Gamercat
/
geneva
mirror of https://github.com/Kkevsterrr/geneva
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #29 from Kkevsterrr/multiple_strat_ports 

Multiple Strat Ports
This commit is contained in:
harrimd 2021-09-05 10:59:47 -04:00 committed by GitHub
parent e788720bf3 b7bd667ac7
commit 8a919a9f18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -45,7 +45,9 @@ code, it is a description that tells the engine how it should operate over traff
```
Note that if you have stale `iptables` rules or other rules that rely on Geneva's default queues,
this will fail. To fix this, remove those rules.
this will fail. To fix this, remove those rules.
Also note that if you want to specify multiple ports for Geneva to monitor, you can specify a port range using `--server-port 4000:5000` to monitor all ports in the range 4000-5000, or you can specify a list like `--server-port 80,443,4444` to only monitor the explicit ports given.
## Strategy Library

28
engine.py
View File

@ -47,7 +47,7 @@ class Engine():
demo_mode=False):
"""
Args:
server_port (int): The port the engine will monitor
server_port (str): The port(s) the engine will monitor
string_strategy (str): String representation of strategy DNA to apply to the network
environment_id (str, None): ID of the given strategy
server_side (bool, False): Whether or not the engine is running on the server side of the connection
@ -221,17 +221,24 @@ class Engine():
add_or_remove = "D"
cmds = []
for proto in ["tcp", "udp"]:
cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
(add_or_remove, out_chain, proto, port1, self.server_port, self.out_queue_num),
"iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
(add_or_remove, in_chain, proto, port2, self.server_port, self.in_queue_num)]
# Need to change the match rule if multiple ports are specified
# Don't need to do any checking on the port since the iptables command can error, closing the engine
# Default match policy is the protocol
match_policy = proto
if any(x in self.server_port for x in [":", ","]):
match_policy = "multiport"
cmds += ["iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
(add_or_remove, out_chain, proto, match_policy, port1, self.server_port, self.out_queue_num),
"iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
(add_or_remove, in_chain, proto, match_policy, port2, self.server_port, self.in_queue_num)]
# If this machine is acting as a middlebox, we need to add the same rules again
# in the opposite direction so that we can pass packets back and forth
if self.forwarder:
cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
(add_or_remove, out_chain, proto, port2, self.server_port, self.out_queue_num),
"iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
(add_or_remove, in_chain, proto, port1, self.server_port, self.in_queue_num)]
cmds += ["iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
(add_or_remove, out_chain, proto, match_policy, port2, self.server_port, self.out_queue_num),
"iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
(add_or_remove, in_chain, proto, match_policy, port1, self.server_port, self.in_queue_num)]
for cmd in cmds:
self.logger.debug(cmd)
@ -409,7 +416,8 @@ def get_args():
Sets up argparse and collects arguments.
"""
parser = argparse.ArgumentParser(description='The engine that runs a given strategy.')
parser.add_argument('--server-port', type=int, action='store', required=True)
# Store a string, not int, in case of port ranges/lists. The iptables command checks the port var
parser.add_argument('--server-port', action='store', required=True)
parser.add_argument('--environment-id', action='store', help="ID of the current strategy under test")
parser.add_argument('--sender-ip', action='store', help="IP address of sending machine, used for NAT")
parser.add_argument('--routing-ip', action='store', help="Public IP of this machine, used for NAT")