kiyama's questions -server

kiyama

Asked: 2021-03-06 02:54:40 +0800 CST

Is there a way to modify specific IP options through iptables?

In IP header there is a option 130 - specified in RFC 1108, it adds some security options for IP packet, like mandatory access control levels and categories. My task is to try to modify at least level (it starts at 3rd byte of option) only by Linux system utilities, like iptables. I tried to use MANGLE table, but didn't find proper actions. Developing module in C is too hard for me. Is there a way to do what i tried? Only by Linux system utilities and in kernel-space, because high performance is needed

UPD. I've eventually done it with two iptables modules - ipt-so and iptables-OVERWRITE, they can be found on Github.

ipt-so module adds ability to filter packets based on their 130 option values (and hence, mark them to modify afterwards)

OVERWRITE simply writes specified byte in packet at specified offset

That's not a proper way and it's very unstable. Also, I'm unsure about performance, but it's only possible way without implementing special module for netfilter.

Is there a way to modify specific IP options through iptables?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?