From af165f5573bc9ed0eaf7735f0e686cc048e8598f Mon Sep 17 00:00:00 2001 From: Simon Moser Date: Sat, 11 Dec 2021 17:51:48 +0100 Subject: [PATCH] Added wireshark mode, fixed DHCP bug --- README.md | 2 ++ proxy/main.go | 44 ++++++++++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index ef2fe0b..d8c3cca 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ Usage of ./proxy: Main switch sock path, - for stdin/out (default "/run/vde/sw_main.sock") -sproxy string Proxy switch sock path (default "/run/vde/sw_proxy1.sock") + -wireshark + Whether to write all traffic to /tmp ``` ### envctl - control VMs, network etc diff --git a/proxy/main.go b/proxy/main.go index 43406af..9c73c0e 100644 --- a/proxy/main.go +++ b/proxy/main.go @@ -35,6 +35,7 @@ var DHCPMask []byte var DHCPState dhcp4.MessageType var DHCPCandidate net.IP var UId string +var Wireshark bool // Start the two plugs and run two concurrent forward methods func main() { @@ -49,6 +50,7 @@ func main() { sockProxy := flag.String("sproxy", "/run/vde/sw_proxy1.sock", "Proxy switch sock path") pidFile := flag.String("pidfile", "", "Location to write the pid to") logFile := flag.String("logfile", "", "Location to write output to") + wireshark := flag.Bool("wireshark", false, "Whether to write all traffic to /tmp") flag.Parse() log.SetLevel(log.Level(*logLvl)) OldMAC, _ = net.ParseMAC(*oldMAC) @@ -56,6 +58,7 @@ func main() { OldIP = net.ParseIP(*oldIP).To4() NewIP = net.ParseIP(*newIP).To4() Passthrough = *passthrough + Wireshark = *wireshark UId = GenerateUId(*sockProxy) log.SetFormatter(&log.TextFormatter{ DisableTimestamp: true, @@ -114,9 +117,12 @@ func pipeForward(prefix string) { log.Fatal(prefix, "Error reading frame data") } + if Wireshark { + WritePcap("/tmp/pkg_"+strconv.FormatInt(time.Now().Unix(), 10)+".pcap", frameBytes) + } + // Convert frame to full stack packet packet := gopacket.NewPacket(frameBytes, layers.LayerTypeEthernet, gopacket.Default) - // isInteresting := false // Debug Help // Handle Ethernet frame frame := packet.Layer(layers.LayerTypeEthernet).(*layers.Ethernet) @@ -129,9 +135,11 @@ func pipeForward(prefix string) { log.Debug("IP Protocol ", ipv4Packet.Protocol) // Handle DHCPv4 packet (based on IPv4) - if dhcpLayer := packet.Layer(layers.LayerTypeDHCPv4); dhcpLayer != nil && !Passthrough { - handleDHCP(dhcpLayer.LayerContents(), frame.DstMAC, frame.SrcMAC, prefix) - continue + if dhcpLayer := packet.Layer(layers.LayerTypeDHCPv4); dhcpLayer != nil { + if !Passthrough { + handleDHCP(dhcpLayer.LayerContents(), frame.DstMAC, frame.SrcMAC, prefix) + continue + } } filterIP(prefix, &ipv4Packet.DstIP, &ipv4Packet.SrcIP, ipv4Packet.LayerType()) @@ -146,7 +154,15 @@ func pipeForward(prefix string) { if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil { tcpPacket, _ := tcpLayer.(*layers.TCP) if err := tcpPacket.SetNetworkLayerForChecksum(ipv4Packet); err != nil { - log.Error(prefix, "Error setting network layer for checksum", err) + log.Error(prefix, "Error setting network layer for TCP checksum", err) + } + } + + // Handle UDP packet + if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil { + udpPacket, _ := udpLayer.(*layers.UDP) + if err := udpPacket.SetNetworkLayerForChecksum(ipv4Packet); err != nil { + log.Error(prefix, "Error setting network layer for UDP checksum", err) } } } @@ -189,13 +205,6 @@ func pipeForward(prefix string) { newFrameLength := make([]byte, 2) binary.BigEndian.PutUint16(newFrameLength, uint16(len(newFrameBytes))) - // Write interesting things to debug file - /*if isInteresting { - WriteBinary(fmt.Sprintf("/tmp/pck_%di.dat", time.Now().Unix()), frameBytes) - WriteBinary(fmt.Sprintf("/tmp/pck_%do.dat", time.Now().Unix()), newFrameBytes) - //WritePcapNg("xyz.pcap", packet.Data(), packet.Metadata().CaptureInfo) - }*/ - // Forward modified frame to other plug if _, err := writer.Write(newFrameLength); err != nil { log.Error("Error forwarding packet length", err) @@ -391,8 +400,8 @@ func sendDHCPReply(req dhcp4.Packet, mt dhcp4.MessageType, lease net.IP, reqOpt // Getting the options opt := dhcp4.Options{ - dhcp4.OptionSubnetMask: DHCPMask, - dhcp4.OptionRouter: RouterIP, + dhcp4.OptionSubnetMask: DHCPMask, + dhcp4.OptionRouter: RouterIP, dhcp4.OptionDomainNameServer: DNSIP, }.SelectOrderOrAll(reqOpt[dhcp4.OptionParameterRequestList]) @@ -412,7 +421,7 @@ func sendDHCPReply(req dhcp4.Packet, mt dhcp4.MessageType, lease net.IP, reqOpt TTL: 128, Protocol: layers.IPProtocolUDP, SrcIP: DHCPIP, - DstIP: lease, + DstIP: net.IPv4bcast, } udp := layers.UDP{ SrcPort: 67, @@ -454,7 +463,7 @@ func sendDHCPRequest(mt dhcp4.MessageType, reqIP net.IP) { } eth := layers.Ethernet{ SrcMAC: NewMAC, - DstMAC: If(mt == dhcp4.Discover).MAC([]byte{255,255,255,255,255,255}, DHCPMAC), + DstMAC: If(mt == dhcp4.Discover).MAC([]byte{255, 255, 255, 255, 255, 255}, DHCPMAC), EthernetType: layers.EthernetTypeIPv4, } ipv4 := layers.IPv4{ @@ -475,7 +484,7 @@ func sendDHCPRequest(mt dhcp4.MessageType, reqIP net.IP) { }, { Code: dhcp4.OptionParameterRequestList, - Value: []byte{1, 3, 6}, // Subnet Mask, Router, Domain Name Server + Value: []byte{1, 3, 6}, // Subnet Mask, Router, Domain Name Server }, } if mt == dhcp4.Request { @@ -492,7 +501,6 @@ func sendDHCPRequest(mt dhcp4.MessageType, reqIP net.IP) { log.Error("Error serializing DHCP request: ", err) } packetData := buf.Bytes() - WritePcap("/tmp/dhcpreq_" +strconv.FormatInt(time.Now().Unix(), 10)+ ".pcap", packetData) // Sending layer through VM's pipe packetLength := make([]byte, 2)