configure.in

AC_INIT(src)

PACKAGE=YOURAPPNAME
VERSION=0.1

AM_INIT_AUTOMAKE($PACKAGE,$VERSION)

AC_STDC_HEADERS
AC_PROG_INSTALL
AC_PROG_CXX

PKG_CHECK_MODULES(DEPS, gtk+-2.0 >= 2.0 glib-2.0 >= 2.2 gmodule-export-2.0 >= 2.0)
AC_SUBST(DEPS_CFLAGS)
AC_SUBST(DEPS_LIBS)

AC_OUTPUT([
Makefile
src/Makefile
])

Makefile.am (in your src directory)

bin_PROGRAMS = YOURAPPNAME

YOURAPPNAME_SOURCES = main.c
LIBS = $(DEPS_LIBS)
INCLUDES = $(DEPS_CFLAGS)

Download

JXBStreamer jar(java -jar JXBStreamer.jar)

JXBStreamer Source (Netbeans Project)

The Olympus E-500 Experience

#include <linux/netfilter.h>
#include <libipq.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>

int identify_ip_protocol (ipq_packet_msg_t *msg)
{
int protocol=0; /* 6 = TCP, 16 = UDP */

/* Cast the IP Header from the raw packet */
struct iphdr *iph = ((struct iphdr *) msg->payload);

/* get the protocol identifier from the ip header */
protocol = iph->protocol;

return(protocol);

}

Once you determine the protocol you can then cast out the next header. Like this for TCP:

/* Cast the TCP Header from the raw packet */
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));

or like this for UDP:

/* Cast the UDP Header from the raw packet */
struct udphdr *udp = (struct udphdr *) (msg->payload + (iph->ihl << 2));

__u16 get_udp_two_payload_bytes(ipq_packet_msg_t *msg)
> {
>
> unsigned int udp_header_size = 8; /* UDP always has an 8 byte header! */
> __u16 fist_two_bytes;
>
> /* Cast the IP Header from the raw packet */
> struct iphdr *iph = ((struct iphdr *) msg->payload);
>
> /* Cast the UDP Header from the raw packet */
> struct udphdr *udp = (struct udphdr *) (msg->payload + (iph->ihl 2));
>
> /* get the payload offset from within the raw packet */
> int unsigned payload_offset = ( udp_header_size + (iph->ihl 2) );
>
> /* calculate the length of the UDP payload */
> int unsigned payload_length = ntohs(udp->len) – udp_header_size;

/* get the first two bytes of the payload */
if(payload_length)
first_two_bytes = *(__u16 *) (msg->payload + payload_offset);
else /* There was no payload… */
printf(“ERROR: Payload is zero….\n”);
return(first_two_bytes);
}

ipq_packet_msg structure defined in /usr/include/linux/netfilter_ipv4/ip_queue.h:

typedef struct ipq_packet_msg {
unsigned long packet_id; /* ID of queued packet */
unsigned long mark; /* Netfilter mark value */
long timestamp_sec; /* Packet arrival time (seconds) */
long timestamp_usec; /* Packet arrvial time (+useconds) */
unsigned int hook; /* Netfilter hook we rode in on */
char indev_name[IFNAMSIZ]; /* Name of incoming interface */
char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */
unsigned short hw_protocol; /* Hardware protocol (network order) */
unsigned short hw_type; /* Hardware type */
unsigned char hw_addrlen; /* Hardware address length */
unsigned char hw_addr[8]; /* Hardware address */
size_t data_len; /* Length of packet data */
unsigned char payload[0]; /* Optional packet data */
} ipq_packet_msg_t;

I also found a resource on the sk_buff structure, which holds packets passing through the network stack. You can find it here: skb – Linux network buffers

For example: # iptables -A OUTPUT -j QUEUE

This tells netfilter to route all out going packets orginating from your machine to the QUEUE.

Developing with LIBIPQ requires the iptables-devel package to be installed. You can then compile your programs by linking them to the LIBIPQ library as shown below:

# gcc yourapp.c -lipq

You need to be root to run any program that uses LIBIPQ. Also if you recieve an error like, “passer: Failed to send netlink message: Connection refused” you need to load the ip_queue module. Just issue: # modprobe ip_queue.

I would like to thank Ulysses, Srinivas, Henrik, Maarteen for all their help. If I forgot anyone else thank you too!

Below is a code snippet for parsing out the raw packet found in the structure ipq_packet_msg_t(ipq_packet_msg_t->payload). This snippet fits into the example from Quick Intro to libipq. This is very useful for people just getting started with LIBIPQ since documentation on this is scarce.

case IPQM_PACKET:
{
ipq_packet_msg_t *m = ipq_get_packet(buf);

__u16 first_two_bytes = 0; /* hold the first two bytes from payload */

/* Cast the IP Header from the raw packet */
struct iphdr *iph = ((struct iphdr *)m->payload);

/* Cast the TCP Header from the raw packet */
struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));

/* get the payload offset from with the raw packet */
int unsigned payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));

/* calculate the length of the payload */
int unsigned payload_length = (unsigned int) ntohs(iph->tot_len) – ((iph->ihl << 2) + (tcp->doff << 2));

/* Calculate the size of the IP Header. iph->ihl contains the number of 32 bit
words that represent the header size. Therfore to get the number of bytes
multiple this number by 4 */
int iphdr_size = (iph->ihl << 2);

/* Calculate the size of the TCP Header. tcp->doff contains the number of 32 bit
words that represent the header size. Therfore to get the number of bytes
multiple this number by 4 */
int tcphdr_size = (tcp->doff << 2);

/* get the destination port of the packet */
int port = ntohs(tcp->dest);

/* Get the first two bytes of the payload if a payload is present*/
if(payload_length)
first_two_bytes = *(__u16 *) (m->payload + payload_offset);

/* example code */
if (port == 9555) /* Check for a port match */
{
printf(“Matched a packet\n”);

if(payload_length)
printf(“First two bytes: 0x%x\n”, first_two_bytes); /* prints in HEX */

printf(“IP Header size: %d\n”, iphdr_size);
printf(“TCP Header size: %d\n”, tcphdr_size);
printf(“Payload Size : %d\n”, payload_length);
printf(“TOTAL IP Packet size: %d\n”, ntohs(iph->tot_len));
printf(“\n”);

status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);

}
else
{
status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
if (status < 0)
die(h);
}
break;
}
}