SuperHac.com

Here’s another snippet of code for calculating and parsing a UDP packet with LIBIPQ. This function gets the first two bytes of the UDP packet payload(data).
>
>

__u16 get_udp_two_payload_bytes(ipq_packet_msg_t *msg)
> {
>
> unsigned int udp_header_size = 8; /* UDP always has an 8 byte header! */
> __u16 fist_two_bytes;
>
> /* Cast the IP Header from the raw packet */
> struct iphdr *iph = ((struct iphdr *) msg->payload);
>
> /* Cast the UDP Header from the raw packet */
> struct udphdr *udp = (struct udphdr *) (msg->payload + (iph->ihl 2));
>
> /* get the payload offset from within the raw packet */
> int unsigned payload_offset = ( udp_header_size + (iph->ihl 2) );
>
> /* calculate the length of the UDP payload */
> int unsigned payload_length = ntohs(udp->len) – udp_header_size;

/* get the first two bytes of the payload */
if(payload_length)
first_two_bytes = *(__u16 *) (msg->payload + payload_offset);
else /* There was no payload… */
printf(“ERROR: Payload is zero….\n”);
return(first_two_bytes);
}

Just a dump of the ipq_packet_msg structure.

ipq_packet_msg structure defined in /usr/include/linux/netfilter_ipv4/ip_queue.h:

typedef struct ipq_packet_msg {
unsigned long packet_id; /* ID of queued packet */
unsigned long mark; /* Netfilter mark value */
long timestamp_sec; /* Packet arrival time (seconds) */
long timestamp_usec; /* Packet arrvial time (+useconds) */
unsigned int hook; /* Netfilter hook we rode in on */
char indev_name[IFNAMSIZ]; /* Name of incoming interface */
char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */
unsigned short hw_protocol; /* Hardware protocol (network order) */
unsigned short hw_type; /* Hardware type */
unsigned char hw_addrlen; /* Hardware address length */
unsigned char hw_addr[8]; /* Hardware address */
size_t data_len; /* Length of packet data */
unsigned char payload[0]; /* Optional packet data */
} ipq_packet_msg_t;