Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

From: G P (telos888_at_yahoo.com)
Date: 04/19/05

  • Next message: Manu Garg: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?" 
    Date: Mon, 18 Apr 2005 18:50:42 -0700 (PDT)
To: "Joo" Paulo Caldas Campello <protecao@gmail.com>, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>

    Use NetSED:

    http://www.mirrors.wiretapped.net/security/packet-construction/netsed/netsed-README.txt

    --- Joćo Paulo Caldas Campello <protecao@gmail.com>
    wrote:
    > On 4/14/05, Valdis.Kletnieks@vt.edu
    > <Valdis.Kletnieks@vt.edu> wrote:
    >
    > > Currently, iptables doesn't seem to support that,
    > probably to keep you from
    > > shooting yourself in the foot. Consider for
    > example how fast the kernel will
    > > fold up if you change that first nybble of the
    > packet from an x'4' to an x'6'
    > > without changing the rest of the packet to match.
    > Suddenly, that sk_buff is
    > > a lot too short.. ;)
    >
    > Yeah, maybe, who knows :P
    >
    > Well, I've did some searching last days and found a
    > couple ways to
    > achieve what I've described in my email.
    >
    > One is using "DIVERT sockets" and other is the use
    > of the "-j QUEUE"
    > target of iptables/netfilter. Both approaches are
    > similar: you match a
    > packet using iptables to flush them to userspace,
    > where you can mangle
    > the entire packet as you like and send it back to
    > iptables, who will
    > put it again onto the stack.
    >
    > The "-j QUEUE" approach is manipulated through the
    > "libipq" API:
    >
    > - netfilter can feed userspace using IPQUEUE:
    > *
    > http://www.crhc.uiuc.edu/~grier/projects/libipq.html
    >
    > - Perl:
    > * http://www.intercode.com.au/jmorris/perlipq/
    >
    > - Python:
    > * http://woozle.org/~neale/src/ipqueue/
    >
    > As you can see, there's already libraries written in
    > Perl and Python
    > to query IPQUEUE, so the effort of writing userspace
    > code to deal with
    > IP packets wiil be much more easier.
    >
    > That's it =)
    >
    > Cheers,
    >
    > Joćo Paulo.
    >

  • Next message: Manu Garg: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"

    Relevant Pages

    • Google Summer of Code 2009: Student applies to create a Better IPTables Management Tool
      ... a student) and select the Linux Foundation ... The tool focuses on helping the user to perceive what a particular chains of rules in a particular table does to a user specified packet. ... As the project aims for better IPtables management tool, I can contribute with my hard earned 3 years experience in maintenance of firewalls. ... The tools helps the user to either select all the rules in the chain or some particular rules and tells the impact of the application of selected rules upon the incoming/outgoing packet. ...
      (Linux-Kernel)
    • Re: possible problem with scp/ssh/telnet
      ... packet to the corresponding service. ... The next line in your iptables file is your "ACCEPT" rule for connections to ... I would still expect a failure in tcp to show up in the log if they are not accepted in the tcp line as everything that isn't an accept should continue being processed until the log and reject? ... do I gather from this that iptables is accepting the tcp request and the problem is happening at sshd? ...
      (Fedora)
    • Re: Doubts with iptables (or ipchains)
      ... With iptables use the state module. ... > done with ipchains (using some alternative ... > of the connection would protect my LAN? ... Why would 'a packet' be 52 bytes? ...
      (comp.os.linux.security)
    • iptables: state & forward confusion
      ... $iptables -F -t mangle ... # set a default policy to allow established & related ... packet forwarded to eth1 or eth2...accept those that are explicitly ... forwarded say for outbound web requests and returning responses? ...
      (comp.os.linux.security)
    • iptables: state & forward confusion
      ... $iptables -F -t mangle ... # set a default policy to allow established & related ... packet forwarded to eth1 or eth2...accept those that are explicitly ... forwarded say for outbound web requests and returning responses? ...
      (comp.os.linux.security)