Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
chumarov2015-03-21 05:19:39
Computer networks
chumarov, 2015-03-21 05:19:39

What utility is there to modify the headers of network packets passing through a network bridge?

I have a Linux computer. He has two setevukh - one looks in the mirror port on the switch, the other looks in the computer recording system.
SWITCH
|
|
|
|
eth0
linux computer
eth1
|
|
|
|
COMP FOR RECORDING INCOMING PACKETS Packets
go only from the switch to the computer - they should not go from the computer to the switch.
On a Linux computer, you need to do something like a bridge, but so that it changes the src port of flying UDP packets to 5060 if it is equal to 38906.
Why this is a separate story
. What I tried to do:
1) Set up a bridge on eth0 and eth1. I did sysctl -w net.bridge.bridge-nf-call-iptables=1 so that packets from the bridge get into iptables. Added ALL POSSIBLE SNAT options for the POSTROUTING chain.
For example
iptables -t nat -A POSTROUTING -o br1 -protocol udp -sport 38906 -j SNAT -to-source :5060
And I probably tried all these options. Tried and DNAT for PREROUTING and so on...
Some worked, but not absolutely.
2) Removed the bridge setting. I made a python script on raw sockets - everything works, but I do not like hand-made, as it is unreliable and poorly supported.
In general, once again the situation: I can’t change the port on the switch - because it’s a mirror port on Mikrotik - and it can’t modify headers on such ports. It didn't work on iptables. What other ideas are there? Probably on ettercap. But it takes a long time to try and time is short. If I don't find anything, I'll have to leave the script in python. In general, the question is - are there any other utilities for modifying passing packets - well, something like iptebles?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
chumarov, 2015-03-21
@chumarov

I decided to leave the script - for a week it never fell off. (if there are still jambs - they recommended trying freeBSD with netgraph)
Here is the script

#!/usr/bin/env python
import socket, sys, struct, datetime
from struct import *
#ethtool -K eth1 tx off

BUF_SIZE = 1600         # > 1500
ETH_P_ALL = 3           # To receive all Ethernet protocols
InterfaceIN = "eth1"
InterfaceOUT = "eth0"


# Open socket for input packets
sockINPUT = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(ETH_P_ALL))
sockINPUT.bind((InterfaceIN, 0))
sockINPUT.setblocking(1)

# Open socket for output packets
sockOUTPUT = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(ETH_P_ALL))
sockOUTPUT.bind((InterfaceOUT, 0))
sockOUTPUT.setblocking(1)

print 'Raw socket opened'

while True:
    packet = sockINPUT.recvfrom(65565)

    packet = packet[0]
    #parse ethernet header
    eth_length = 14
    eth_header = packet[:eth_length]
    eth = unpack('!6s6sH' , eth_header)
    eth_protocol = socket.ntohs(eth[2])
    if eth_protocol == 8 :
        ip_header = packet[eth_length:20+eth_length]

        #now unpack them :)
        iph = unpack('!BBHHHBBH4s4s' , ip_header)

        version_ihl = iph[0]
        version = version_ihl >> 4
        ihl = version_ihl & 0xF

        iph_length = ihl * 4

        #ttl = iph[5]
        protocol = iph[6]
        s_addr = socket.inet_ntoa(iph[8]);
        d_addr = socket.inet_ntoa(iph[9]);
    
        #print dir(cap_out)
        print str(datetime.datetime.now())+'  Source Address : ' + str(s_addr) + ' Destination Address : ' + str(d_addr)
        #UDP packets
        #UDP packets
        if protocol == 17 :
            #print 'Version : ' + str(version) + ' IP Header Length : ' + str(ihl) + ' TTL : ' + str(ttl) + ' Protocol : ' + str(protocol) + ' Source Address : ' + str(s_addr) + ' Destination Address : ' + $
            u = iph_length + eth_length
            udph_length = 8
            udp_header = packet[u:u+4]

            #now unpack them :)
            udph = unpack('!HH' , udp_header)
            #print type(udp_header)
            source_port = udph[0]
            dest_port = udph[1]
            #length = udph[2]
            #checksum = udph[3]
            #38906
            if source_port == 38906:
                #print 'Source Port : ' + str(source_port) + ' Dest Port : ' + str(dest_port)
                #print packet
                udp_header = pack('!HH' , 5060, dest_port)
                packet = packet[:u]+ udp_header + packet[u+4:]

            #print UDP headers
            print 'UDP  sport : ' + str(source_port) + ' dport : ' + str(dest_port)

    sockOUTPUT.send(packet)
  
  
sockINPUT.close()
sockOUTPUT.close()

Report
A
Armenian Radio, 2015-03-21
@gbg

suseFirewall solves this issue through iptables. So install suseFirewall, set the desired rule in it - and see what it will push into iptables.

Similar questions
I
Ivan Karabadzhak2012-12-05 11:34:19
Implementation options for DQDB technology? 0Reply
N
nexus02020-06-03 02:17:24
Proxy server under linux? 1Reply
K
Kostya Bakay2015-12-29 00:30:49
How to transfer a large amount of data over a local network? 2Reply
N
Nikolai2015-12-29 09:11:58
Does the "Spider" exist? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question