LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Using the mangle packet filter with netfilter and iptables (https://www.linuxquestions.org/questions/linux-networking-3/using-the-mangle-packet-filter-with-netfilter-and-iptables-4175634379/)

tenger15 07-18-2018 12:34 PM
Using the mangle packet filter with netfilter and iptables
 
Hello,

I am trying to alter packets using iptables and netfilter in a c program based off the sample nfqnl_test.c file. In that file, it only showed that packets could be queue’d with the NF_QUEUE target (using the -j switch). I modified the utility to change the packets and then send it off using the nfq_set_verdict with a length and the packet:
Code:
return nfq_set_verdict(QueueHandle, id, NF_ACCEPT, len, pktb_data(pkt));
If I am using something like netcat to send UDP packets on the same machine, I am able to modify the packets and using tcpdump verify that they were altered:

Code:
iptables -A OUTPUT -d <dest ip address> -p udp -j NFQUEUE --queue-num 0
However, if I am doing something like a client sending out UDP packets to a server, and modifying them before being received by the server, I don’t see any evidence that the packets have been modified. In fact, the packets are only captured in the INPUT chain, and they never get sent out on the POSTROUTING chain. Here is one combination that I’ve tried that did not work:

Code:
iptables -t mangle -A INPUT -d <dest ip address> -p udp -j NFQUEUE --queue-num 1
iptables -t mangle -A POSTROUTING -d <dest ip address> -p udp -j NFQUEUE --queue-num 1
I’ve also tried different tables such as nat and raw with the same effect. Does anyone have any experience with trying to do this?


Thanks,
Todd


All times are GMT -5. The time now is 11:05 PM.