unable to reinject the IP packets using ipq_set_verdict (libipq API)

Srinivas G. srinivasg at esntechnologies.co.in
Mon Dec 20 13:03:03 CET 2004

Dear All,


I developed a small application which uses the libipq APIs to capture
the IP packets using netfilter hook. (Here I am not using the iptables.
I used the netfilter hook module to queue the packets in the kernel
space using NF_QUEUE verdict. At the user side I am using the ip_queue
module and then libipq APIs to read the queued packets from the kernel


When I try to print the packet's data in the libipq application it was
printed perfectly. But when I try to reinject the modified packet back
to kernel space using the ipq_set _verdict, it was not working. See the
attached code below.



  case IPQM_PACKET: 


                        ipq_packet_msg_t *m = ipq_get_packet(buf);

                        unsigned char *packet = (unsigned char *)m +

                        unsigned int header_length = 0;

                        struct iphdr *iph;

                        struct tcphdr *tcph;

                        unsigned char *payload;


                        /* calculate the IP header length */

                        iph = (struct iphdr *)packet;

                        header_length += iph->ihl * 4;


                        /* calculate the TCP header */

                        tcph = (struct tcphdr *)(packet +

                        header_length += tcph->doff * 4;


                        /* compute the payload */

                        payload = packet + header_length;


                        printf("Packet receivd!\n");           


                        /* length of the packet data is */

                        printf("Packet length = %d!\n",m->data_len);


                        /* address of the packet in the memory */

                        printf("Packet address in the memory :


                        /* address of the payload in the memory */

                        printf("payload address in the memory :




                            printf("%c",*(payload + i));

                            *(payload + i) = 'a';





                        /* after modification re-inject the packet into

                         * the kernel space i.e. issue the verdict */

                        status = ipq_set_verdict(pHandle, m->packet_id,


                        if (status < 0)







I modified the following line in different ways with different arguments
for the 4th and 5th parameters. I read the man page of ipq_set_verdict
and modified those variables. 


status = ipq_set_verdict(pHandle, m->packet_id, NF_ACCEPT, 0, NULL);


Instead of sending the 0 and NULL, I send

1.                  Application defined buffer length and application
defined buffer pointer.

2.                  m->data_len and packet pointer 

3.                  20 (number of character I modified in the
application) and payload pointer

4.                  m->data_len and m


I tried with other combinations, not only above mentioned combinations. 


Even though, I was unable to retransmit the modified packet. 


How am I testing it? I connected two individual systems using CROSS
CABLE. On one system I am running the client program and another system
I am running the server program and libipq application. On server
machine I am receiving the original data instead of modified one.


Any help greatly appreciated.


Thanks and regards,

Srinivas G



More information about the netfilter-devel mailing list