<div dir="ltr"><div><div>Hello,<br></div>I have tried to implement something like the above issue, I want to use netfilter to capture UDP packets, modify them and then send them to the OVS. As you said you tried it and it works. My problem is, I send SIP packets to the OVS, but when I try to print the destination port, as it is 5060, I get 53, which is a DNS port. How did you do that?<br></div>Here is my code. Your help would be really appreciated.<br><br>#include <linux/module.h><br>#include <linux/kernel.h><br>#include <linux/init.h><br>#include <linux/netdevice.h><br>#include <linux/netfilter.h><br>#include <linux/netfilter_ipv4.h><br>#include <linux/ip.h><br>#include <linux/tcp.h><br>#include <linux/udp.h><br><br><br>static struct nf_hook_ops nfho;<br>struct iphdr *iph;<br>struct udphdr *udp_header;<br>struct sk_buff *sock_buff;<br>unsigned int sport, dport;<br><br>unsigned int hook_func(unsigned int hooknum,<br> struct sk_buff **skb,<br> const struct net_device *in,<br> const struct net_device *out,<br> int (*okfn)(struct sk_buff *)) <br>{<br><br> sock_buff = skb;<br><br> if (!sock_buff) {<br> return NF_ACCEPT;<br> }<br><br> iph = (struct iphdr *)ip_hdr(sock_buff);<br><br> if (!sock_buff) {<br> return NF_ACCEPT;<br> }<br> if (!iph) <br> return NF_ACCEPT;<br><br> if(iph->protocol==IPPROTO_UDP) {<br> udp_header = (struct udphdr *)udp_hdr(sock_buff);<br> printk(KERN_INFO "UDP PKT\n");<br> sport = htons((unsigned short int) udp_header->source);<br> dport = htons((unsigned short int) udp_header->dest);<br> printk(KERN_INFO "UDP ports: source: %d, dest: %d \n", sport, dport);<br> return NF_ACCEPT;<br> }<br><br> return NF_ACCEPT; <br><br>}<br><br>static int __init initialize(void) {<br> nfho.hook = hook_func;<br> nfho.hooknum = 0; // I use pre-routing hook to have the packets first in the netfilter and then in the ovs<br> <a href="http://nfho.pf">nfho.pf</a> = PF_INET;<br> nfho.priority = NF_IP_PRI_FIRST;<br> nf_register_hook(&nfho);<br> printk(KERN_INFO "my netfilter module!\n");<br> return 0; <br>}<br><br>static void __exit teardown(void) {<br> nf_unregister_hook(&nfho);<br>}<br><br>module_init(initialize);<br>module_exit(teardown);<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 13, 2017 at 1:08 AM, Jean Tourrilhes <span dir="ltr"><<a href="mailto:jt@labs.hpe.com" target="_blank">jt@labs.hpe.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, Jul 12, 2017 at 10:54:34AM -0700, Joe Stringer wrote:<br>
><br>
> Hi Jean,<br>
><br>
> There's no native integration, but I could imagine that if Netfilter<br>
> ran on the packets first then modified the skb mark field, then OVS<br>
> ran later on that packet then plausibly you could match on the<br>
> pkt_mark.<br>
<br>
</span> I tried it, and it works great.<br>
Thanks a lot !<br>
<span class="HOEnZb"><font color="#888888"><br>
Jean<br>
</font></span><div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
discuss mailing list<br>
<a href="mailto:discuss@openvswitch.org">discuss@openvswitch.org</a><br>
<a href="https://mail.openvswitch.org/mailman/listinfo/ovs-discuss" rel="noreferrer" target="_blank">https://mail.openvswitch.org/<wbr>mailman/listinfo/ovs-discuss</a><br>
</div></div></blockquote></div><br></div>