0

I need to queue all tcp packets sent out from the local device programmatically so that the application I implemented using libnetfilter_queue and libpcap would start capturing packets within the queue. But the current solution I have is to manually type in,

sudo iptables -A OUTPUT -p tcp -j NFQUEUE

In the terminal before I run my application which is not acceptable as the application should queue all tcp packets and capture and show them automatically.

I would be really grateful if you experts could provide a solution so that sudo iptables -A OUTPUT -p tcp -j NFQUEUE coud be done within the application itself without the need of user typing it in the terminal every time the program is run.

Thank you :)

EDIT

Reason I am seekiing a solution to this programatically is because : until I type in iptables -F the device will hold on to the data without releasing. I want to capture the packets, which is happening now, modify it and send it without it being held in the queue :) the current code modifies the packets but it is kept in the queue until the -F command is given. I want the modified packets to be sent out to its destination without being held in the queue :)

Hasitha Shan
  • 2,900
  • 6
  • 42
  • 83
  • Wrap your application in a shell script, where you first run your iptables command and then start your application. – Olaf Dietsche Mar 29 '14 at 14:05
  • @OlafDietsche Thank you very much for your support sir :) I will try that out.. Just out of curiosity, doesn't netfilter provide any classes to do this programaticallyin c? I tried to find but had no luck – Hasitha Shan Mar 29 '14 at 14:12
  • @OlafDietsche why I am asking is that till I tupe in `iptables -F` the device will hold on to the data without releaseing. I want to capture the packetts, which is happening now, modify it and send it without it being held in the queue :) the current code modifies the packets but it is kept in the que until the `-F` command is given – Hasitha Shan Mar 29 '14 at 14:17
  • I am new to this as well. You might look into `iptables` source, if all else fails. – Olaf Dietsche Mar 29 '14 at 14:20
  • @OlafDietsche as am I.. :) thank you very much for the help you gave..I was actually doing it right now :) – Hasitha Shan Mar 29 '14 at 14:23

0 Answers0