stackoom
  简体   繁体   中英

What's the best way to dump and drop network packets of a specific application?

 原文  2013-03-25 14:24:47       linux/ networking/ tcp/ iptables

Question

I want to dump all of the network packets (IP packets) of a specific application, and then drop them (just like a dumb NIC), so that no packet actually goes through the NIC. All these are done without the awareness of the application. (Which means that the application thinks the packages are sent successfully, but actually they are dropped.)

I do this so that I can send the dumped data to another machine and resend those packages, with a little modification.

The platform is Linux and I think there must be some decent ways to do this, such as using iptables, netfilter or tap/tun. The problem is that the dumping and dropping should be done for only one application. How can I set rules in this scenario?

The last resort method is to modify the kernel and add some interfaces for applications to invoke. I hope it's not the only way.

1 answers

solution1
 0 ACCPTED  2013-04-16 12:52:58

If you can launch the process then:

1) Use lxc (Linux Containers) to put the application in it's own network namespace. You can setup netfilter rules just for that container. Heck, you could give the app it's own IP address if you wanted. 

/usr/bin/lxc-execute -n app_container -f my_net_lxc.conf your_application

2) As Wu pointed out, you can use LD_PRELOAD to override the standard library. Simply point it at some wrapper functions and you can intercept all the calls from the application. 

LD_PRELOAD=/usr/lib/mylib.so your_application
# See here for info: https://github.com/wh5a/ld_preload

3) As Giles pointed out, you can use iptables. You would have to create a special user just for that application. 

# Setup: Add a user and give him some rules
adduser --shell /bin/false --no-create-home tempuser
iptables -A OUTPUT -m owner --uid-owner tempuser -j ACCEPT
# Run your app
sudo -u tempuser your_application

4) You could run the app under VM technologies, such as User Mode Linux or QEMMU, which give the app a whole kernel that you can modify/control at multiple levels.

If you did not launch the process, you can still attach to the process with ptrace. This lets you examine every syscall the process makes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What’s the best way to distribute a binary application for Linux? What are the reasons for UDP packets to be dropped by the network stack what's the best way to check log files for the same application deployed on multiple servers? What's the best server / network architecture for powerful web development? What is the best way to set specific pattern format and changing just data What Kernel Threads are Responsible For Sending Network Packets in the Linux Kernel What is the best way to work with console application runned in background in php? Best way to inject packets into linux kernel to emulate ethernet packet arrival What's best way to secure a database connection string? What's the best way to install ruby 2.4 on (K)Ubuntu 17.10?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM