Packet modification with netfilter queue?

I'm currently trying to use codes with libnetfilter_queue in userspace to modify packets that were queued in the NFQUEUE target in iptables. However I have little idea as to how to go about doing it. I have set it to copy the packet with NFQNL_COPY_PACKET, if I were to modify the copied packet would it be automatically send back to the kernal by the function nfq_set_verdict()? Additionally, I have previously worked with extracting packets from a pcap file, however I noticed that the data that I get from nfq_get_payload() seems to be very different. Does anyone know how to dissect the data?

2021-06-22 18:55:25    分类:问答    packet   packet-capture   packets   netfilter   packet-mangling

How to access data/payload from tcphdr (sk_buff) struct on debian 64 bits?

I'm working on a small firewall, i had to retrieve the datas from each tcp packet from port 80 (http) for parsing them. This code works well on a debian 32 bits virtual machine, i'm able to print the headers of each web page, but when i try to load my kernel module and to transfer some datas through the http port, it prints no datas. When i compile, it shows those warnings only on my 64bits computer : /home/dev3/C/FIREWALL/firewall.c: In function ‘hook_func’: /home/dev3/C/FIREWALL/firewall.c:179: warning: cast from pointer to integer of different size /home/dev3/C/FIREWALL/firewall.c:179

2021-06-22 06:37:46    分类:问答    c   network-programming   kernel-module   netfilter

如何使用 net_dev_add() API 过滤和拦截 Linux 数据包?(How to filter and intercept Linux packets by using net_dev_add() API?)

问题 我正在为 linux 编写以太网网络驱动程序。 我想接收数据包,编辑并重新发送它们。 我知道如何在packet_interceptor函数中编辑数据包,但是如何在此函数中丢弃传入的数据包? #include <linux/netdevice.h> #include <linux/skbuff.h> #include <linux/ip.h> #include <net/sock.h> struct packet_type my_proto; int packet_interceptor(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { // I dont want certain packets go to upper in net_devices for further processing. // How can I drop sk_buff here?! return 0; } static int hello_init( void ) { printk(KERN_INFO "Hello, world!\n"); my_proto.type = htons(ETH_P_ALL); my_proto.dev = NULL

2021-06-10 21:59:15    分类:技术分享    c   network-programming   linux-device-driver   kernel-module   netfilter

nfq_get_payload 如何构造它的返回数据?(How does nfq_get_payload structure its return data?)

问题 首先,我试图从 Netfilter 队列负载的负载中获取源地址和目标端口(负载是使用 nfq_get_payload 函数检索的)。 以下问题提出了同样的问题并得到了正确答案: 如何从iptables队列中的数据包中提取源端口号和目标端口号 不幸的是,没有解释为什么在地址中添加 20 和 22 会让您处于阅读信息的正确位置。 我认为这是因为数据的结构(显然),但如果有一个定义的结构,它是什么? 该文档没有明确解释数据的格式,只有“此函数检索的数据类型将取决于使用 nfq_set_mode() 函数设置的模式”,但是 set_mode 的文档没有提及任何有关数据的内容输入并且来源不会立即显示任何内容。 我觉得这一定是我遗漏或不理解的常见网络编程结构的核心内容。 注:nfq_get_payload 函数:http://www.netfilter.org/projects/libnetfilter_queue/doxygen/group__Parsing.html#gaf79628558c94630e25dbfcbde09f2933 回答1 我设法弄清楚了这一点,我将把它留在这里供其他人找到。 负载以 iphdr 结构开头。 iphdr 结构有一个协议字段,例如 tcp,如果它是 tcp,那么 iphdr 结构之后的数据是一个 tcphdr 结构,如果它是 udp,那么还有另一个

2021-06-10 01:17:18    分类:技术分享    c++   linux   network-programming   iptables   netfilter

What is the correct way to define a Netfilter hook function?

I'm coding a kernel module (more specifically, a Netfilter module) for Linux. I'm trying to make it compatible with a wide range of kernels, but the entry function is giving me trouble. From LXR, I can see that the nf_hookfn typedef changed in kernel 3.13. Linux 3.12 and before: typedef unsigned int nf_hookfn(unsigned int hooknum, (...)); 3.13 onwards: typedef unsigned int nf_hookfn(const struct nf_hook_ops *ops, (...)); However, we have a Red Hat machine claiming to be using kernel 3.10.0-123.4.4.el7.x86_64, yet its netlink.h reads typedef unsigned int nf_hookfn(const struct nf_hook_ops *ops

2021-06-03 11:52:33    分类:问答    linux   linux-kernel   netfilter

forwarding packets to service in same host without using loopback network

I have this libnetfilter_queue application which receives packets from kernel based on some iptables rule. Before going straight to my problem, i'm giving a sample workable code and other tools to set up a test environment so that We problem definition and possible solutions can be more accurate and robust. The following code describes the core functionality of the application: #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <netinet/in.h> #include <linux/types.h> #include <linux/netfilter.h> /* for NF_ACCEPT */ #include <errno.h> #include <libnetfilter_queue/libnetfilter

2021-06-03 11:48:10    分类:问答    c   linux   networking   udp   netfilter

使用sk_buff添加以太网帧头(Using sk_buff to add an Ethernet frame header)

问题 我有一个捕获外发Internet流量的内核模块(Netfilter钩子:LOCAL_OUT)在此钩子上,仍然没有以太网头。 我构建了以太网标头并且可以使用了,但是如何将它附加到skb以便我可以将整个 skb 结构发送到dev_queue_xmit() ? 是否有任何有关如何处理sk_buff数据的指南,您可以向我提供更多信息? 作为示例,我尝试对所有ECHO ICMP流量执行我想做的事情。 这是我的代码。 但是,当在另一台机器上与Wireshark进行检查时,我得到了一个有效的以太网头,但有一个EMPTY IP数据包……怎么了? static unsigned int post_icmp_check(unsigned int hooknum, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { struct iphdr *iph; struct icmphdr *icmph; struct sk_buff *sb; struct ethhdr *ethh; unsigned char *frame = NULL; //Used just to copy the skb->data and replace

2021-06-02 01:36:49    分类:技术分享    c   linux-kernel   kernel   kernel-module   netfilter

Using sk_buff to add an Ethernet frame header

I have a kernel module that captures outgoing Internet traffic(Netfilter hook: LOCAL_OUT) At this hook, there's still no Ethernet header. I built the Ethernet header and it's ready to use, but how can I attach it to the skb so that I can send the whole skb struct to dev_queue_xmit() ? Is there any guide on how to manipulate sk_buff data that you can provide me for further information? As a sample, I try to do what I want to do on all ECHO ICMP traffic; this is the code I have. But when checking with Wireshark on the other machine, I get a working Ethernet header but an EMPTY IP packet...how

2021-05-18 02:58:18    分类:问答    c   linux-kernel   kernel   kernel-module   netfilter

如何使用netfilter挂钩在内核空间中回显数据包?(How to echo a packet in kernel space using netfilter hooks?)

问题 我想在内核空间中回显一个数据包。 我在具有端口6000的这台计算机上运行了回显服务器。现在,客户端在另一台计算机上运行,​​将数据发送到回显服务器。 现在,我要做的是从内核空间回送数据包。 我不想用数据包打扰服务器,它会在内核空间中默默地回显。 我在下面介绍我的代码: #include <linux/kernel.h> #include <linux/module.h> #include <linux/skbuff.h> #include <linux/netfilter.h> #include <linux/netdevice.h> #include <linux/ip.h> #include <linux/udp.h> #include <linux/mm.h> #include <linux/err.h> #include <linux/crypto.h> #include <linux/init.h> #include <linux/crypto.h> #include <linux/scatterlist.h> #include <net/ip.h> #include <net/udp.h> #include <net/route.h> #include <net/checksum.h> #include <linux/netfilter_ipv4.h>

2021-05-17 18:43:06    分类:技术分享    c   linux   linux-kernel   netfilter

How does nfq_get_payload structure its return data?

Primarily, I'm trying to get the source address and dest port from the payload of a Netfilter queue payload (The payload is retrieved using the nfq_get_payload function). The following question asks the same thing and gets a correct answer: How to extract source and destination port number from packet in queue of iptables Unfortunately, there's no explanation as to why adding 20 and 22 to the address puts you in the right spot to read the info. I assume this is because of the structure of the data (obviously), but if there's a defined structure, what is it? The documentation doesn't explicitly

2021-05-14 14:08:02    分类:问答    c++   linux   network-programming   iptables   netfilter