libipq and ipq_packet_msg_t (desperate)

Steven J Scott sjscott at
Wed Dec 15 17:39:47 CET 2004

Hello Maarten,

Thanks for the clarification of ipq_packet_msg_t and what is consists of.  I had a feeling it didn't contain ethernet 

So to calculate the offset of the payload would look like the following:

struct iphdr *iph = ((struct iphdr *)m->payload);
struct tcphdr tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));

char *payload = ( (char*)tcp) + sizeof(struct tcphdr);
int payload_length = ntohs(iph->tot_len) - ( sizeof(struct tcphdr) + 
sizeof(struct iphdr) );

Is that correct?


Rockwell Automation / Advanced Technology
sjscott at
(This email was sent via Notes running on Linux)

"Maarten Wijnants" <maarten.wijnants at>
15/12/2004 09:44 AM

        To:     "Ulysses Almeida" <munky at>, "Steven J Scott" 
<sjscott at>
        cc:     <netfilter-devel at>
        Subject:        Re: libipq and ipq_packet_msg_t (desperate)

Hello Steven,

> Now that I got the ip header, and TCP header.. I am confused on how to 
> to the TCP payload.  Correct me if I am wrong, but the ipq_packet_msg_t
> structure is composed of the complete packet.  e.g. ethernet header, IP
> header, TCP header and data.

You are correct in the fact that the ipq_packet_msg_t structure contains 
complete packet, but the ethernet header is NOT included. So in the case 
a TCP/IP packet, the payload of the ipq_packet_msg_t structure first 
contains the IP header and then the TCP header and then the (TCP) payload.

> So what I need to do is setup offsets from
> the ipq_packet_msg_t->payload to point to each of these areas within the
> packet..
> So what I need know is how to get the offset of the payload(data 

Well this is exactly what the code snippet shows. You first parse the ip 
header of the packet (with struct iphdr) to retrieve the (variable) length 

of the IP header. You add this amount of bytes to the payload member of 
ipq_packet_msg_t structure. Add this moment, you are pointing to the 
position in the received packet where the TCP header begins. So you parse 
the TCP header (with struct tcphdr) to retrieve the (variable) length of 
TCP header. If you now also add this amount of bytes, you will point to 
payload of your packet.

> I also need to find the length of the payload section.

This information can also be found by parsing the IP header of the packet 
with the struct iphdr. This struct has a member which specifies the total 
length of the IP packet (including headers!!).


More information about the netfilter-devel mailing list