Problem in adding additional header

Brad Chapman
Thu, 11 Oct 2001 12:09:20 -0700 (PDT)

Mr. Pandey,

	First of all, this does NOT belong on the general discussion list. Send
all code or development questions to

--- Shiva Raman Pandey <> wrote:
> Hello Friends,
> My actual requirement is to insert my own header between Ethernet header and
> IP header to all the packets generated at this machine and  remove the same
> from all the packets meant for this machine.
> So Packets leaving from this machine will look like(assume my header is
> BlueTooth header)
> Ethernet header -- BT header --IPheader--TCP/UDP/ICMP header
> I tried to using Netfilter to solve my purpose, but found that I cant get the
> packet directly from ethernet. Even the very first hook PRE_ROUTING also gives
> from IP layer only.
> So if I add my BT header before IP header, IP layer will not accept the packet
> when I will call 'set_verdict'.
> So I changed my design :(, to do some dirty work like add the copy of IP
> header before BT header again.
> Now it will look like
> IP header--BT header--IP header--TCP/UDP/ICMP header
> and at the recieving end it will remove the IP header--BT header leaving the
> remaining packet starting with IP header.
> For example, say ping command, packet length = 84 bytes, IP header length = 20
> bytes, ICMP header length = 8bytes and my BT header length = 5 bytes
> so I made the new packet of length 20+5+20+(84-20) = 109 bytes and called the
> function set_verdict, with data_len = 109, and this 109 bytes long payload.
> Now at the recieving machine I should get the 109 bytes long packet, but in
> fact IP_QUEUE is giving the packet of 84 bytes only, that are in fact first 84
> bytes of the 109 bytes long packet.
> Note - I have not touched the checksum fields.
> So, my questions are :
> 1) When I am sending 109 bytes, why I am getting only 84 bytes?
> 2) I tried changing the payload[3] (ie, packet length field) to 109, in that
> case the packet never reaches the destination, why?
> 3) Is this problem due to checksum?
> 4) Is there any way using netfilter, I can get the packet from ethernet
> directly, that will suit my actual design? or any other easy way?
> 5) How can I verify that the sending machine is actually sending 109 bytes(I
> mean not reducing it to 84)?
> Please send me your suggestions to  find out the solution for this problem

	I can tell you exactly what your problem is: netfilter doesn't go low
enough. AFAIK netfilter only hooks into OSI layer-3 protocols (IPv4, IPv6, DECNet,
IPX, AppleTalk, etc.) It does NOT hook into anything above or below that. In
order for your scheme to work, the netfilter framework would have to support
layer-2-level hooks (Ethernet, ATM, PPP, PPPoE, etc.) Unless you produce a patch
to do that, it's not appearing anytime soon.

> Thanks alot.
> Regards
> Shiva Raman Pandey
> Research Associate, Computer Science -R&D
> Sasken Communication Technologies Limited
> Bangalore, India


Brad Chapman

Permanent e-mail:
Current e-mail:
Alternate e-mail:

Do You Yahoo!?
Make a great connection at Yahoo! Personals.