I’m working on a project that needs to change forwarded packet contents in a big way. I’m wondering if it’s possible to use nftables or iptables queues with a userspace app to modify packets meant for routing. It’s like doing a man-in-the-middle thing.
The docs I’ve seen only talk about accepting or dropping packets, not changing them. I heard that the queue library just copies packets from kernel space, so maybe I can’t change them. But I’m not sure if I’m missing something or if there’s a trick to do this.
Has anyone done something like this before? Any ideas or suggestions would be really helpful. Thanks!
hey there whisperingtree, i’ve messed around with packet modding before. you might wanna check out netfilter_queue in python. it lets u intercept n modify packets before they’re forwarded. just be careful with packet sizes - changing em too much can mess things up. good luck with ur project!
I’ve had experience with a similar project. You’re on the right track with nftables/iptables queues. The key is using libnetfilter_queue in conjunction with a custom userspace application. This allows you to intercept, modify, and re-inject packets.
Keep in mind that altering packet contents can lead to issues with checksums and TCP sequence numbers. You’ll need to handle these carefully. Also, be aware of potential performance impacts when processing large volumes of traffic.
For complex modifications, you might consider using a full-fledged packet manipulation library like Scapy. It provides more flexibility but comes with a performance cost.
Remember to thoroughly test your implementation, especially under high load conditions. Network behavior can be unpredictable when modifying packets in transit.
ooh, that sounds like a cool project! i’ve always been fascinated by network stuff. have you looked into libnetfilter_queue? i think it might be what you’re after. it lets you grab packets from the kernel and fiddle with them before sending them back.
just curious, what kind of modifications are you trying to make? are you doing something like protocol translation or content filtering? i’d love to hear more about your use case!
one thing to watch out for - messing with packets can have some weird side effects sometimes. make sure you test thoroughly, especially if you’re changing packet sizes or important header fields.
anyways, good luck with your project! let us know how it goes 