Hi Developers,
I don't know how to solve my problem.
Is it possible to redirect captured packet with ipq_set_verdict()?
I want to redirect unauthorized users to login page.
Please see my code:
The packets are accepted and my browser opens requested page(not changed destination address)
void main() { struct ipq_handle* h;
if (!(h = ipq_create_handle(0, PF_INET))) {
//error
return;
};
if ((ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE)) < 0) {
// error
return;
};
struct iphdr* ip_pack;
ipq_packet_msg_t* eth_pack;
__u32 ip_auth_server = inet_addr("192.168.177.1");
unsigned char buf[68000];
if ((ipq_read(h, buf, BUFSIZE, 0)) < 0) {
//error
return;
}
switch (ipq_message_type(buf)) {
case NLMSG_ERROR:
//error
break;
case IPQM_PACKET:
{
eth_pack = ipq_get_packet(buf);
ip_pack = (struct iphdr*) eth_pack->payload;
redirect_server_auth(ip_auth_server, ip_pack, eth_pack->packet_id, h, eth_pack->payload, eth_pack->data_len);
}
}
u_int16_t ip_checksum(u_int32_t init, const u_int8_t* buf, size_t len) {
u_int32_t sum = init;
u_int16_t* shorts = (u_int16_t*) buf;
while (len > 1) {
sum += *shorts++;
len -= 2;
}
if (len == 1)
sum += *((u_int8_t*) shorts);
while (sum >> 16)
sum = (sum >> 16) + (sum & 0xFFFF);
return ~sum;
}
u_int16_t tcp_checksum(const struct iphdr* iph, const struct tcphdr* tcph,
size_t len) {
u_int32_t cksum = 0;
cksum += (iph->saddr >> 16) & 0x0000ffff;
cksum += iph->saddr & 0x0000ffff;
cksum += (iph->daddr >> 16) & 0x0000ffff;
cksum += iph->daddr & 0x0000ffff;
cksum += htons(iph->protocol & 0x00ff);
cksum += htons(len);
return ip_checksum(cksum, (unsigned char*) tcph, len);
}
void handle_packet(unsigned char* pkt, size_t len, __u32 dest_addr, int port_dest) {
struct iphdr* iph = (struct iphdr*) pkt;
struct tcphdr* tcph = (struct tcphdr*) (pkt + iph->ihl * 4);
iph->daddr = dest_addr;
// syslog(LOG_DEBUG, "PORT");
//syslog(LOG_DEBUG, tcph->dest); //tcph->dest = htons(80);
iph->check = 0;
iph->check = ip_checksum(0, pkt, iph->ihl * 4);
tcph->check = 0;
tcph->check = tcp_checksum(iph, tcph, len - (iph->ihl * 4));
}
void redirect_server_auth(__u32* ip_srv, struct iphdr* ip_pack,
unsigned long packet_id, ipq_handle* handle,
unsigned char* buf, int size_buf) {
syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(
*((struct in_addr*) & ip_pack->daddr)));
handle_packet(buf, size_buf, *ip_srv, 80);
syslog(LOG_DEBUG, "RENAME IP AND SEND PACK ACCEPT %s", inet_ntoa(
*((struct in_addr*) & ip_pack->daddr)));
int v = ipq_set_verdict(handle, packet_id, NF_ACCEPT, size_buf, buf);
if (v < 0) {
syslog(LOG_DEBUG, "problems");
syslog(LOG_DEBUG, ipq_errstr());
}
}
I'm looking forward your help. Thanks for your time.