Created
April 19, 2015 08:19
-
-
Save hashbrowncipher/791cb128b7d3075e3d41 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Set up an IFB device | |
| modprobe ifb | |
| ip link set dev ifb0 up | |
| # Yes, I am accepting inbound connections on my laptop's WiFi | |
| INFACE=wlan0 | |
| # Set up a plug qdisc | |
| nl-qdisc-add --parent=root --dev=ifb0 --id=1: plug --limit 1048576 | |
| # Initially unplug the qdisc | |
| nl-qdisc-add --parent=root --dev=ifb0 --update plug --release-indefinite | |
| # Set up an ingress qdisc | |
| tc qdisc add dev $INFACE ingress handle ffff: | |
| # Set up a u32 target filter for TCP filtering | |
| tc filter add dev $INFACE protocol ip parent ffff: pref 5 u32 ht 801: divisor 1 | |
| # Designate that TCP SYN packets should be mirrored | |
| tc filter add dev $INFACE protocol ip parent ffff: pref 5 u32 ht 801: \ | |
| match u8 0x02 0xff at nexthdr+13 \ | |
| action mirred egress redirect dev ifb0 | |
| # Throw all TCP packets at 801:, and set offset for next header correctly. | |
| tc filter add dev $INFACE protocol ip parent ffff: pref 5 u32 link 801: \ | |
| offset at 0 mask 0x0f00 shift 6 plus 0 eat \ | |
| match ip protocol 0x06 0xff | |
| tc -s -d filter show dev wlan0 parent root |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment