Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Apr 15 2005 11:12PM
Joćo Paulo Caldas Campello (protecao gmail com) (1 replies)
Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Apr 20 2005 06:26AM
Manu Garg (manugarg gmail com)
If you are willing to write some code, then you can write a small
kernel module which will collect all the packets from ethernet card.
You get the packet, manipulate it, recalculate the checksum and push
it back to the card. I have tried doing this to manipulate some other
fields. It works.

For reference see the following article from phrack:


On 4/15/05, João Paulo Caldas Campello <protecao (at) gmail (dot) com [email concealed]> wrote:
> On 4/14/05, Valdis.Kletnieks (at) vt (dot) edu [email concealed] <Valdis.Kletnieks (at) vt (dot) edu [email concealed]> wrote:
> > Currently, iptables doesn't seem to support that, probably to keep you from
> > shooting yourself in the foot. Consider for example how fast the kernel will
> > fold up if you change that first nybble of the packet from an x'4' to an x'6'
> > without changing the rest of the packet to match. Suddenly, that sk_buff is
> > a lot too short.. ;)
> Yeah, maybe, who knows :P
> Well, I've did some searching last days and found a couple ways to
> achieve what I've described in my email.
> One is using "DIVERT sockets" and other is the use of the "-j QUEUE"
> target of iptables/netfilter. Both approaches are similar: you match a
> packet using iptables to flush them to userspace, where you can mangle
> the entire packet as you like and send it back to iptables, who will
> put it again onto the stack.
> The "-j QUEUE" approach is manipulated through the "libipq" API:
> - netfilter can feed userspace using IPQUEUE:
> *
> - Perl:
> *
> - Python:
> *
> As you can see, there's already libraries written in Perl and Python
> to query IPQUEUE, so the effort of writing userspace code to deal with
> IP packets wiil be much more easier.
> That's it =)
> Cheers,
> João Paulo.

Manu Garg
"Truth will set you free!"

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus