[Click] Modification(handling) of an ip packet data field ?

yacine.djemaiel yacine.djemaiel at laposte.net
Thu Oct 21 03:07:57 EDT 2004 

Hi Beyers,

Thanks for help that you provide, i am now trying to verify
that packets have been modified, but the problem that i face
is related to tcpdump and ethereal sniffers. I am able to
display traffic using  IPPrint(PAYLOAD hex, OUTFILE
dump-packets) but when i use tcpdump or ethereal or also
ToDump(input.dump), which logs traffic in a binary file that
can be analyzed using ethereal, i am not able to view the
modified traffic but only ethernet II traffic.

 Config used is the following : 
 FromDevice(lo)            
    -> Classifier(12/0800)  
    -> Strip(14)           
    -> CheckIPHeader()      
    -> NewElement()    
    -> ToDump(input.dump)  //or,  IPPrint
    -> IPPrint(PAYLOAD hex, OUTFILE dump-packets)
    -> Discard;
The only position where it is possible to capture tcp traffic,
using ToDump, is before strip (14)

Thanks again for any help

Regards

Yacine



> Hi Yacine,
> 
> Yep, memcpy will do the trick. Have a look at Eddie's
ftpportmapper element for more information, located under the
app directory under elements.
> 
> Regards
> 
> Beyers
> 
> -----Original Message-----
> From: yacine.djemaiel [mailto:yacine.djemaiel at laposte.net]
> Sent: Wednesday, October 20, 2004 2:22 PM
> To: Beyers Cronje
> Cc: click
> Subject: RE: [Click] Modification(handling) of an ip packet
data field ?
> 
> 
> Hi Beyers,
> 
> Thank you very much for informations that you provide, i think
> that this is what i look for. To insert data in this field, i
> think that i need to use memcpy to insert data because put
> method allocate only free space.
> 
> Thanks again  
>  
> 
> 
> > Hi Yacine,
> > 
> > On TCP packets I use the following to access data:
> > 
> > unsigned data_offset = (iph->ip_hl << 2) + (tcph->th_off <<
> 2);  // IP Header length + TCP Header length
> > unsigned char *data = p->data() + data_offset;
> > 
> > The above non-const data pointer should only work on a
> writeable packet gained via uniqueify or make as Eddie pointed
> out.
> > 
> > Cheer
> > 
> > Beyers
> > 
> > -----Original Message-----
> > From: click-bounces at amsterdam.lcs.mit.edu
> > [mailto:click-bounces at amsterdam.lcs.mit.edu]On Behalf Of
> ystar master
> > Sent: Wednesday, October 20, 2004 9:07 AM
> > To: Eddie Kohler
> > Cc: click at amsterdam.lcs.mit.edu
> > Subject: Re: [Click] Modification(handling) of an ip packet
> data field ?
> > 
> > 
> > Hi Eddie,
> > 
> > Thank you for informations that you have provided. I
> > think that i have found the solution to access the
> > data  field by using th_off defined in the
> > include/clicknet/tcp.h. If there are another mean to
> > access data field, please inform me.
> > 
> > Thanks again
> > YacineI
> > 
> > 
> >  --- Eddie Kohler <kohler at cs.ucla.edu> a écrit : 
> > 
> > > Hi Yacine,
> > > 
> > > The general pattern is to "uniqueify" the packet,
> > > making sure that it is not 
> > > shared.  Then the "ip_header()" and "tcp_header()"
> > > return values will become 
> > > writable.  See IPMirror (elements/ip/ipmirror.cc)
> > > for an example.
> > > 
> > > Eddie
> > 
> > 
> > 
> > 	
> > 
> > 	
> > 		
> > Vous manquez d'espace pour stocker vos mails ? 
> > Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
> > Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
> > 
> > Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes
> les nouveautés pour dialoguer instantanément avec vos amis. A
> télécharger gratuitement sur http://fr.messenger.yahoo.com
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> > This is an email from CS Holdings. It is confidential to the
> ordinary user of the email address
> > to which it is addressed and may contain copyright and/or
> legally privileged information. No one
> > else may read, print, store, copy, forward or act in
> reliance upon all or any part of it or its 
> > attachments. If you received this email in error please
> notify its sender.
> > 
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> > 
> 
> Accédez au courrier électronique de La Poste :
www.laposte.net ; 
> 3615 LAPOSTENET (0,34EUR/mn) ; tél : 08 92 68 13 50 (0,34EUR/mn)
> 
> 
> 
> This is an email from CS Holdings. It is confidential to the
ordinary user of the email address
> to which it is addressed and may contain copyright and/or
legally privileged information. No one
> else may read, print, store, copy, forward or act in
reliance upon all or any part of it or its 
> attachments. If you received this email in error please
notify its sender.
> 

Accédez au courrier électronique de La Poste : www.laposte.net ; 
3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)

More information about the click mailing list