Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

On 4/13/05, Kary Rogers <kdr7@msstate.edu> wrote:

Kary,

> I think you can do this with divert sockets.  I've used divert sockets
> on FreeBSD and MacOS X to change TCP flags.  There's a how-to for
> linux:
> http://www.faqs.org/docs/Linux-mini/Divert-Sockets-mini-HOWTO.html

Very nice. I've read the documentation and it seems easy. Thanks a lot.

Some guys provided me a lot of links, including documentation of the
"libipq" API and libraries written in Perl and Python, so it will be
much more easier to write userspace code to deal with the IP packets
and flush it back to netfilter, who will bring back the packet to its
normal flow.

Thanks to all the guys who helped me, either pointing some links and
documentation or even just discussing the topic.

Some other useful links:

* IP QUEUE*:
- netfilter can feed userspace using IPQUEUE:
   * http://www.crhc.uiuc.edu/~grier/projects/libipq.html
- Perl:
   * http://www.intercode.com.au/jmorris/perlipq/
- Python:
   * http://woozle.org/~neale/src/ipqueue/

The "DIVERT sockets" and "-j QUEUE" target approaches are similar: you
can use iptables' rules to match some packets and flush them to
userspace, where you can mangle the entire IP packet as you like and
send it back to netfilter, thus continuing their normal flow onto the
stack.

I think now it'll be much easier to address this problem, either using
DIVERT sockets or the IPQUEUE libraries for Perl and Python.

Thanks again and cheers,

João Paulo.