* configure iptables on lo for transparent proxy avoiding infinite loops
@ 2009-12-09 16:19 Gurvan Le Guernic
0 siblings, 0 replies; only message in thread
From: Gurvan Le Guernic @ 2009-12-09 16:19 UTC (permalink / raw)
To: netfilter
Hi,
I need to test a network application for data integrity on a single computer.
I have 2 instance of the program, A listens to 127.0.0.1:xxx0 and B
listens to 127.0.0.1:xxx1. When A send a tcp message to B, I want to
capture it, modify the payload (changing all 'f' characters to 'b',
for examples), and send it back to B.
I was thinking about using netsed which needs packets to be
redirected to a port that it listens to. Let's say netsed listens to
127.0.0.1:xxx2.
What I am afraid of is that if I redirect packets going to
127.0.0.1:xxx1 (B) to 127.0.0.1:xxx2 (netsed), when netsed will send
back the packet after modification, it will send the packet to
127.0.0.1:xxx1, which would then be redirected once again to
127.0.0.1:xxx2. That would create an infinite rerouting loop.
Is there a way to configure iptables to do what I want ? Maybe by
marking packets so that they are rerouted only once (but the netsed
modification may break the marking)
Thanks,
Gurvan
PS: is there a better utility than netsed to replace a string by
another in the payload of tcp packets?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-12-09 16:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-09 16:19 configure iptables on lo for transparent proxy avoiding infinite loops Gurvan Le Guernic
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).