linux - Send raw IP packet with tun device -
i'm trying programmatically construct , send ip packet through tun device.
i've setup tun device , proper routes:
# ip tuntap add mode tun tun0 # ip link set tun0 # ip addr add 10.0.0.2/24 dev tun0 which results in:
$ route -n kernel ip routing table destination gateway genmask flags metric ref use iface 0.0.0.0 192.168.0.1 0.0.0.0 ug 600 0 0 wlp3s0 10.0.0.0 0.0.0.0 255.255.255.0 u 0 0 0 tun0 192.168.0.0 0.0.0.0 255.255.255.0 u 600 0 0 wlp3s0 $ ifconfig tun0 tun0: flags=4241<up,pointopoint,noarp,multicast> mtu 1500 inet 10.0.0.2 netmask 255.255.255.0 destination 10.0.0.2 inet6 fe80::f834:5267:3a1:5d1d prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (unspec) ip forwarding on: # echo 1 > /proc/sys/net/ipv4/ip_forward
i've setup nat tun0 packets:
# iptables -t nat -a postrouting -s 10.0.0.0/24 -o wlp3s0 -j masquerade # iptables -t nat -l -v chain postrouting (policy accept 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 masquerade -- wlp3s0 10.0.0.0/24 anywhere then have python script produce icmp packets:
import os fcntl import ioctl import struct import time import random # pip install pypacker==4.0 pypacker.layer3.ip import ip pypacker.layer3.icmp import icmp tunsetiff = 0x400454ca iff_tun = 0x0001 iff_no_pi = 0x1000 ftun = os.open("/dev/net/tun", os.o_rdwr) ioctl(ftun, tunsetiff, struct.pack("16sh", b"tun0", iff_tun | iff_no_pi)) req_nr = 1 req_id = random.randint(1, 65000) while true: icmp_req = ip(src_s="10.0.0.2", dst_s="8.8.8.8", p=1) +\ icmp(type=8) +\ icmp.echo(id=req_id, seq=req_nr, body_bytes=b"povilas-test") os.write(ftun, icmp_req.bin()) time.sleep(1) req_nr += 1 i can see packets originating tun0 interface:
# tshark -i tun0 1 0.000000000 10.0.0.2 → 8.8.8.8 icmp 48 echo (ping) request id=0xb673, seq=1/256, ttl=64 2 1.001695939 10.0.0.2 → 8.8.8.8 icmp 48 echo (ping) request id=0xb673, seq=2/512, ttl=64 3 2.003375319 10.0.0.2 → 8.8.8.8 icmp 48 echo (ping) request id=0xb673, seq=3/768, ttl=6 but wlp3s0 interface silent, seems packets don't nat'ed , routed wlp3s0 interface, wlan card.
any ideas missing?
i'm running debian 9. , turns out packet forwarding disabled - default policy forward chain drop:
# iptables -l -v chain forward (policy drop 0 packets, 0 bytes) pkts bytes target prot opt in out source destination so changed policy:
# iptables -p forward accept chain forward (policy accept 0 packets, 0 bytes) pkts bytes target prot opt in out source destination also, had change ip packet source address other 10.0.0.2 preferred source address tun0 interface:
$ ip route 10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.2 so changed packet source address 10.0.0.4:
icmp_req = ip(src_s="10.0.0.4", dst_s="8.8.8.8", p=1) +\ icmp(type=8) +\ icmp.echo(id=req_id, seq=req_nr, body_bytes=b"povilas-test") then kernel started forwarding packets coming tun0 interface gateway interface:
# tshark -i wlp3s0 5 0.008428567 192.168.0.103 → 8.8.8.8 icmp 62 echo (ping) request id=0xb5c7, seq=9/2304, ttl=63 6 0.041114028 8.8.8.8 → 192.168.0.103 icmp 62 echo (ping) reply id=0xb5c7, seq=9/2304, ttl=48 (request in 5) also ping responses sent tun0:
# tshark -i tun0 1 0.000000000 10.0.0.4 → 8.8.8.8 icmp 48 echo (ping) request id=0xb5c7, seq=113/28928, ttl=64 2 0.035470191 8.8.8.8 → 10.0.0.4 icmp 48 echo (ping) reply id=0xb5c7, seq=113/28928, ttl=47 (request in 1)
Comments
Post a Comment