使用iptables在NAT表上创建DNAT与SNAT规则,对数据包进行转发;在MANGLE表上的FORWARD链上创建NF_QUEUE规则对数据进行勾取并修改;(iptables只有mangle表可以修改数据)
- https://www.cnblogs.com/dpf-10/p/7899237.html
- https://www.cnblogs.com/songshuaiStudy/p/11921160.html
https://github.com/chifflier/nfqueue-rs
- git://git.netfilter.org/libmnl
- git://git.netfilter.org/libnfnetlink
- git://git.netfilter.org/libnetfilter_queue
Install netfilter_queue in CentOS7
https://centos.pkgs.org/7/centos-x86_64/libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm.html
iptables -A OUTPUT --destination 1.2.3.4 -j NFQUEUE --queue-num 0
Packet received [id: 0x1]
-> msg: 45 0 0 54 36 55 40 0 40 1 30 6D C0 A8 3 2F 8 8 8 8 8 0 6C 47 8 BF 0 1 E8 4D A3 5F 0 0 0 0 33 78 5 0 0 0 0 0 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
XML
<pkt>
<when>
<year>2020</year>
<month>11</month>
<day>5</day>
<wday>5</wday>
<hour>8</hour>
<min>57</min>
<sec>12</sec>
</when>
<hook>3</hook>
<id>1</id>
<hw>
<proto>0800</proto>
</hw>
<outdev>2</outdev>
<payload>
45000054365540004001306dc0a8032f0808080808006c4708bf0001e84da35f000000003378050000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
</payload>
</pkt>