user1262425
user1262425

Reputation: 319

Linux module for modify packets(Netfilter)

Can anybody tell me how can i modify packet data by linux module using Netfilter hooks?

Thanks!

Upvotes: 0

Views: 2882

Answers (2)

Gopi
Gopi

Reputation: 350

Try below program

Write IPTABLES rule to pass packet to user space packet

# iptables -A INPUT -p TCP -j QUEUE

compile and execute as

$ gcc test.c -lipq
$ sudo ./a.out

Source code

#include <netinet/in.h> 
#include <linux/netfilter.h> 
#include <libipq.h> 
#include <stdio.h> 
#include <stdlib.h>


#define BUFSIZE 2048
static void die(struct ipq_handle *h)
{
    ipq_perror("passer");
    ipq_destroy_handle(h);
    exit(1);
}
int main(int argc, char **argv)
{
    int status, i=0;
    unsigned char buf[BUFSIZE];
    struct ipq_handle *h;
    h = ipq_create_handle(0, NFPROTO_IPV4);

    if (!h)     die(h);

    status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);

    if (status < 0) die(h);

    do{
        i++;
        status = ipq_read(h, buf, BUFSIZE, 0);

        if (status < 0) die(h);

        switch (ipq_message_type(buf)) {
            case NLMSG_ERROR:
                fprintf(stderr, "Received error message %d\n",
                ipq_get_msgerr(buf));
                break;
            case IPQM_PACKET:
            {
                ipq_packet_msg_t *m = ipq_get_packet(buf);
                printf("\nReceived Packet");
                /****YOUR CODE TO MODIFY PACKET GOES HERE****/
                status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
                if (status < 0)  die(h);
                break;
            }
            default:
                fprintf(stderr, "Unknown message type!\n");
                break;
        }
    } while (1);
    ipq_destroy_handle(h);
    return 0;
}

Upvotes: 2

MarkR
MarkR

Reputation: 63616

It's not necessary to write your own netfilter module. You can to it from userspace using the QUEUE target from iptables, and writing a daemon which processes the queue.

There are relatively few examples of this, but some do exist. It's normally used for filtering, but you can also (I believe) reinject modified packets (at least in the mangle table of iptables).

Upvotes: 2

Related Questions