Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

From: Kary Rogers (kdr7_at_msstate.edu)
Date: 04/13/05

  • Next message: Foundation Linux: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
    Date: Wed, 13 Apr 2005 11:30:02 -0500
    To: Joćo Paulo Caldas Campello <protecao@gmail.com>
    
    

    On Apr 12, 2005, at 1:17 PM, Joćo Campello wrote:
    >
    > The question is:
    >
    > - Does already exist such a tool, module or whatever way to change
    > arbitrary headers of IP packets on-the-fly or will I have to (try to)
    > write one? =)
    >
    > Cheers,
    >
    > Joćo Paulo Campello,
    > Network Security Analyst,
    > Tempest Security Technologies.

    I think you can do this with divert sockets. I've used divert sockets
    on FreeBSD and MacOS X to change TCP flags. There's a how-to for
    linux:
    http://www.faqs.org/docs/Linux-mini/Divert-Sockets-mini-HOWTO.html

     From the introduction:

    "Ever wish you could intercept packets traveling up or down the IP
    stack of your host? And I'm not talking about listening in, like raw
    sockets or libpcap (tcpdump). I mean literally stop the packet from
    further propagating through the IP stack and then (possibly after some
    changes), reinjecting it back? Well, the time to dream is over, because
    divert sockets for Linux are here!

      Divert sockets do exactly that - they filter out certain packets based
    on firewall specifications and bring them to you in user space. You
    then have the freedom of simply reinjecting them back as if nothing
    happened, mangling them first and then reinjecting them, or not
    reinjecting them at all.

      As the name suggests, this mechanism utilizes a special type of RAW
    socket called divert (IPPROTO_DIVERT) that allow you to receive and
    send on them just like regular sockets. The difference is that a divert
    socket is bound to a port, into which the firewall can be instructed to
    send certain packets. Anything that a firewall can filter out can be
    sent into a divert socket.

      Divert sockets first appeared as part of FreeBSD. Divert sockets under
    Linux is a port of this mechanism that strives to be source-code
    compatible in terms of user-space programs that utilize it."

    HTH,

    --
    Kary Rogers
    Network Analyst
    Network Services
    Mississippi State University
    

  • Next message: Foundation Linux: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"

    Relevant Pages

    • Re: Changing TOS of forwarded packets?
      ... I have tried such scheme (second, with two divert sockets, tee not ... > (he's looking at ethernet packets where you would be looking at IP ... > we'd need to reinject them to a socket.. ... but I'm looking for some solution that'd allow me to modify TOS of the ...
      (freebsd-net)
    • Re: divert and deadlock issues
      ... multicast options via the divert socket". ... I dont think we should be specifying multicast options on divert sockets. ... received the packets. ...
      (freebsd-net)