Linux Kernel Programming: Obscure Transport Protocol
Friday, 10. October 2008, 06:26:23
Links
Subject: [Phrack] Building Into The Linux Network Layer
Description
"OTP (Obscure Transport Protocol): The first one is really simple (and fun too), it works in a client-server paradigm, meaning that you need to have two modules loaded, one on the client and one on the server (duh). The client module catches every TCP packet with the SYN flag on and swaps it with a FIN flag. The server module does exactly the opposite, swaps the FIN for a SYN. I find this particularly fun since both sides behave like a regular connection is undergoing, but if you watch it on the wire it will seem totally absurd. This can also do the same for ports and source address. Let's look at an example taken right from the wire."
--- From [Phrack] Building Into The Linux Network Layer
Objective: modify the code for kernel version 2.6.26
Code
Notes
1. Re: Change In sk_buff structure in 2.6.22 kernel
2. [PATCH 13/16] net: Make the device list and device lookups per namespace.
Subject: [Phrack] Building Into The Linux Network Layer
Description
"OTP (Obscure Transport Protocol): The first one is really simple (and fun too), it works in a client-server paradigm, meaning that you need to have two modules loaded, one on the client and one on the server (duh). The client module catches every TCP packet with the SYN flag on and swaps it with a FIN flag. The server module does exactly the opposite, swaps the FIN for a SYN. I find this particularly fun since both sides behave like a regular connection is undergoing, but if you watch it on the wire it will seem totally absurd. This can also do the same for ports and source address. Let's look at an example taken right from the wire."
--- From [Phrack] Building Into The Linux Network Layer
Objective: modify the code for kernel version 2.6.26
Code
Notes
1. Re: Change In sk_buff structure in 2.6.22 kernel
sk_buff *skb; //Access tcp header tcp_hdr(skb) //Access ip header ip_hdr(skb)
2. [PATCH 13/16] net: Make the device list and device lookups per namespace.
char *name = "eth0"; struct net_device *d; d = get_dev_by_name(&init_net, name);
WIDGETIZE
Anonymous # 8. November 2008, 11:42
Thank you for the two notes ;)
but in accessing to tcp_hdr(skb) the fin / syn flag are inside a define block (LITTLE_ENDIAN or BIG_ENDIAN), i've defined little_endian but that fields are unaccessible again.
do you know why ?
have you tried to make this module ?
thank you again ;)