Here's an explanation of how to use nfqueue , nfqueue-bindings and python-dpkt
I’m not familiar with nfqueue , so I referred to the following URLs.
Many thanks!!
# uname –ri
3.0.0-20-generic x86_64
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Linux Mint 12 Lisa"
|
install nfqueu-bindings-python and required packages via apt-get
# apt-get install -y nfqueue-bindings-python
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libnetfilter-queue1 libpython2.6 python-nfqueue python2.6 python2.6-minimal
Suggested packages:
python2.6-doc
The following NEW packages will be installed:
libnetfilter-queue1 libpython2.6 nfqueue-bindings-python python-nfqueue
python2.6 python2.6-minimal
|
load nfnetlink_queue module.
# modprobe nfnetlink_queue
# lsmod | grep -i nfnetlink_queue
nfnetlink_queue 17743 0
nfnetlink 14327 1 nfnetlink_queue
|
jump to NFQUEUE when tcp dst port is 8080/
| # iptables –F # iptables -I OUTPUT -p tcp -o eth0 --dport 8080 -j NFQUEUE --queue-num 0 # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination NFQUEUE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 NFQUEUE num 0 |
use the following sample script.
Please note that you need to specify the same queue number both iptables and example.py.
In this case , queue number needs to be 0.
--queue-num 0 (iptables )
q.fast_open(0, AF_INET) ( example.py )
Before using that script , install dpkt python module which is required for example.py
# apt-get install -y python-dpkt --force-yes
|
access to a remote host with TCP 8080
# telnet 192.168.10.15 8080
Trying 192.168.10.15...
Connected to 192.168.10.15.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Wed, 06 Jun 2012 23:31:51 GMT
Server: Apache/2.2.20 (Ubuntu)
Last-Modified: Fri, 09 Dec 2011 06:23:48 GMT
ETag: "1062407-b1-4b3a2d3eb1200"
Accept-Ranges: bytes
Content-Length: 177
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
Connection closed by foreign host.
|
OK , I could capture 8080 data connection.
# ./example.py
setting callback
open
trying to run
python callback called !
len 60 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 52 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 64 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 68 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 54 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 52 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
python callback called !
len 52 proto 6 src: 192.168.122.124:48921 dst 192.168.10.15:8080
|
flush iptables setting.
# iptables -F
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.