configure iptables on lo for transparent proxy avoiding infinite loops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



   Hi,
 I need to test a network application for data integrity on a single computer.
 I have 2 instance of the program, A listens to 127.0.0.1:xxx0 and B
listens to 127.0.0.1:xxx1. When A send a tcp message to B, I want to
capture it, modify the payload (changing all 'f' characters to 'b',
for examples), and send it back to B.
 I was thinking about using netsed which needs packets to be
redirected to a port that it listens to. Let's say netsed listens to
127.0.0.1:xxx2.
 What I am afraid of is that if I redirect packets going to
127.0.0.1:xxx1 (B) to 127.0.0.1:xxx2 (netsed), when netsed will send
back the packet after modification, it will send the packet to
127.0.0.1:xxx1, which would then be redirected once again to
127.0.0.1:xxx2. That would create an infinite rerouting loop.
 Is there a way to configure iptables to do what I want ? Maybe by
marking packets so that they are rerouted only once (but the netsed
modification may break the marking)
   Thanks,
   Gurvan

PS: is there a better utility than netsed to replace a string by
another in the payload of tcp packets?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux