[英]What's the best way to dump and drop network packets of a specific application?
I want to dump all of the network packets (IP packets) of a specific application, and then drop them (just like a dumb NIC), so that no packet actually goes through the NIC. 我想转储特定应用程序的所有网络数据包(IP数据包),然后丢弃它们(就像一个哑的NIC),以便实际上没有数据包通过NIC。 All these are done without the awareness of the application.
所有这些都是在不了解应用程序的情况下完成的。 (Which means that the application thinks the packages are sent successfully, but actually they are dropped.)
(这意味着应用程序认为程序包已成功发送,但实际上已将其丢弃。)
I do this so that I can send the dumped data to another machine and resend those packages, with a little modification. 我这样做是为了将转储的数据发送到另一台计算机,然后稍做修改就可以重新发送那些软件包。
The platform is Linux and I think there must be some decent ways to do this, such as using iptables, netfilter or tap/tun. 该平台是Linux,我认为必须有一些不错的方法来做到这一点,例如使用iptables,netfilter或tap / tun。 The problem is that the dumping and dropping should be done for only one application.
问题在于,只能对一个应用程序进行转储和删除。 How can I set rules in this scenario?
在这种情况下如何设置规则?
The last resort method is to modify the kernel and add some interfaces for applications to invoke. 最后一种方法是修改内核并添加一些接口以供应用程序调用。 I hope it's not the only way.
我希望这不是唯一的方法。
If you can launch the process then: 如果可以启动该过程,则:
1) Use lxc (Linux Containers) to put the application in it's own network namespace. 1)使用lxc(Linux容器)将应用程序放置在它自己的网络名称空间中。 You can setup netfilter rules just for that container.
您可以仅为该容器设置netfilter规则。 Heck, you could give the app it's own IP address if you wanted.
哎呀,您可以根据需要为应用提供自己的IP地址。
/usr/bin/lxc-execute -n app_container -f my_net_lxc.conf your_application
2) As Wu pointed out, you can use LD_PRELOAD to override the standard library. 2)正如Wu所指出的,您可以使用LD_PRELOAD覆盖标准库。 Simply point it at some wrapper functions and you can intercept all the calls from the application.
只需将其指向一些包装函数,即可拦截来自应用程序的所有调用。
LD_PRELOAD=/usr/lib/mylib.so your_application
# See here for info: https://github.com/wh5a/ld_preload
3) As Giles pointed out, you can use iptables. 3)正如Giles指出的,您可以使用iptables。 You would have to create a special user just for that application.
您将只需要为该应用程序创建一个特殊用户。
# Setup: Add a user and give him some rules
adduser --shell /bin/false --no-create-home tempuser
iptables -A OUTPUT -m owner --uid-owner tempuser -j ACCEPT
# Run your app
sudo -u tempuser your_application
4) You could run the app under VM technologies, such as User Mode Linux or QEMMU, which give the app a whole kernel that you can modify/control at multiple levels. 4)您可以在VM技术(例如用户模式Linux或QEMMU)下运行该应用程序,这些技术为该应用程序提供了完整的内核,您可以在多个级别上进行修改/控制。
If you did not launch the process, you can still attach to the process with ptrace. 如果没有启动该进程,则仍可以使用ptrace附加到该进程。 This lets you examine every syscall the process makes.
这使您可以检查过程进行的每个系统调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.