Netfilter and Scapy

I'm playing around with netfilter hooks in a kernel module. And I want to be able to capture packets created by scapy.

Both the hooks, and also the packet generation via scapy are running on the same physical host. It seems that none of the available netfil开发者_StackOverflow社区ter hooks is able to capture the packet.

I also tried to send the same packet from inside a VM but this does not work either.

I suspect that the problem is related to everything running over loopback iterface since it is all on the same box.

I could of course go with two physical hosts, but this is unfortunately not possible right now :(

static unsigned int out_hook(unsigned int hooknum,
                struct sk_buff *skb,
                const struct net_device *in,
                const struct net_device *out,
                int (*okfn)(struct sk_buff *))
{
    sock_buff = skb; 

    if (!sock_buff) {
        return NF_ACCEPT;
    } else {
            ip_header = (struct iphdr *)skb_network_header(sock_buff);
        if (!ip_header) {
            return NF_ACCEPT;
        } else {
            if (ip_header->protocol == IPPROTO_TCP) {
                th = (struct tcphdr *)(skb_transport_header(sock_buff)+sizeof(struct iphdr));

                printk(KERN_INFO "[LOCAL_OUT] %d.%d.%d.%d:%d -> %d.%d.%d.%d:%d\n", ip_header->saddr & 0x000000FF, (ip_header->saddr & 0x0000FF00) >> 8,(ip_header->saddr & 0x00FF0000) >> 16,(ip_header->saddr & 0xFF000000) >> 24, th->source, ip_header->daddr & 0x000000FF, (ip_header->daddr & 0x0000FF00) >> 8,(ip_header->daddr & 0x00FF0000) >> 16,(ip_header->daddr & 0xFF000000) >> 24, th->dest);

                unsigned int len = sock_buff->len - sizeof(struct tcphdr) - sizeof(struct iphdr);
                printk(KERN_INFO "\t [skbuf->len]=%d", sock_buff->len);
                printk(KERN_INFO "\t [skbuf->data_len]=%d", sock_buff->data_len); 


                return NF_ACCEPT;

            } else {
                return NF_ACCEPT;
            }
        }
    }
}

The above is the hook.

#!/usr/bin/env python

import sys
sys.path.append('/usr/local/bin')

import time
from threading import Thread
from scapy.all import *
from hashlib import sha1, md5
import random
import crypt

conf.iface='wlan0'


packet = IP(dst="192.168.0.104") / TCP(sport=1234, dport=2222) / Raw("testtest")
send(packet)

The above is the send.py

---

Sniffing with Scapy

[mpenning@Bucksnort ~]$ sudo python
Python 2.5.2 (r252:60911, Jan 24 2010, 14:53:14)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import sniff
>>> from scapy.all import wrpcap
>>> foo = sniff(filter="icmp", count=3)
>>> wrpcap("icmppaks.pcap", foo)
>>> quit()
[mpenning@Bucksnort ~]$ tshark -r icmppaks.pcap
  1   0.000000 192.0.2.178 -> 192.0.2.6 ICMP Echo (ping) request
  2   0.000065 192.0.2.6 -> 192.0.2.178 ICMP Echo (ping) reply
  3   1.004224 192.0.2.178 -> 192.0.2.6 ICMP Echo (ping) request
[mpenning@Bucksnort ~]$