使用NFQUEUE的TCP数据包处理 [英] TCP Packet Mangling using NFQUEUE
问题描述
我正在尝试解决以下问题,
I am trying to solve the below issue,
-
我的输出链中有一个iptables规则,该规则说如果数据包符合某些条件,则将其排队并使用NFQUEUE将其发送到用户空间
I have a iptables rule in my output chain which says that if the packet matches certain criteria, then queue it and send it to userspace using NFQUEUE
用户空间程序接收到它,一旦接收到它,它就会检查该数据包是否为tcp数据包,如果是,它将修改该数据包的内容
The userspace program receives it,and once it recieves it, it checks if the packet is a tcp packet and if yes, it modifies the content of the packet
修改后,它发出了,我可以看到,直到现在它可以正常工作,我能够重新计算校验和并验证它,并更新数据包的长度,所有内容都可以正确反映而且我可以使用Wireshark进行确认,也可以看到数据包已到达目的地.我正在修改的数据包是HTTP GET数据包.
After Modifying it, it sends out and I am able to see that till now it works properly, I was able to re-calculate the checksum and verify it and update the length of the packet and everything gets properly reflected and I am able to confirm it using wireshark and I am also able to see that the packet is reaching the destination. The packet I am modifying is HTTP GET Packet.
发生Intial TCP握手,并且在Intial握手之后,我发送修改后的HTTP GET数据包,并从服务器获得响应,但是在此之后,客户端由于某种原因生成了TCP RST数据包并将其发送到目的地,我不确定为什么会发生这种情况.在谷歌搜索之前,人们曾报告它可能是由于序列号混乱造成的,但是在我的情况下,由于我正在修改TCP握手之后的第一个数据包,序列号将与我属于TCP握手的最后一个ACK数据包的序列号相同.
The Intial TCP handshake happens and after the intial handshake, I am sending out the modified HTTP GET Packet and I am getting a response back from the server, but after this, the client for some reason generates a TCP RST packet and sends it to the destination, I am not sure why this happens, Earlier while googling, people had reported it might be due to sequence number disorder, but in my case, since I am modifying the first packet after the TCP Handshake, the sequence number will be the same as that of my last ACK packet belonging to the TCP Handshake.
我怀疑内核模块的某些部分正在缓存HTTP GET请求数据包的长度,因此,一旦对其进行修改并更新了长度,则缓存的部分没有得到更新,原因是,客户端正在发送TCP RST数据包.
I am suspecting that some part of the kernel module is caching the length of the HTTP GET request packet, and once I modify it, and update the length, the cached part is not getting updated, and as a reason, the client is sending the TCP RST Packet.
有人可以帮我解决上述情况吗?
Can some one help me out with the above scenario.
推荐答案
问题在于,更改作为活动流一部分的TCP数据包的长度会弄乱序列号代码,这会导致序列号的任何一方通知重置连接的连接.请参阅RFC 793第3.4节中的详细信息
The problem with this is that changing the length of a TCP packet which is part of an active flow messes up the sequence number code, which causes whichever side of the connection that notices to reset the connection. See the details in RFC 793 section 3.4
这篇关于使用NFQUEUE的TCP数据包处理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
