问题

我目前正在尝试使用nfqueue读取数据包并对其进行修改。不幸的是，我在更改数据包的目标端口方面遇到了一些困难。请参考下面的代码片段。我的想法是将目标端口从8888改写为8000。

我确实看到修改后的数据包从队列中发送出去，但是如果我想通过连接到端口8888来连接到监听在端口8000上的HTTP服务器，连接会超时。我猜测数据包中有一些格式错误。

package main

import (
	"os"
	"os/signal"
	"syscall"

	"github.com/chifflier/nfqueue-go/nfqueue"
	"github.com/coreos/go-iptables/iptables"

	"github.com/google/gopacket"
	"github.com/google/gopacket/layers"
)

func sendNewPacket(payload *nfqueue.Payload, layers ...gopacket.SerializableLayer) {
	buffer := gopacket.NewSerializeBuffer()
	gopacket.SerializeLayers(buffer, gopacket.SerializeOptions{FixLengths: true, ComputeChecksums: true}, layers...)
	outgoingPacket := buffer.Bytes()
	payload.SetVerdictModified(nfqueue.NF_ACCEPT, outgoingPacket)
}

func realCallback(payload *nfqueue.Payload) int {
	packet := gopacket.NewPacket(payload.Data, layers.LayerTypeIPv4, gopacket.Default)
	ethLayer := packet.Layer(layers.LayerTypeEthernet)
	eth, _ := ethLayer.(*layers.Ethernet)
	if ipLayer := packet.Layer(layers.LayerTypeIPv4); ipLayer != nil {
		ip, _ := ipLayer.(*layers.IPv4)
		if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
			tcp, _ := tcpLayer.(*layers.TCP)
			if tcp.DstPort == 8888 {
				tcp.DstPort = 8000
				sendNewPacket(payload, eth, ip, tcp)
				return 0
			}
			if tcp.SrcPort == 8000 {
				tcp.SrcPort = 8888
				sendNewPacket(payload, eth, ip, tcp)
				return 0
			}
		}
	}
	payload.SetVerdict(nfqueue.NF_ACCEPT)
	return 0
}

func main() {
	ipt, err := iptables.New()
	if err != nil {
		panic(err)
	}
	ipt.Append("filter", "INPUT", "-p", "tcp", "-j", "NFQUEUE", "--queue-num", "0")
	ipt.Append("filter", "OUTPUT", "-p", "tcp", "-j", "NFQUEUE", "--queue-num", "0")
	q := new(nfqueue.Queue)
	q.SetCallback(realCallback)

	q.Init()
	defer q.Close()

	q.Unbind(syscall.AF_INET)
	q.Bind(syscall.AF_INET)
	q.CreateQueue(0)

	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt)
	go func() {
		for sig := range c {
			_ = sig
			q.Close()
			err = ipt.ClearChain("filter", "INPUT")
			err = ipt.ClearChain("filter", "OUTPUT")
			if err != nil {
				panic(err)
			}
			os.Exit(0)
		}
	}()
	q.TryRun()
}

英文:

I'm currently playing around with reading packages from nfqueue and modifying them.Unfortunately, I'm a bit stuck at changing the destination port of a package. See the code snippet below. Idea is to rewrite dest port 8888 to 8000.
I do see the modified package going out from the queue, but if I want to connect to an HTTP server listening on port 8000 by connecting to port 8888, the connection times out. I assume something mal-formed in the package.

package main
import (
&quot;os&quot;
&quot;os/signal&quot;
&quot;syscall&quot;
&quot;github.com/chifflier/nfqueue-go/nfqueue&quot;
&quot;github.com/coreos/go-iptables/iptables&quot;
&quot;github.com/google/gopacket&quot;
&quot;github.com/google/gopacket/layers&quot;
)
func sendNewPacket(payload *nfqueue.Payload, layers ...gopacket.SerializableLayer) {
buffer := gopacket.NewSerializeBuffer()
gopacket.SerializeLayers(buffer, gopacket.SerializeOptions{FixLengths: true, ComputeChecksums: true}, layers...)
outgoingPacket := buffer.Bytes()
payload.SetVerdictModified(nfqueue.NF_ACCEPT, outgoingPacket)
}
func realCallback(payload *nfqueue.Payload) int {
packet := gopacket.NewPacket(payload.Data, layers.LayerTypeIPv4, gopacket.Default)
ethLayer := packet.Layer(layers.LayerTypeEthernet)
eth, _ := ethLayer.(*layers.Ethernet)
if ipLayer := packet.Layer(layers.LayerTypeIPv4); ipLayer != nil {
ip, _ := ipLayer.(*layers.IPv4)
if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
if tcp.DstPort == 8888 {
tcp.DstPort = 8000
sendNewPacket(payload, eth, ip, tcp)
return 0
}
if tcp.SrcPort == 8000 {
tcp.SrcPort = 8888
sendNewPacket(payload, eth, ip, tcp)
return 0
}
}
}
payload.SetVerdict(nfqueue.NF_ACCEPT)
return 0
}
func main() {
ipt, err := iptables.New()
if err != nil {
panic(err)
}
ipt.Append(&quot;filter&quot;, &quot;INPUT&quot;, &quot;-p&quot;, &quot;tcp&quot;, &quot;-j&quot;, &quot;NFQUEUE&quot;, &quot;--queue-num&quot;, &quot;0&quot;)
ipt.Append(&quot;filter&quot;, &quot;OUTPUT&quot;, &quot;-p&quot;, &quot;tcp&quot;, &quot;-j&quot;, &quot;NFQUEUE&quot;, &quot;--queue-num&quot;, &quot;0&quot;)
q := new(nfqueue.Queue)
q.SetCallback(realCallback)
q.Init()
defer q.Close()
q.Unbind(syscall.AF_INET)
q.Bind(syscall.AF_INET)
q.CreateQueue(0)
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt)
go func() {
for sig := range c {
_ = sig
q.Close()
err = ipt.ClearChain(&quot;filter&quot;, &quot;INPUT&quot;)
err = ipt.ClearChain(&quot;filter&quot;, &quot;OUTPUT&quot;)
if err != nil {
panic(err)
}
os.Exit(0)
}
}()
q.TryRun()
}

答案1

得分: 0

如果你对解决方案感兴趣，可以在这里找到代码：https://github.com/kung-foo/freki

英文:

In case you are interested in the solution, code can be found here: https://github.com/kung-foo/freki

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

使用gopacket更改目标端口

问题

答案1

How to wait for the command to finish/ till some seconds in golang?

如何在Golang中过滤[][]string切片的元素？

How to measure RTT/latency through TCP clients (created in GoLang) from a TCP server created in GoLang?

Golang：防止连接被对等方重置的策略

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论