Sending packets from TUN device

2

I've been trying to pass all traffic in my system through a user space program. For this purpose I've written a program which creates a TUN device, reads packets from it and writes them back as is. Then I'm trying to manipulate routing in the following way:

Firstly, redirect everything except local to the tunnel. This works properly.

ip link set tun0 up
ip addr add 10.0.0.1/24 dev tun0
echo 100 test >> /etc/iproute2/rt_tables
ip route add default via 10.0.0.2 dev tun0 table test
ip rule add from all lookup test priority 10000

Secondly, route packets from the tunnel to my physical device. This is the problematic step.

echo 101 test0 >> /etc/iproute2/rt_tables
ip route add default via 172.31.4.1 dev wlp3s0 table test0
ip rule add from all iif tun0 lookup test0 priority 9000

According to my ideas, such configuration should provide me with the Internet access as default one. But it doesn't.

Using logging with iptables I've found out that packets correctly reach and leave tun0 device but then they disappear. In more details I'm doing something like this:

iptables -t mangle -A PREROUTING -i tun0 -j LOG --log-prefix "From tun0: "
iptables -t mangle -A PREROUTING -i tun0 -j MARK --set-mark 0x7
iptables -t mangle -A POSTROUTING -m mark --mark 0x7 -j LOG --log-prefix "From tun0 (postrouting): "

The packets on PREROUTING step are discovered in syslog but on POSTROUTING step as well as on the other chains of mangle table (INPUT, FORWARD, OUTPUT) are not.

I am already thinking about using raw IP sockets for sending packets instead of writing to device, but still believe that it must be possible with TUN and routing policies.

Looking forward to any ideas.

user3778438

Posted 2019-09-15T18:39:29.020

Reputation: 21

Code used to create and serve TUN interface. It's pretty simple. – user3778438 – 2019-09-15T19:59:59.170

Answers

0

Partial answer:

The Linux kernel detects that the packets coming from a network interface (in this case, tun0) originated on the very same machine, considers that a routing misconfiguration somewhere in the network (there must be a routing loop, or packets won't come back) and promptly drops the packet to prevent network flooding.

You can turn this off (I forgot the details on how to do that, I'd have to look them up), but the correct solution is probably to do something else instead of what you are doing.

For example, to simulate a second host doing a MITM attack, you could create two TUN interfaces, read from the first and write manipulated packets to the second for outgoing packets, do the same (with possibly different manipulation) for the incoming packets, and then put the second TUN interface together with the physical interface in a network namespace.

Details depend on what exactly your final goal is, which you didn't tell us (so also please read up on XY problems, here your Y is "I need a single echoing TUN interface together with routing").

dirkt

Posted 2019-09-15T18:39:29.020

Reputation: 11 627

The final goal is to record and replay network traffic between a number of local processes. Now I'm just playing around with TUN and routing and my X is exactly "I need a single echoing TUN interface and all network traffic seamlessly passing through it". – user3778438 – 2019-09-16T15:37:30.193

If you want to replay network traffic between a number of local processes (which would use lo), then using a single tun is never going to work, unless you completely turn the normal routing on its head. Which may or may not work, and even if it works, it may have "interesting" side effects. – dirkt – 2019-09-16T17:06:16.153

Asked: 2019-09-15T18:39:29.020

Viewed: 157 times

Active: 2019-09-16T06:45:32.737