All geek questions in one place

Joining a TCP Stack in C

This is not just the capture I am looking for here. I want to grab the packet first, and then in real time check the payload for specific data, delete it, enter the signature and reload the packet onto the stack, which will still be sent.

I had a read of ipfw interceptor sockets using IPFW, and it looks very promising. What about examples of modifying packages and re-injecting them onto the stack using forwarding? Also, how curious would it be possible to read data from a socket using Java, or would it limit me through packaging manipulation and re-entry, etc.?

+4
source share
4 answers

I was going to repeat the other answers that iptables recommended (depending on the complexity of both the patterns you are trying to map and the package modifications you want to create) until I paid attention to the BSD tag question.

As Stephen Pellitzer has already mentioned, libpcap is a good option for capturing packets. I believe, however, that libpcap can also be used to send packages. For reference, I'm sure tcpreplay uses it to play pcap files.

0
source

See divert sockets: Forwarding mini HOWTO sockets .

They work by transmitting traffic that matches the specific ipfw rule to a special raw socket, which can then re-convert the changed traffic to network layers.

+4
source

If you are just looking for batch capture, libpcap is very popular. It is used in basic tools like tcpdump and ethereal. As for "connecting to the stack," if you do not plan to fundamentally change the way you implement the network (that is, add your own layer or change the behavior of TCP), your idea of ​​using IPF to modify or intervene a packet seems to be the best choice. On Linux, they have a specific redirection target for user space modules, IPFs probably have something similar, or you can change IPF to do something similar.

If you're just interested in seeing packages, then libpcap is the way to go. You can find it at: http://www.tcpdump.org/

+1
source

This can be done in user space using the QUEUE or NFQUEUE iptables target I am thinking of. The client application joins the queue and receives all the appropriate packets that it can change before re-entering them (it can also drop them if it wants).

There is a client library libnetfilter_queue with which it needs to be associated. Unfortunately, the documentation is minimal, but there are several mailing lists and examples that are confusing.

For performance reasons, you will not want to do this with each package, but only with the specific ones that you have to map using the standard iptables rules. If this is not enough, you need to write your own netfilter kernel module.

+1
source

Source: https://habr.com/ru/post/1276687/

More articles:


All Articles