mosers
/
eaas-vde-proxy
Archiviert
1
0
Fork 0

Configure sock address and use stdin/out instead [Close #16]

main
Simon Moser vor 3 Jahren
Ursprung 970a1c7e01
Commit 3e30f80e70
Signiert von: mosers
GPG-Schlüssel-ID: 96B3365A234B500C

@ -7,9 +7,9 @@ import (
"os/exec" "os/exec"
) )
// Overloads the exec.Cmd class to save the full command // Cmd Overloads the exec.Cmd class to save the full command
// and adds custom input/output pipes // and adds custom input/output pipes
type cmd struct { type Cmd struct {
fullCommand string fullCommand string
*exec.Cmd *exec.Cmd
inReader io.Reader inReader io.Reader
@ -18,13 +18,13 @@ type cmd struct {
outWriter io.Writer outWriter io.Writer
} }
// New creates a new cmd object with given arguments and returns it // Start creates a new cmd object with given arguments, runs and then returns it
func New(name string, args string) *cmd{ func Start(args string) (*Cmd, io.Reader, io.Writer) {
ir, iw := io.Pipe() ir, iw := io.Pipe()
or, ow := io.Pipe() or, ow := io.Pipe()
c := cmd { c := Cmd {
name + " " + args, "vde_plug " + args,
exec.Command(name, args), exec.Command("vde_plug", args),
ir, ir,
iw, iw,
or, or,
@ -33,19 +33,15 @@ func New(name string, args string) *cmd{
c.Stdout = c.outWriter c.Stdout = c.outWriter
c.Stdin = c.inReader c.Stdin = c.inReader
c.Stderr = os.Stderr c.Stderr = os.Stderr
return &c
}
// Execute runs Cmd.Start() and catches the possible error
func (c *cmd) Execute() {
err := c.Start() err := c.Start()
if err != nil { if err != nil {
log.Printf("%s failed with %s\n", c.fullCommand, err) log.Printf("%s failed with %s\n", c.fullCommand, err)
} }
return &c, c.OutReader, c.InWriter
} }
// WaitH runs Cmd.Wait() and catches the possible error // WaitH runs Cmd.Wait() and catches the possible error
func (c *cmd) WaitH() { func (c *Cmd) WaitH() {
err := c.Wait() err := c.Wait()
if err != nil { if err != nil {
log.Printf("%s failed with %s\n", c.fullCommand, err) log.Printf("%s failed with %s\n", c.fullCommand, err)

