Vulnerability Development mailing list archives

Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

From: Valdis.Kletnieks () vt edu
Date: Thu, 14 Apr 2005 01:23:31 -0400

On Mon, 11 Apr 2005 19:39:25 -0300, =?ISO-8859-1?Q?Jo=E3o_Paulo_Caldas_Campello?= said:

   I've already read Netfilter documentation (specially the "Linux
netfilter Hacking HOWTO") so I know this kind of packet mangling can
be done in userspace. I thought it could be done in the "MANGLE" table
of netfilter, but I found no TARGET that achieves that nor any
documentation about altering arbitrary IP headers.


Currently, iptables doesn't seem to support that, probably to keep you from
shooting yourself in the foot.  Consider for example how fast the kernel will
fold up if you change that first nybble of the packet from an x'4' to an x'6'
without changing the rest of the packet to match.  Suddenly, that sk_buff is
a lot too short.. ;)

Attachment: _bin
Description:

Current thread:

Any way to automatically change arbitrary headers of IP packets on-the-fly? João Paulo Caldas Campello (Apr 13)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Foundation Linux (Apr 14)
- Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? Valdis . Kletnieks (Apr 14)
  - Re: Any way to automatically change arbitrary headers of IP packets on-the-fly? João Paulo Caldas Campello (Apr 18)