#!/usr/bin/env lua

--[[

To verify input:

sudo tcpdump -v -X -n -s0 icmp and src host 192.168.41.177

Running with bing from my host to build:

--- 192.168.41.177 statistics ---

bytes out in dup loss rtt (ms): min avg max std dev

44 34512 34512 0% 0.075 0.081 2.228 0.013

108 34512 34512 0% 0.077 0.085 1.739 0.012

--- build.wurldtech.local statistics ---

bytes out in dup loss rtt (ms): min avg max std dev

44 34512 34512 0% 0.120 0.128 10.103 0.091

108 34512 34512 0% 0.153 0.164 10.156 0.129

--- estimated link characteristics ---

host bandwidth ms

build.wurldtech.local 33.032Mbps 0.045

It looks from top that lua usage is 45% cpu in this case.

NOTE! Any console (especially to X) I/O causes cpu usage to go down, because

it blocks lua (so also slows traffic down).

]]

require"nfq"

local function quiet() end

print = quiet

os.execute"iptables -L"

os.execute"iptables -t filter -D OUTPUT 1"

os.execute"iptables -t filter -I OUTPUT 1 -p icmp -j QUEUE"

os.execute"iptables -L"

local function h(s)

local bytes = {string.byte(s, 1, 10)}

for i,v in ipairs(bytes) do

bytes[i] = string.format("%02x", bytes[i])

end

return table.concat(bytes)

end

local function setttl()

-- replace TTL with 1

-- TTL is at byte 9, counting from 1

local replace = payload:sub(1, 8) .. "\1" .. payload:sub(10)

print(h(replace))

return "accept", replace

end

local function damage(payload)

local start = payload:sub(1, -2)

local last = string.char(payload:byte(-1) + 1)

local replace = start..last

print(h(replace))

return "accept", replace

end

local h = nfq.open()

nfq.unbind_pf(h, "inet")

nfq.bind_pf(h, "inet")

local q = nfq.create_queue(h, 0)

nfq.set_mode(q, copy, 0xffff)

local payload

nfq.catch(h, function (nfqdata)

print("nfqdata", nfqdata)

local payload = nfq.get_payload(nfqdata)

print(h(payload))

--return setttl(payload)

return "accept", damage(payload)

--return "drop"

end)

nfq.destroy_queue(q)

nfq.close(h)