拦截/重新路由TCP SYN数据包到Linux中的C ++程序 [英] Intercepting/Rerouting TCP SYN packets to C++ program in linux
问题描述
我试图找到一种最简单的方法来拦截我的计算机在c ++程序中发送的TCP SYN数据包.我知道有几种选择.一种方法是监视所有流量,而仅选择性地使用SYN数据包,其余则不做任何事情.我遇到的另一个选择是使用数据包过滤实用程序,它将SYN数据包转发到我的程序.有人建议我同时使用 netfilter .
I am trying to find the easiest way to intercept TCP SYN packets sent by my computer in a c++ program. There are couple of options that I know. One would be monitor all traffic and just selectively work with the SYN packets doing nothing with the rest. Another option I came across was to use a packet filtering utility which will forward the SYN packets to my program. Someone suggested me to use netfilter for the same.
我想知道是否还有其他选择,还是应该深入研究netfilter.此外,有关如何使用netfilter做到这一点的任何指示都将有所帮助.
I was wondering if there are other options or should I delve into netfilter. Also, any pointers on how to do it this with netfilter would be helpful.
我想拦截SYN数据包,可能需要先对其进行修改(重新路由到其他目标,更改目标端口等),然后再将其重新注入网络
I want to intercept the SYN packet and may need to modify it (reroute to different destination, change destination port etc) before reinjecting it back to the network
我能够使用iptables和libnetfilter_queue的组合来做到这一点.我使用ipfilter将所有TCP SYN数据包重定向到特定队列(使用简单命令).
然后,在C程序中,我能够使用libnetfilter_queue API访问队列中的数据包,对其进行分析并将其重新注入网络.
I was able to do this using a combination of iptables and libnetfilter_queue. I used ipfilter to redirect all TCP SYN packets to a particular queue (this was using a simple command)
Then in a C program I was able to use libnetfilter_queue API to access the packets in the queue analyze them and reinject them back to the network.
推荐答案
如果只想查看数据包,请使用libpcap和数据包过滤-它将在大多数UNIX变体上运行
If you merely want to see the packets, use libpcap and packet filtering - that'll work on most any UNIX variant.
如果您想以某种方式截取和重写数据包,请提供有关您要执行的操作以及此后数据包将发生什么情况的更多信息.
If you want to somehow intercept and rewrite the packets, please supply more information about what you're trying to do, and what's supposed to happen to the packets afterwards.
如您所建议,这可能是netfilter及其 queue 模块,尽管需要2.6.14或更高版本的内核:
As you suggest, that might be an application for netfilter and its queue module, although that requires a 2.6.14 or later kernel:
主要功能
- 从内核nfnetlink_queue子系统接收排队的数据包
- 发布判决和/或将更改后的数据包重新注入内核 nfnetlink_queue子系统
- receiving queued packets from the kernel nfnetlink_queue subsystem
- issuing verdicts and/or reinjecting altered packets to the kernel nfnetlink_queue subsystem
这篇关于拦截/重新路由TCP SYN数据包到Linux中的C ++程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
