mirror of https://github.com/Kkevsterrr/geneva
Engine Allows Port Ranges/Lists
Updated the Geneva engine to allow for port ranges and lists specifying which ports to monitor to modify packets. This works using either a range like port 5000 to port 6000 => --server-port 5000:6000 or a list like port 5000, 5500, and 6000 => --server-port 5000,5500,6000. Any error checking on the port variable will be handled by the iptables command.
This commit is contained in:
parent
e788720bf3
commit
f149f1c6f3
28
engine.py
28
engine.py
|
@ -47,7 +47,7 @@ class Engine():
|
||||||
demo_mode=False):
|
demo_mode=False):
|
||||||
"""
|
"""
|
||||||
Args:
|
Args:
|
||||||
server_port (int): The port the engine will monitor
|
server_port (int): The port(s) the engine will monitor
|
||||||
string_strategy (str): String representation of strategy DNA to apply to the network
|
string_strategy (str): String representation of strategy DNA to apply to the network
|
||||||
environment_id (str, None): ID of the given strategy
|
environment_id (str, None): ID of the given strategy
|
||||||
server_side (bool, False): Whether or not the engine is running on the server side of the connection
|
server_side (bool, False): Whether or not the engine is running on the server side of the connection
|
||||||
|
@ -221,17 +221,24 @@ class Engine():
|
||||||
add_or_remove = "D"
|
add_or_remove = "D"
|
||||||
cmds = []
|
cmds = []
|
||||||
for proto in ["tcp", "udp"]:
|
for proto in ["tcp", "udp"]:
|
||||||
cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
|
# Need to change the match rule if multiple ports are specified
|
||||||
(add_or_remove, out_chain, proto, port1, self.server_port, self.out_queue_num),
|
# Don't need to do any checking on the port since the iptables command can error, closing the engine
|
||||||
"iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
|
# Default match policy is the protocol
|
||||||
(add_or_remove, in_chain, proto, port2, self.server_port, self.in_queue_num)]
|
match_policy = proto
|
||||||
|
if any(x in self.server_port for x in [":", ","]):
|
||||||
|
match_policy = "multiport"
|
||||||
|
|
||||||
|
cmds += ["iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
|
||||||
|
(add_or_remove, out_chain, proto, match_policy, port1, self.server_port, self.out_queue_num),
|
||||||
|
"iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
|
||||||
|
(add_or_remove, in_chain, proto, match_policy, port2, self.server_port, self.in_queue_num)]
|
||||||
# If this machine is acting as a middlebox, we need to add the same rules again
|
# If this machine is acting as a middlebox, we need to add the same rules again
|
||||||
# in the opposite direction so that we can pass packets back and forth
|
# in the opposite direction so that we can pass packets back and forth
|
||||||
if self.forwarder:
|
if self.forwarder:
|
||||||
cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
|
cmds += ["iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
|
||||||
(add_or_remove, out_chain, proto, port2, self.server_port, self.out_queue_num),
|
(add_or_remove, out_chain, proto, match_policy, port2, self.server_port, self.out_queue_num),
|
||||||
"iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" %
|
"iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" %
|
||||||
(add_or_remove, in_chain, proto, port1, self.server_port, self.in_queue_num)]
|
(add_or_remove, in_chain, proto, match_policy, port1, self.server_port, self.in_queue_num)]
|
||||||
|
|
||||||
for cmd in cmds:
|
for cmd in cmds:
|
||||||
self.logger.debug(cmd)
|
self.logger.debug(cmd)
|
||||||
|
@ -409,7 +416,8 @@ def get_args():
|
||||||
Sets up argparse and collects arguments.
|
Sets up argparse and collects arguments.
|
||||||
"""
|
"""
|
||||||
parser = argparse.ArgumentParser(description='The engine that runs a given strategy.')
|
parser = argparse.ArgumentParser(description='The engine that runs a given strategy.')
|
||||||
parser.add_argument('--server-port', type=int, action='store', required=True)
|
# Store a string, not int, in case of port ranges/lists. The iptables command checks the port var
|
||||||
|
parser.add_argument('--server-port', action='store', required=True)
|
||||||
parser.add_argument('--environment-id', action='store', help="ID of the current strategy under test")
|
parser.add_argument('--environment-id', action='store', help="ID of the current strategy under test")
|
||||||
parser.add_argument('--sender-ip', action='store', help="IP address of sending machine, used for NAT")
|
parser.add_argument('--sender-ip', action='store', help="IP address of sending machine, used for NAT")
|
||||||
parser.add_argument('--routing-ip', action='store', help="Public IP of this machine, used for NAT")
|
parser.add_argument('--routing-ip', action='store', help="Public IP of this machine, used for NAT")
|
||||||
|
|
Loading…
Reference in New Issue