay model for TCP/UDP traffic as described in Linux libnetfilter_queue delayed packet problem. I have followed the suggestion of Andy there, copying entire packet to my program and placing it an a priority queue. As time passes, packets in priority queue are removed and dispatched using RAW sockets.
The problem I am facing is this: Initial capture of packets by libnetfilter_queue is being done by matching the ports (sudo iptables -A OUTPUT -p udp –dport 8000 -j NFQUEUE –queue-num 0). When these packets are reinjected by RAW sockets, they are picked up once again by libnetfilter_queue (since the port remains the same) and hence continue to loop forever.
I am really confused and cannot think of a way out. Please help me.
Use skb->mark. It’s a marking which only exists within the IP stack of your host. It does not affect anything in the network packet itself.
You can filter it using iptables using the ‘–mark’ filter. Use it to return from your delay chain so that your re-inserted packets are not delayed again.
You can configure the raw socket to apply a mark, using
setsockopt(fd, SOL_SOCKET, SO_MARK, ...). You only need to do this once after opening the socket. The mark value will be automatically applied to each packet you send through the socket.