@ -16,54 +16,77 @@ import (
"time" "time"
) )
var OldMac net.HardwareAddr var OldMAC net.HardwareAddr
var NewMac net.HardwareAddr var NewMAC net.HardwareAddr
var OldIP net.IP var OldIP net.IP
var NewIP net.IP var NewIP net.IP
var VmReader io.Reader
var VmWriter io.Writer
var NetReader io.Reader
var NetWriter io.Writer
var Passthrough bool
// Start the two plugs and run two concurrent forward methods // Start the two plugs and run two concurrent forward methods
func main() { func main() {
// Get command line arguments // Get command line arguments
logLvl := flag.Int("log", 4, "allowed: 5 (debug), 4 (info), 3 (warning), 2 (error), 1 (fatal)") logLvl := flag.Int("log", 4, "allowed: 5 (debug), 4 (info), 3 (warning), 2 (error), 1 (fatal)")
oldip := flag.String("oldip", "", "IP before change") oldIP := flag.String("oldip", "", "IP before change")
newip := flag.String("newip", "10.0.0.15", "IP after change") newIP := flag.String("newip", "10.0.0.15", "IP after change")
oldmac := flag.String("oldmac", "", "MAC before change") oldMAC := flag.String("oldmac", "", "MAC before change")
newmac := flag.String("newmac", "", "MAC after change") newMAC := flag.String("newmac", "", "MAC after change")
passthrough := flag.Bool("passthrough", false, "Whether to pass every traffic through") passthrough := flag.Bool("passthrough", false, "Whether to pass every traffic through")
proxy := flag.String("proxy", "1", "Number of the proxy switch") sockMain := flag.String("smain", "/run/vde/sw_main.sock", "Main switch sock path, - for stdin/out")
pidfile := flag.String("pidfile", "", "Location to write the pid to") sockProxy := flag.String("sproxy", "/run/vde/sw_proxy1.sock", "Proxy switch sock path")
logfile := flag.String("logfile", "", "Location to write output to") pidFile := flag.String("pidfile", "", "Location to write the pid to")
logFile := flag.String("logfile", "", "Location to write output to")
flag.Parse() flag.Parse()
log.SetLevel(log.Level(*logLvl)) log.SetLevel(log.Level(*logLvl))
OldMac, _ = net.ParseMAC(*oldmac) OldMAC, _ = net.ParseMAC(*oldMAC)
NewMac = util.GenerateMac(*newmac) NewMAC = util.GenerateMac(*newMAC)
OldIP = net.ParseIP(*oldip).To4() OldIP = net.ParseIP(*oldIP).To4()
NewIP = net.ParseIP(*newip).To4() NewIP = net.ParseIP(*newIP).To4()
Passthrough = *passthrough
log.SetFormatter(&log.TextFormatter{ log.SetFormatter(&log.TextFormatter{
DisableTimestamp: true, DisableTimestamp: true,
}) })
if *logfile != "" { if *logFile != "" {
if f, err := os.OpenFile(*logfile, os.O_WRONLY | os.O_CREATE, 0755); err != nil { if f, err := os.OpenFile(*logFile, os.O_WRONLY | os.O_CREATE, 0755); err != nil {
log.Error("Error opening logfile ", *logfile) log.Error("Error opening logFile ", *logFile)
} else { } else {
log.SetOutput(f) log.SetOutput(f)
} }
} }
util.WritePIDFile(*pidfile) util.WritePIDFile(*pidFile)
c1 := cmd.New("vde_plug", "/run/vde/sw_main.sock") var c1, c2 *cmd.Cmd
c2 := cmd.New("vde_plug", "/run/vde/sw_proxy"+*proxy+".sock") if *sockMain != "-" {
c1.Execute() c1, NetReader, NetWriter = cmd.Start(*sockMain)
c2.Execute() } else {
go pipeForward(c1.OutReader, c2.InWriter, cmd.In, *passthrough) NetReader = os.Stdout
go pipeForward(c2.OutReader, c1.InWriter, cmd.Out, *passthrough) NetWriter = os.Stdin
}
c2, VmReader, VmWriter = cmd.Start(*sockProxy)
go pipeForward(cmd.In)
go pipeForward(cmd.Out)
if *sockMain != "-" {
c1.WaitH() c1.WaitH()
}
c2.WaitH() c2.WaitH()
} }
// Reads from an input and writes to and output, // Reads from an input and writes to and output,
// do things to the content in between. // do things to the content in between.
// Is meant to be run concurrently with "go pipeForward(...)" // Is meant to be run concurrently with "go pipeForward(...)"
func pipeForward(reader io.Reader, writer io.Writer, prefix string, passthrough bool) { func pipeForward(prefix string) {
var reader io.Reader
var writer io.Writer
if prefix == cmd.In {
reader = NetReader
writer = VmWriter
} else {
reader = VmReader
writer = NetWriter
}
for { for {
// Read frame length // Read frame length
frameLength := make([]byte, 2) frameLength := make([]byte, 2)
@ -99,7 +122,7 @@ func pipeForward(reader io.Reader, writer io.Writer, prefix string, passthrough
} }
// Handle DHCP packet (based on IPv4) - drop for now // Handle DHCP packet (based on IPv4) - drop for now
if dhcpLayer := packet.Layer(layers.LayerTypeDHCPv4); dhcpLayer != nil && !passthrough { if dhcpLayer := packet.Layer(layers.LayerTypeDHCPv4); dhcpLayer != nil && !Passthrough {
//dhcpPacket, _ := dhcpLayer.(*layers.DHCPv4) //dhcpPacket, _ := dhcpLayer.(*layers.DHCPv4)
log.Info(prefix, "DHCP packet dropped") log.Info(prefix, "DHCP packet dropped")
continue continue
@ -115,7 +138,7 @@ func pipeForward(reader io.Reader, writer io.Writer, prefix string, passthrough
} }
// Drop IPv6 packets // Drop IPv6 packets
if ipv6layer := packet.Layer(layers.LayerTypeIPv6); ipv6layer != nil && !passthrough { if ipv6layer := packet.Layer(layers.LayerTypeIPv6); ipv6layer != nil && !Passthrough {
log.Info(prefix, "IPv6 packet dropped") log.Info(prefix, "IPv6 packet dropped")
continue continue
} }
@ -131,7 +154,7 @@ func pipeForward(reader io.Reader, writer io.Writer, prefix string, passthrough
log.Debug("End packet") log.Debug("End packet")
// Forward original frame to other plug // Forward original frame to other plug
if passthrough { if Passthrough {
writer.Write(frameLength) writer.Write(frameLength)
writer.Write(frameBytes) writer.Write(frameBytes)
continue continue
@ -208,14 +231,14 @@ func filterIP(prefix string, dst interface{}, src interface{}, context gopacket.
// filterMAC checks whether a MAC target selected from src and dst equals a given value. If yes, it is changed // filterMAC checks whether a MAC target selected from src and dst equals a given value. If yes, it is changed
func filterMAC(prefix string, dst interface{}, src interface{}, context gopacket.LayerType) { func filterMAC(prefix string, dst interface{}, src interface{}, context gopacket.LayerType) {
// If no OldMac is set yet, get it from outgoing src field // If no OldMAC is set yet, get it from outgoing src field
// Has to be HardwareAddr because this is used for ethernet frames which call this method first // Has to be HardwareAddr because this is used for ethernet frames which call this method first
if OldMac == nil { if OldMAC == nil {
if prefix == cmd.In { if prefix == cmd.In {
return return
} else if prefix == cmd.Out { } else if prefix == cmd.Out {
OldMac = *src.(*net.HardwareAddr) OldMAC = *src.(*net.HardwareAddr)
log.Info("OldMac set to ", OldMac) log.Info("OldMAC set to ", OldMAC)
} }
} }
@ -226,13 +249,13 @@ func filterMAC(prefix string, dst interface{}, src interface{}, context gopacket
if prefix == cmd.In { if prefix == cmd.In {
target = dst target = dst
which = "dst" which = "dst"
condVal = NewMac condVal = NewMAC
newVal = OldMac newVal = OldMAC
} else if prefix == cmd.Out { } else if prefix == cmd.Out {
target = src target = src
which = "src" which = "src"
condVal = OldMac condVal = OldMAC
newVal = NewMac newVal = NewMAC
} }
mac, isMac := target.(*net.HardwareAddr) mac, isMac := target.(*net.HardwareAddr)
bs, isBs := target.(*[]byte) bs, isBs := target.(*[]byte)

