If you are willing to write some code, then you can write a small
kernel module which will collect all the packets from ethernet card.
You get the packet, manipulate it, recalculate the checksum and push
it back to the card. I have tried doing this to manipulate some other
fields. It works.
For reference see the following article from phrack:
http://www.phrack.org/phrack/55/P55-12
cheers,
~Manu
On 4/15/05, João Paulo Caldas Campello <protecao (at) gmail (dot) com [email concealed]> wrote:
> On 4/14/05, Valdis.Kletnieks (at) vt (dot) edu [email concealed] <Valdis.Kletnieks (at) vt (dot) edu [email concealed]> wrote:
>
> > Currently, iptables doesn't seem to support that, probably to keep you from
> > shooting yourself in the foot. Consider for example how fast the kernel will
> > fold up if you change that first nybble of the packet from an x'4' to an x'6'
> > without changing the rest of the packet to match. Suddenly, that sk_buff is
> > a lot too short.. ;)
>
> Yeah, maybe, who knows :P
>
> Well, I've did some searching last days and found a couple ways to
> achieve what I've described in my email.
>
> One is using "DIVERT sockets" and other is the use of the "-j QUEUE"
> target of iptables/netfilter. Both approaches are similar: you match a
> packet using iptables to flush them to userspace, where you can mangle
> the entire packet as you like and send it back to iptables, who will
> put it again onto the stack.
>
> The "-j QUEUE" approach is manipulated through the "libipq" API:
>
> - netfilter can feed userspace using IPQUEUE:
> * http://www.crhc.uiuc.edu/~grier/projects/libipq.html
>
> - Perl:
> * http://www.intercode.com.au/jmorris/perlipq/
>
> - Python:
> * http://woozle.org/~neale/src/ipqueue/
>
> As you can see, there's already libraries written in Perl and Python
> to query IPQUEUE, so the effort of writing userspace code to deal with
> IP packets wiil be much more easier.
>
> That's it =)
>
> Cheers,
>
> João Paulo.
>
--
Manu Garg
http://manugarg.freezope.org
"Truth will set you free!"
kernel module which will collect all the packets from ethernet card.
You get the packet, manipulate it, recalculate the checksum and push
it back to the card. I have tried doing this to manipulate some other
fields. It works.
For reference see the following article from phrack:
http://www.phrack.org/phrack/55/P55-12
cheers,
~Manu
On 4/15/05, João Paulo Caldas Campello <protecao (at) gmail (dot) com [email concealed]> wrote:
> On 4/14/05, Valdis.Kletnieks (at) vt (dot) edu [email concealed] <Valdis.Kletnieks (at) vt (dot) edu [email concealed]> wrote:
>
> > Currently, iptables doesn't seem to support that, probably to keep you from
> > shooting yourself in the foot. Consider for example how fast the kernel will
> > fold up if you change that first nybble of the packet from an x'4' to an x'6'
> > without changing the rest of the packet to match. Suddenly, that sk_buff is
> > a lot too short.. ;)
>
> Yeah, maybe, who knows :P
>
> Well, I've did some searching last days and found a couple ways to
> achieve what I've described in my email.
>
> One is using "DIVERT sockets" and other is the use of the "-j QUEUE"
> target of iptables/netfilter. Both approaches are similar: you match a
> packet using iptables to flush them to userspace, where you can mangle
> the entire packet as you like and send it back to iptables, who will
> put it again onto the stack.
>
> The "-j QUEUE" approach is manipulated through the "libipq" API:
>
> - netfilter can feed userspace using IPQUEUE:
> * http://www.crhc.uiuc.edu/~grier/projects/libipq.html
>
> - Perl:
> * http://www.intercode.com.au/jmorris/perlipq/
>
> - Python:
> * http://woozle.org/~neale/src/ipqueue/
>
> As you can see, there's already libraries written in Perl and Python
> to query IPQUEUE, so the effort of writing userspace code to deal with
> IP packets wiil be much more easier.
>
> That's it =)
>
> Cheers,
>
> João Paulo.
>
--
Manu Garg
http://manugarg.freezope.org
"Truth will set you free!"
[ reply ]