added checks and changed prio

2025-03-07 18:16:23 +01:00
parent 3494d10032
commit 9eb7d5461f
3 changed files with 13 additions and 7 deletions
--- a/backend/binsrc/classes/nfqueue.cpp
+++ b/backend/binsrc/classes/nfqueue.cpp
@@ -134,7 +134,8 @@ class PktRequest {
 		l4_proto = fill_l4_info();
 		#ifdef DEBUG
 		if (tcp){			
-			cerr << "[DEBUG] NEW_PACKET " << (is_input?"-> IN ":"<- OUT") << " [SEQ: " << tcp->seq() << "] \t[ACK: " << tcp->ack_seq() << "] \t[SIZE: " << data_size() << "]" << endl;
+			cerr << "[DEBUG] NEW_PACKET " << (is_input?"-> IN ":"<- OUT")  << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
+			cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
 		}
 		#endif
 	}
@@ -237,7 +238,8 @@ class PktRequest {
 		}
 		#ifdef DEBUG
 		size_t new_size = inner_data_size(tcp);
-		cerr << "[DEBUG] FIXED PKT  " << (is_input?"-> IN ":"<- OUT") << " [SEQ: " << tcp->seq() << "] \t[ACK: " << tcp->ack_seq() << "] \t[SIZE: " << new_size << "]" << endl;
+		cerr << "[DEBUG] FIXED PKT  " << (is_input?"-> IN ":"<- OUT")  << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
+		cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
 		#endif
 	}

@@ -360,7 +362,10 @@ class PktRequest {
 				}
 				nfq_nlmsg_verdict_put_pkt(nlh_verdict, packet.data(), packet.size());
 				#ifdef DEBUG
-				cerr << "[DEBUG] MANGLEDPKT " << (is_input?"-> IN ":"<- OUT") << " [SIZE: " << packet.size()-header_size() << "]" << endl;
+				if (tcp){
+					cerr << "[DEBUG] MANGLEDPKT " << (is_input?"-> IN ":"<- OUT")  << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
+					cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
+				}
 				#endif
 				if (tcp && ack_seq_offset && packet.size() != _original_size){
 					if (is_input){
--- a/backend/modules/nfproxy/nftables.py
+++ b/backend/modules/nfproxy/nftables.py
@@ -34,7 +34,7 @@ class FiregexTables(NFTableManager):
                "name":self.input_chain,
                "type":"filter",
                "hook":"prerouting",
-                "prio":-301, 
+                "prio":-310,
                "policy":"accept"
            }}},
            {"add":{"chain":{ #Output chain attached after conntrack saw it
@@ -43,7 +43,7 @@ class FiregexTables(NFTableManager):
                "name":self.output_chain,
                "type":"filter",
                "hook":"postrouting",
-                "prio":-290,
+                "prio":-310,
                "policy":"accept"
            }}}
        ],[