search

AkihiroSuda / go-netfilter-queue

Go bindings for libnetfilter_queue (Forked from openshift/geard)
Apache License 2.0
109 stars 43 forks source link

redirect package to a different IP #13

Open bonifaido opened 1 year ago

bonifaido commented 1 year ago

I have the following example, which tries to redirect my pings to 8.8.8.8 address instead of the original request:

package main

import (
    "fmt"
    "net"
    "os"

    "github.com/AkihiroSuda/go-netfilter-queue"
    "github.com/google/gopacket/layers"
)

func main() {
    var err error

    nfq, err := netfilter.NewNFQueue(0, 100, netfilter.NF_DEFAULT_PACKET_SIZE)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }
    defer nfq.Close()
    packets := nfq.GetPackets()

    for true {
        select {
        case p := <-packets:
            fmt.Println(p.Packet)

            p.Packet.NetworkLayer().(*layers.IPv4).DstIP = net.IPv4(8, 8, 8, 8)

            fmt.Println("new ->", p.Packet)

            p.SetVerdictWithPacket(netfilter.NF_ACCEPT, p.Packet.Data())
        }
    }
}

I think from the logs, that it doesn't work, since even if I change the IP to a bad address instead I still get a response in ping CLI, where am I doing it wrong?

I used sudo iptables -A OUTPUT -p icmp -j NFQUEUE to setup the queue.

terrbear commented 1 year ago

You'll want to re-serialize the packet after changing the dest that way. See https://pkg.go.dev/github.com/google/gopacket#SerializePacket