From: Foundation Linux (webmaster@foundationlinux.com)
Date: Wed Apr 13 2005 - 12:52:03 EDT
Joćo Paulo Caldas Campello wrote:
>Hi,
>
>
><snip>
>
>I've already read Netfilter documentation (specially the "Linux
>netfilter Hacking HOWTO") so I know this kind of packet mangling can
>be done in userspace. I thought it could be done in the "MANGLE" table
>of netfilter, but I found no TARGET that achieves that nor any
>documentation about altering arbitrary IP headers.
>
>The question is:
>
> - Does already exist such a tool, module or whatever way to change
>arbitrary headers of IP packets on-the-fly or will I have to (try to)
>write one? =)
>
>Cheers,
>
>Joćo Paulo Campello,
>Network Security Analyst,
>Tempest Security Technologies.
>
>
Well, mangle in iptables only accepts TOS, TTL and MARK as valid targets
so you can't change arbitrary IP headers that way. However, if TOS is
where you're fiddling, it might work. Check out
http://www.faqs.org/docs/iptables/mangletable.html for a bit more info
as well as http://www.faqs.org/docs/iptables/targets.html#TOSTARGET.
The other option I can think of would be (in theory) to set nc (netcat)
up as a TCP proxy and script it to do what you want -- recreate a
duplicate packet with source-routing enabled.
http://www.die.net/doc/linux/man/man1/nc.1.html
-Charles
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:19 EDT