Re: Filter or change tcp packets
- From: Rick Jones <rick.jones2@xxxxxx>
- Date: Wed, 23 Apr 2008 18:45:43 +0000 (UTC)
Nowitzki Rados <Nowitzki.Rados@xxxxxxxxx> wrote:
Hello, I need to filter packets that are comming from certain server
(IP address/port number). Server sends packets to my client program,
but some of those packets cause client to crash (those packets are
generated by other server users because of hole in chat program). So
I tried to configure iptables to search data section of tcp packets
comming from that IP address and if it finds "unwanted pattern that
crash client", it should drop packets. I managed to do that, but it
seems like it was bad solution. Problem is that when packet from
server is dropped by iptables, my client application stop working
properly (I think it stops comunication with server because of
packet loss, but I am not sure). I read that when iptables drop
packet it does not notify sender about it. Does that means that
sender continue to send same packet over and over again? (and
because there is no response from client side they stop to
communicate).
Yes. Assuming this chat stuff runs over a protocol such as TCP, TCP
will continue to retransmit the segments which remain unACKed by the
receiving TCP until it either receives an ACK from the
remote/receiving TCP or it hits its retransmission limits and aborts
the connection.
If that is true is there any way to drop packet and to tell server
to send next one?
No. TCP is all about doing its level best to get all the data sent to
the other side, in the order in which it was sent.
Altough I can see another problem there because if that happens
client side would have wrong sequence number for next packet? Anyone
have idea how could I solve this problem?
Fix the source of bad data, or detect and deal with it in the
receiving application.
I also thought about changing tcp packet data. Is there any way to
do something like this:
-when packet arives, program (or iptables) search pattern in its
data
-if pattern is found, program (or iptables, but i doubt it has that
feature) change data in tcp packet, so that "unwanted pattern that
cause buffer overflow" is removed from it.
-changed packet is forwarded to client like nothing happened
I think this would solve my problem,
No, it would kludge around your problem, a solution would elimitate
the root cause. That would be eliminating the bug in the sending
application, and also eliminating the bug in the client.
rick jones
--
The glass is neither half-empty nor half-full. The glass has a leak.
The real question is "Can it be patched?"
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
.
- Follow-Ups:
- Re: Filter or change tcp packets
- From: Nowitzki Rados
- Re: Filter or change tcp packets
- References:
- Filter or change tcp packets
- From: Nowitzki Rados
- Filter or change tcp packets
- Prev by Date: inconsistent HTTP download speeds on a LAN
- Next by Date: Re: Port 25 vs 587
- Previous by thread: Filter or change tcp packets
- Next by thread: Re: Filter or change tcp packets
- Index(es):
Relevant Pages
|
