Class: PacketThief::Impl::Netfilter

Inherits:

Object

Object
PacketThief::Impl::Netfilter

show all

Extended by:: IPTablesRuleHandler

Defined in:: lib/packetthief/impl/netfilter.rb

Overview

PacketThief implemented using the Linux kernel’s Netfilter.

This is roughly equivalent to:

echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp –destination-port <DEST> -j REDIRECT –to-ports <LISTENER>

Currently only implements IPv4.

Note that the listening socket must have a blank hostname. If it is set to 127.0.0.1, then the socket will only run on the loopback device, and traffic that gets redirected from another device won’t reach it.

Defined Under Namespace

Modules: IPTablesRuleHandler Classes: IPTablesRule

Constant Summary collapse

SO_ORIGINAL_DST = /usr/include/linux/netfilter_ipv4.h:#define SO_ORIGINAL_DST 80

Instance Attribute Summary

Attributes included from IPTablesRuleHandler

#active_rules

Class Method Summary collapse

.original_dest(socket) ⇒ Object

Returns the [port, host] for a socket or EM::Connection that whose connection was redirected by netfilter.
.redirect(args = {}) ⇒ Object

Methods included from IPTablesRuleHandler

revert, run

Class Method Details

.original_dest(socket) ⇒ `Object`

Returns the [port, host] for a socket or EM::Connection that whose connection was redirected by netfilter

# File 'lib/packetthief/impl/netfilter.rb', line 97

def self.original_dest(socket)
  if socket.respond_to? :getsockopt
    sockname = socket.getsockopt(Socket::IPPROTO_IP, SO_ORIGINAL_DST)
  elsif socket.respond_to? :get_sock_opt
    sockname = socket.get_sock_opt(Socket::IPPROTO_IP, SO_ORIGINAL_DST)
  end
    Socket::unpack_sockaddr_in(sockname)
end

.redirect(args = {}) ⇒ `Object`

# File 'lib/packetthief/impl/netfilter.rb', line 87

def self.redirect(args={})
  rule = IPTablesRule.new(self,'nat','PREROUTING')
  rule.redirect(args)
end