Solved

capturing and manipulating packets in openbsd

Posted on 2003-11-13
6
391 Views
Last Modified: 2011-09-20
Hi everyone,

i am currently doing my Thesis, and part of it includes the following
steps: (OS= OpenBSD 3.3, or 3.4).

It is based on following structure:


Client1-----------(fxp1)IPSEC-Bridge1(fxp0)---------------------(fxp0)IPSEC-Bridge2(fxp1)------Client2

I installed that using example of brconfig...now my major tasks are
ahead (changes to do):

Scenario: start a telnet session from client 1 to client 2


1. get packets getting in interface fxp1 from IP stack (kernelspace) and get each packet into
userspace

2. parsing or decoding the IP packets in user space.

3. changing the IP packet (adding a specific string to it, or to
payload,tagging it)

4. injecting packet back to IP stack .


Now i have been told i can do step 1 and 2 using tun device, or bpf
device.

How do i achieve the other steps?any code samples?
cheers
0
Comment
Question by:braty
  • 3
6 Comments
 
LVL 45

Expert Comment

by:Kdo
ID: 9739300

Hi braty,

It's certainly odd (and scary) that someone claiming to be developing his Thesis has to come to EE for ideas on how to code something like this.  On top of that, the function has "security issue" stamped all over it.  I'm very tempted to suggest that either you're motives are less than pure, or 6 years of college have already been wasted.

But just in case, everything that you want to do is already being done as part of the linux base operating system.  You should be able to find it in the OpenBSD source code.


Kent
0
 

Author Comment

by:braty
ID: 9741353
hey Kent,

You know my grandma always told me to keep silent, unless i am looking for, or have an answer to something. :-)

Well... first to make it clear, i am an electric engineering major, and my C-programming skills are not the best.

Second :"security worries" are accepted...it is this project is ofcourse for test and developement purposes...besides...the manipulated packets would be capsuled into ipsec frames.

Third...i appreciate your hint to the OpenBSD source code, i thought someone would have experienced something similar and would give a pointing to the relevant code.
I wouldn't want to go through 20 000 lines of code :-)

Cheers.
0
 
LVL 45

Accepted Solution

by:
Kdo earned 40 total points
ID: 9741414

If pointing you toward the correct source code will suffice, I'll be glad to oblige.

The current Linux kernel has support for packet forwarding, firewalls (ip tables), and network address translation (NAT).  All three of these functions are related to what you are trying to do.

Your stated mission is to intercept packets and modify their contents.  One method is to write an application that receives packets, modifies them, and forwards them, and possible awaits a reply, modifies the reply, and forwards the reply to the originator.  Of course, this means that the originating client has to connect to your service, but I don't believe that this is your intent.

To me, the only "real" choice is to hook directly into the kernel, examine the packets, and move forward from this point.  If you'll examine the source code for any of the three functions that I mentioned above, you'll see how these embedded functions work.  Though none of the functions do exactly what you want, all do some of what you want.  NAT modifies the packet to conver the IP address.


Good Luck, and apologies if my skepticism was misplaced,
Kent
0
 
LVL 45

Expert Comment

by:Kdo
ID: 9741439

Another very workable solution might be to build your functionality into the existing iptables code.  Iptables is already designed to inspect the packets and perform specific functions based on the information in the packet.  It seems that you could extend iptables so that "if the source address is a.b.c.d and the destination port is xx, then modify the packet.  (Or whatever other criteria you choose.)


Kent
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now