Binäre Datei nicht angezeigt.

@ -39,10 +39,10 @@ start)
$qemu -m 1024 -nic user -nic vde,mac='52:54:00:12:34:76',sock=$RUN/sw_proxy3.sock -hda kali.qcow2 -daemonize -vnc :3 -pidfile $kali $qemu -m 1024 -nic user -nic vde,mac='52:54:00:12:34:76',sock=$RUN/sw_proxy3.sock -hda kali.qcow2 -daemonize -vnc :3 -pidfile $kali
;;& ;;&
proxy2 | proxies | all) proxy2 | proxies | all)
$proxy -proxy 2 -passthrough -logfile $RUN/proxy_2.log -pidfile $proxy2 & $proxy -sproxy $RUN/sw_proxy2.sock -passthrough -logfile $RUN/proxy_2.log -pidfile $proxy2 &
;;& ;;&
proxy3 | proxies | all) proxy3 | proxies | all)
$proxy -proxy 3 -passthrough -logfile $RUN/proxy_3.log -pidfile $proxy3 & $proxy -sproxy $RUN/sw_proxy3.sock -passthrough -logfile $RUN/proxy_3.log -pidfile $proxy3 &
;; ;;
*) *)
echo "Usage: envctl start {all|network|vms|alpine|alpine1|alpine2|kali|proxy2|proxy3|proxies}" echo "Usage: envctl start {all|network|vms|alpine|alpine1|alpine2|kali|proxy2|proxy3|proxies}"