I have setup a DNS server on a machine. I want to capture the DNS replies before the machine sends out, and change some fields in it and then send the packet.
I am only able to change fields in the packet my pcap code(written in C) captures, which seems like a copy, as the original packet is also transmitted.
I tried iptables to drop packets originating from the machine, but it drops the pcap injected packets as well.
Is there any way out of this?
thank you
If you re looking for a pcap only solution, you re going to have to intercept the DNS request packet, examine it, and assemble the proper reply before the DNS server replies. That doesn t seem real reliable because if the DNS server has an entry cached it s likely to reply before your custom code to assemble a packet and send it out can finish.
The most reliable way to do this is to write a kernel module that is a netfilter hook. Netfilter hooks are able to examine a packet and influence the handling of it at several points before a packet leaves a machine. Hook it at the NF_IP_LOCAL_OUT level. You can then examine the outgoing packet and see if it is a DNS reply fitting your criteria. This next part I haven t done, but since you have direct access to the skb (socket buffer) as an input parameter to your custom hook function, you could modify the packet right there and return NF_ACCEPT to pass the response along to the client. If you needed to do some processing on the request itself, you could hook into NF_IP_LOCAL_IN instead and handle it any number of ways including passing it off to a userspace program.
There are many examples on Google for Linux kernel programming (search: Linux Kernel Module Programming) and also netfilter hook examples.
I have setup a DNS server on a machine. I want to capture the DNS replies before the machine sends out, and change some fields in it and then send the packet. I am only able to change fields in the ...
Basically started with Squid and iptables today (google is your friend). This stuff is going to be the death of me. I have Squid3 setup on Ubuntu 9.04 server as Transparent Proxy. It works sweetly ...
i m designing a simple c code to call the iptables command according to the need. i just want to drop the packets from a particular ipaddress using my c code. thats why i have to use the iptables ...
We usually blacklist IPs address with iptables. But in Amazon EC2, if a connection goes through the Elastic Load Balancer, the remote address will be replaced by the load balancer s address, rendering ...
Is there any convenient way to show loaded iptables module list? I can show installed modules by listing /lib/iptables/ (or /lib64/iptables/) directory but I need active modules list.
I have following problem: CRM system running on Linux computer is sending emails via sendmail. I would like to change destination port from 25 to 587 using iptables but without modifing sendmail (...
I would like to make server that listen on UDP port 162 (SNMP trap) and then forwards this traffic to multiple clients. Also important is that the source port & address stays same (address ...
how do I drop all traffic to smtp, except originating from my IP? This example I found drops traffic for particular IP, I need to deny by default, but allow 1 IP in. Thanks # iptables -A INPUT -s 65....
