Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?
From: Manu Garg (manugarg_at_gmail.com)
Date: 04/20/05
- Previous message: G P: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- In reply to: Joćo Paulo Caldas Campello: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- Next in thread: G P: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Apr 2005 02:26:32 -0400 To: Joćo Paulo Caldas Campello <protecao@gmail.com>
If you are willing to write some code, then you can write a small
kernel module which will collect all the packets from ethernet card.
You get the packet, manipulate it, recalculate the checksum and push
it back to the card. I have tried doing this to manipulate some other
fields. It works.
For reference see the following article from phrack:
http://www.phrack.org/phrack/55/P55-12
cheers,
~Manu
On 4/15/05, Joćo Paulo Caldas Campello <protecao@gmail.com> wrote:
> On 4/14/05, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
>
> > Currently, iptables doesn't seem to support that, probably to keep you from
> > shooting yourself in the foot. Consider for example how fast the kernel will
> > fold up if you change that first nybble of the packet from an x'4' to an x'6'
> > without changing the rest of the packet to match. Suddenly, that sk_buff is
> > a lot too short.. ;)
>
> Yeah, maybe, who knows :P
>
> Well, I've did some searching last days and found a couple ways to
> achieve what I've described in my email.
>
> One is using "DIVERT sockets" and other is the use of the "-j QUEUE"
> target of iptables/netfilter. Both approaches are similar: you match a
> packet using iptables to flush them to userspace, where you can mangle
> the entire packet as you like and send it back to iptables, who will
> put it again onto the stack.
>
> The "-j QUEUE" approach is manipulated through the "libipq" API:
>
> - netfilter can feed userspace using IPQUEUE:
> * http://www.crhc.uiuc.edu/~grier/projects/libipq.html
>
> - Perl:
> * http://www.intercode.com.au/jmorris/perlipq/
>
> - Python:
> * http://woozle.org/~neale/src/ipqueue/
>
> As you can see, there's already libraries written in Perl and Python
> to query IPQUEUE, so the effort of writing userspace code to deal with
> IP packets wiil be much more easier.
>
> That's it =)
>
> Cheers,
>
> Joćo Paulo.
>
-- Manu Garg http://manugarg.freezope.org "Truth will set you free!"
- Previous message: G P: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- In reply to: Joćo Paulo Caldas Campello: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- Next in thread: G P: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
