Skip to content

A kernel module that modify incoming ICMP packets destination IP.

Notifications You must be signed in to change notification settings

a110605/packet_mangling

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

packet_mangling

This is a kernel module that leverage netfilter framework in Linux kernel to modify the incoming ICMP packets.

image

Netfilter Framework

Netfilter is a set of hooks inside Linux kernel.

It allows kernel modules to register callback functions with the network stack in order to intercept and manipulate the network packet.

Netfilter framework has 5 hooks point as picture shown below

  • NF_INET_PRE_ROUTING
  • NF_INET_LOCAL_IN
  • NF_INET_FORWARD
  • NF_INET_LOCAL_OUT
  • NF_INET_POST_ROUTING

iamge

When a registered function is called, it can intercept and modify the packet then return the corresponding value, as defined in /include/uapi/linux/netfilter.h,

  • NF_ACCEPT: let the packet pass.

  • NF_DROP: drop the packet.

  • NF_STOLEN: take the packet and don’t let the packet pass.

  • NF_QUEUE: queue the packet, usually for userspace handling.

  • NF_REPEAT: call the hook again.

Quick Start

Download and compile kernel module

# git clone https://github.com/a110605/packet_mangling.git
# cd packet_mangling/
# make 
# [sudo] insmod dropicmp.ko

You can test this module by using ping command on other computer.

# ping [IP of this linux]

You can see the destination IP of ICMP packets is modified to 1.2.3.4 by this kernel module.

(log in /var/log/messages or using dmesg command)

# dmesg -wH

Remove kernel module

# [sudo] rmmod dropicmp

References

Contact

Please contact me via the mail [email protected]

Thanks.

About

A kernel module that modify incoming ICMP packets destination IP.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published