Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

Use NetSED:

http://www.mirrors.wiretapped.net/security/packet-construction/netsed/netsed-README.txt

--- João Paulo Caldas Campello <protecao@gmail.com>
wrote:
> On 4/14/05, Valdis.Kletnieks@vt.edu
> <Valdis.Kletnieks@vt.edu> wrote:
>
> > Currently, iptables doesn't seem to support that,
> probably to keep you from
> > shooting yourself in the foot.  Consider for
> example how fast the kernel will
> > fold up if you change that first nybble of the
> packet from an x'4' to an x'6'
> > without changing the rest of the packet to match. 
> Suddenly, that sk_buff is
> > a lot too short.. ;)
>
> Yeah, maybe, who knows :P
>
> Well, I've did some searching last days and found a
> couple ways to
> achieve what I've described in my email.
>
> One is using "DIVERT sockets" and other is the use
> of the "-j QUEUE"
> target of iptables/netfilter. Both approaches are
> similar: you match a
> packet using iptables to flush them to userspace,
> where you can mangle
> the entire packet as you like and send it back to
> iptables, who will
> put it again onto the stack.
>
> The "-j QUEUE" approach is manipulated through the
> "libipq" API:
>
> - netfilter can feed userspace using IPQUEUE:
>   *
> http://www.crhc.uiuc.edu/~grier/projects/libipq.html
>
> - Perl:
>   * http://www.intercode.com.au/jmorris/perlipq/
>
> - Python:
>   * http://woozle.org/~neale/src/ipqueue/
>
> As you can see, there's already libraries written in
> Perl and Python
> to query IPQUEUE, so the effort of writing userspace
> code to deal with
> IP packets wiil be much more easier.
>
> That's it =)
>
> Cheers,
>
> João Paulo.