lost and found ( for me ? )

Mint 12 : use iptables , nfqueue-bindings-python , python-dpkt


Here's an explanation of how to use nfqueue , nfqueue-bindings and python-dpkt

I’m not familiar with nfqueue , so I referred to the following URLs.

Many thanks!!
# uname –ri
3.0.0-20-generic x86_64

# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Linux Mint 12 Lisa"


install nfqueu-bindings-python and required packages via apt-get
# apt-get install -y nfqueue-bindings-python
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
 libnetfilter-queue1 libpython2.6 python-nfqueue python2.6 python2.6-minimal
Suggested packages:
 python2.6-doc
The following NEW packages will be installed:
 libnetfilter-queue1 libpython2.6 nfqueue-bindings-python python-nfqueue
 python2.6 python2.6-minimal


load nfnetlink_queue module.
# modprobe nfnetlink_queue

# lsmod | grep -i nfnetlink_queue
nfnetlink_queue        17743  0
nfnetlink              14327  1 nfnetlink_queue


jump to NFQUEUE when tcp dst port is 8080/
# iptables –F

#  iptables -I OUTPUT -p tcp -o eth0 --dport 8080 -j NFQUEUE --queue-num 0

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
NFQUEUE    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 NFQUEUE num 0


use the following sample script.

Please note that you need to specify the same queue number both iptables and example.py.
In this case , queue number needs to be 0.

--queue-num 0 (iptables )

q.fast_open(0, AF_INET) ( example.py )

Before using that script , install dpkt python module which is required for example.py
# apt-get install -y python-dpkt --force-yes


access to a remote host with TCP 8080
# telnet 192.168.10.15 8080
Trying 192.168.10.15...
Connected to 192.168.10.15.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 06 Jun 2012 23:31:51 GMT
Server: Apache/2.2.20 (Ubuntu)
Last-Modified: Fri, 09 Dec 2011 06:23:48 GMT
ETag: "1062407-b1-4b3a2d3eb1200"
Accept-Ranges: bytes
Content-Length: 177
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
Connection closed by foreign host.


OK , I could capture 8080 data connection.
# ./example.py
setting callback
open
trying to run
python callback called !
 len 60 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 52 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 64 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 68 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 54 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 52 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080
python callback called !
 len 52 proto 6 src: 192.168.122.124:48921    dst 192.168.10.15:8080


flush iptables setting.
# iptables -F

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.