0xb00b5/firegex-traffic-viewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added checks and changed prio

Browse Source
This commit is contained in:
Domingo Dirutigliano
2025-03-07 18:16:23 +01:00
parent 3494d10032
commit 9eb7d5461f
3 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/binsrc/classes/nfqueue.cpp
View File

@@ -134,7 +134,8 @@ class PktRequest {
l4_proto = fill_l4_info(); l4_proto = fill_l4_info();
#ifdef DEBUG #ifdef DEBUG
if (tcp){ if (tcp){
cerr << "[DEBUG] NEW_PACKET " << (is_input?"-> IN ":"<- OUT") << " [SEQ: " << tcp->seq() << "] \t[ACK: " << tcp->ack_seq() << "] \t[SIZE: " << data_size() << "]" << endl; cerr << "[DEBUG] NEW_PACKET " << (is_input?"-> IN ":"<- OUT") << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
} }
#endif #endif
} }
@@ -237,7 +238,8 @@ class PktRequest {
} }
#ifdef DEBUG #ifdef DEBUG
size_t new_size = inner_data_size(tcp); size_t new_size = inner_data_size(tcp);
cerr << "[DEBUG] FIXED PKT " << (is_input?"-> IN ":"<- OUT") << " [SEQ: " << tcp->seq() << "] \t[ACK: " << tcp->ack_seq() << "] \t[SIZE: " << new_size << "]" << endl; cerr << "[DEBUG] FIXED PKT " << (is_input?"-> IN ":"<- OUT") << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
#endif #endif
} }
@@ -360,7 +362,10 @@ class PktRequest {
} }
nfq_nlmsg_verdict_put_pkt(nlh_verdict, packet.data(), packet.size()); nfq_nlmsg_verdict_put_pkt(nlh_verdict, packet.data(), packet.size());
#ifdef DEBUG #ifdef DEBUG
cerr << "[DEBUG] MANGLEDPKT " << (is_input?"-> IN ":"<- OUT") << " [SIZE: " << packet.size()-header_size() << "]" << endl; if (tcp){
cerr << "[DEBUG] MANGLEDPKT " << (is_input?"-> IN ":"<- OUT") << " [SIZE: " << data_size() << "] FLAGS: " << (tcp->get_flag(Tins::TCP::FIN)?"FIN ":"") << (tcp->get_flag(Tins::TCP::SYN)?"SYN ":"") << (tcp->get_flag(Tins::TCP::RST)?"RST ":"") << (tcp->get_flag(Tins::TCP::ACK)?"ACK ":"") << (tcp->get_flag(Tins::TCP::PSH)?"PSH ":"") << endl;
cerr << "[SEQ: " << tcp->seq() << "] [ACK: " << tcp->ack_seq() << "]" << " [WIN: " << tcp->window() << "] [FLAGS: " << tcp->flags() << "]\n" << endl;
}
#endif #endif
if (tcp && ack_seq_offset && packet.size() != _original_size){ if (tcp && ack_seq_offset && packet.size() != _original_size){
if (is_input){ if (is_input){

4
backend/modules/nfproxy/nftables.py
View File

@@ -34,7 +34,7 @@ class FiregexTables(NFTableManager):
"name":self.input_chain, "name":self.input_chain,
"type":"filter", "type":"filter",
"hook":"prerouting", "hook":"prerouting",
"prio":-301, "prio":-310,
"policy":"accept" "policy":"accept"
}}}, }}},
{"add":{"chain":{ #Output chain attached after conntrack saw it {"add":{"chain":{ #Output chain attached after conntrack saw it
@@ -43,7 +43,7 @@ class FiregexTables(NFTableManager):
"name":self.output_chain, "name":self.output_chain,
"type":"filter", "type":"filter",
"hook":"postrouting", "hook":"postrouting",
"prio":-290, "prio":-310,
"policy":"accept" "policy":"accept"
}}} }}}
],[ ],[

5
fgex-lib/firegex/nfproxy/internals/data.py
View File

@@ -56,8 +56,7 @@ class RawPacket:
raise Exception("Invalid data type, data MUST be of type bytes") raise Exception("Invalid data type, data MUST be of type bytes")
#if len(v) != self.__l4_size: #if len(v) != self.__l4_size:
# raise Exception("Invalid data size, must be equal to the original packet header size (due to a technical limitation)") # raise Exception("Invalid data size, must be equal to the original packet header size (due to a technical limitation)")
self.__raw_packet = self.__raw_packet[:self.raw_packet_header_len]+v self.raw_packet = self.__raw_packet[:self.raw_packet_header_len]+v
self.__l4_size = len(v)
@property @property
def raw_packet(self) -> bytes: def raw_packet(self) -> bytes:
@@ -67,6 +66,8 @@ class RawPacket:
def raw_packet(self, v:bytes): def raw_packet(self, v:bytes):
if not isinstance(v, bytes): if not isinstance(v, bytes):
raise Exception("Invalid data type, data MUST be of type bytes") raise Exception("Invalid data type, data MUST be of type bytes")
if len(v) > 2**16:
raise Exception("Invalid data size, must be less than 2^16 bytes")
#if len(v) != len(self.__raw_packet): #if len(v) != len(self.__raw_packet):
# raise Exception("Invalid data size, must be equal to the original packet size (due to a technical limitation)") # raise Exception("Invalid data size, must be equal to the original packet size (due to a technical limitation)")
if len(v) < self.raw_packet_header_len: if len(v) < self.raw_packet_header_len: