Cant see syn packets!

[vecna@s0ftpj.org]

On Sun, Jul 08, 2001 at 10:37:03AM -0400, Ramkumar Chinchani wrote:

[cut]
~ fg_ip_local_in_hookfn(unsigned int hooknum,
~             struct sk_buff **skb,
~             const struct net_device *in,
~             const struct net_device *out,
~             int (*okfn)(struct sk_buff *))
~ {
~   struct iphdr *iph;
~   struct tcphdr *tcph;
~ 
~   if ((*skb)->pkt_type == PACKET_HOST)

packets received with NF_IP_LOCAL_IN is alway PACKET_HOST, on
/usr/src/linux/include/linux/netfilter_ipv4.h you find:

/* If the packet is destined for this box. */
#define NF_IP_LOCAL_IN          1


~   {
~     iph = (*skb)->nh.iph;
~ 
~     if (iph)
~     {
~       __u8 protocol = ntohs(iph->protocol);

you must switch((*skb)->nh.iph->protocol) without ntohs, for see some example
you can search on NAT code or other with simple but interesting skb's 
manipulation. for see that ntohs isn't required any userspace logger such
tcplogd or iplog icmplogd foobarlogd can help you, other some raw socket packet
forger.

bye,
vecna