def incoming_nfqueue_packet(self,dummy, packet): ''' Handler for incoming packets coming from the nfqueue ''' data = packet.get_data() ippacket = IP(data) if self.initialisation: print("Packet received waiting for initialisation") return #I could have also initialised here but lazy of writing the code, prefer doing it when a packet is sent by the kernel kwargs={'IP':ippacket.fields} tcppacket = ippacket.payload if tcppacket.name != "TCP": packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP print("\nIncoming: "+str(tcppacket.fields)) print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck)) p = self.packet_received(tcppacket, **kwargs) #If a packet is return accept the modified packet otherwise just drop it if p: #If a packet is returned it means it should be forwarded to the kernel del p.chksum #I think it's good ! ippacket.payload = p packet.set_verdict_modified(nfqueue.NF_ACCEPT, str(ippacket), len(ippacket)) else: packet.set_verdict(nfqueue.NF_DROP) print("Packet dropped !")
def incoming_nfqueue_packet(self, dummy, packet): ''' Handler for incoming packets coming from the nfqueue ''' data = packet.get_data() ippacket = IP(data) if self.initialisation: print("Packet received waiting for initialisation") return #I could have also initialised here but lazy of writing the code, prefer doing it when a packet is sent by the kernel kwargs = {'IP': ippacket.fields} tcppacket = ippacket.payload if tcppacket.name != "TCP": packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP print("\nIncoming: " + str(tcppacket.fields)) print( "seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo, self.nextAcka, self.nextAck)) p = self.packet_received( tcppacket, **kwargs ) #If a packet is return accept the modified packet otherwise just drop it if p: #If a packet is returned it means it should be forwarded to the kernel del p.chksum #I think it's good ! ippacket.payload = p packet.set_verdict_modified(nfqueue.NF_ACCEPT, str(ippacket), len(ippacket)) else: packet.set_verdict(nfqueue.NF_DROP) print("Packet dropped !")
def outgoing_nfqueue_packet(self, dummy, packet): ''' Handler for outgoing packets coming from the nfqueue ''' data = packet.get_data() #Recover raw data ippacket = IP(data) #Convert bytes to a Scapy IP packet kwargs={'IP':ippacket.fields} tcppacket = ippacket.payload #recover TCP packet if tcppacket.name != 'TCP': packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP kwargs['TCP'] = tcppacket.fields print("\nOutgoing: "+tcppacket.summary()) print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck)) if self.initialisation: #If we are in the initialisation stage. Initialise all variables self.localIP = ippacket.src self.remoteIP = ippacket.dst self.localPort = tcppacket.sport self.remotePort = tcppacket.dport self.connectionID=(self.localIP,self.localPort,self.remoteIP,self.remotePort) self.nextAcka = tcppacket.seq self.nextAck = tcppacket.seq self.seqNoa = tcppacket.seq self.seqNo = tcppacket.seq self.ackNoa = tcppacket.ack self.ackNo = tcppacket.ack self.initialisation = False #Finally switch the initialisation boolean to false print("Initialisation done") #Test below needed because MITM packets are also caught by the nfqueue, and in this case let them go. if self.pending.pop((ippacket.seq,ippacket.ack),None): # If packet not sent by 'pystack' (sent by kernel). self.come_from_kernel = False else: self.come_from_kernel = True if self.come_from_kernel: if tcppacket.payload: modif = self.send_packet(tcppacket.payload.load, tcppacket.flags, **kwargs) #Call send_packet and get the resulting (modified) packet else: modif = self.send_packet(None, tcppacket.flags, **kwargs) print("About to send(kernel):",ippacket.fields) print("About to send(kernel):",tcppacket.fields) del tcppacket.chksum #Remove checksum so that it will be recalculated by Scapy when sent tcppacket.fields.update(modif) #Update packets with our modifications ippacket.payload = tcppacket #Put back the tcp packet into ip packet print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck)) p = str(ippacket) print("Post build: ",IP(p).fields) print("Post build: ",IP(p).payload.fields) l = len(p) packet.set_verdict_modified(nfqueue.NF_ACCEPT, p, l) #Accept the modified packet else: packet.set_verdict(nfqueue.NF_ACCEPT) #packet coming from pystack but caught by the nfqueue
def outgoing_nfqueue_packet(self, dummy, packet): ''' Handler for outgoing packets coming from the nfqueue ''' data = packet.get_data() #Recover raw data ippacket = IP(data) #Convert bytes to a Scapy IP packet kwargs = {'IP': ippacket.fields} tcppacket = ippacket.payload #recover TCP packet if tcppacket.name != 'TCP': packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP kwargs['TCP'] = tcppacket.fields print("\nOutgoing: " + tcppacket.summary()) print( "seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo, self.nextAcka, self.nextAck)) if self.initialisation: #If we are in the initialisation stage. Initialise all variables self.localIP = ippacket.src self.remoteIP = ippacket.dst self.localPort = tcppacket.sport self.remotePort = tcppacket.dport self.connectionID = (self.localIP, self.localPort, self.remoteIP, self.remotePort) self.nextAcka = tcppacket.seq self.nextAck = tcppacket.seq self.seqNoa = tcppacket.seq self.seqNo = tcppacket.seq self.ackNoa = tcppacket.ack self.ackNo = tcppacket.ack self.initialisation = False #Finally switch the initialisation boolean to false print("Initialisation done") #Test below needed because MITM packets are also caught by the nfqueue, and in this case let them go. if self.pending.pop( (ippacket.seq, ippacket.ack), None): # If packet not sent by 'pystack' (sent by kernel). self.come_from_kernel = False else: self.come_from_kernel = True if self.come_from_kernel: if tcppacket.payload: modif = self.send_packet( tcppacket.payload.load, tcppacket.flags, **kwargs ) #Call send_packet and get the resulting (modified) packet else: modif = self.send_packet(None, tcppacket.flags, **kwargs) print("About to send(kernel):", ippacket.fields) print("About to send(kernel):", tcppacket.fields) del tcppacket.chksum #Remove checksum so that it will be recalculated by Scapy when sent tcppacket.fields.update( modif) #Update packets with our modifications ippacket.payload = tcppacket #Put back the tcp packet into ip packet print( "seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo, self.nextAcka, self.nextAck)) p = str(ippacket) print("Post build: ", IP(p).fields) print("Post build: ", IP(p).payload.fields) l = len(p) packet.set_verdict_modified(nfqueue.NF_ACCEPT, p, l) #Accept the modified packet else: packet.set_verdict( nfqueue.NF_ACCEPT ) #packet coming from pystack but caught by the nfqueue