def incoming_nfqueue_packet(self,dummy, packet):
''' Handler for incoming packets coming from the nfqueue '''
data = packet.get_data()
ippacket = IP(data)
if self.initialisation:
print("Packet received waiting for initialisation")
return #I could have also initialised here but lazy of writing the code, prefer doing it when a packet is sent by the kernel
kwargs={'IP':ippacket.fields}
tcppacket = ippacket.payload
if tcppacket.name != "TCP":
packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP
print("\nIncoming: "+str(tcppacket.fields))
print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck))
p = self.packet_received(tcppacket, **kwargs) #If a packet is return accept the modified packet otherwise just drop it
if p: #If a packet is returned it means it should be forwarded to the kernel
del p.chksum #I think it's good !
ippacket.payload = p
packet.set_verdict_modified(nfqueue.NF_ACCEPT, str(ippacket), len(ippacket))
else:
packet.set_verdict(nfqueue.NF_DROP)
print("Packet dropped !")
def incoming_nfqueue_packet(self, dummy, packet):
''' Handler for incoming packets coming from the nfqueue '''
data = packet.get_data()
ippacket = IP(data)
if self.initialisation:
print("Packet received waiting for initialisation")
return #I could have also initialised here but lazy of writing the code, prefer doing it when a packet is sent by the kernel
kwargs = {'IP': ippacket.fields}
tcppacket = ippacket.payload
if tcppacket.name != "TCP":
packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP
print("\nIncoming: " + str(tcppacket.fields))
print(
"seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s"
% (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo, self.nextAcka,
self.nextAck))
p = self.packet_received(
tcppacket, **kwargs
) #If a packet is return accept the modified packet otherwise just drop it
if p: #If a packet is returned it means it should be forwarded to the kernel
del p.chksum #I think it's good !
ippacket.payload = p
packet.set_verdict_modified(nfqueue.NF_ACCEPT, str(ippacket),
len(ippacket))
else:
packet.set_verdict(nfqueue.NF_DROP)
print("Packet dropped !")
def outgoing_nfqueue_packet(self, dummy, packet):
''' Handler for outgoing packets coming from the nfqueue '''
data = packet.get_data() #Recover raw data
ippacket = IP(data) #Convert bytes to a Scapy IP packet
kwargs={'IP':ippacket.fields}
tcppacket = ippacket.payload #recover TCP packet
if tcppacket.name != 'TCP':
packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP
kwargs['TCP'] = tcppacket.fields
print("\nOutgoing: "+tcppacket.summary())
print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck))
if self.initialisation: #If we are in the initialisation stage. Initialise all variables
self.localIP = ippacket.src
self.remoteIP = ippacket.dst
self.localPort = tcppacket.sport
self.remotePort = tcppacket.dport
self.connectionID=(self.localIP,self.localPort,self.remoteIP,self.remotePort)
self.nextAcka = tcppacket.seq
self.nextAck = tcppacket.seq
self.seqNoa = tcppacket.seq
self.seqNo = tcppacket.seq
self.ackNoa = tcppacket.ack
self.ackNo = tcppacket.ack
self.initialisation = False #Finally switch the initialisation boolean to false
print("Initialisation done")
#Test below needed because MITM packets are also caught by the nfqueue, and in this case let them go.
if self.pending.pop((ippacket.seq,ippacket.ack),None): # If packet not sent by 'pystack' (sent by kernel).
self.come_from_kernel = False
else:
self.come_from_kernel = True
if self.come_from_kernel:
if tcppacket.payload:
modif = self.send_packet(tcppacket.payload.load, tcppacket.flags, **kwargs) #Call send_packet and get the resulting (modified) packet
else:
modif = self.send_packet(None, tcppacket.flags, **kwargs)
print("About to send(kernel):",ippacket.fields)
print("About to send(kernel):",tcppacket.fields)
del tcppacket.chksum #Remove checksum so that it will be recalculated by Scapy when sent
tcppacket.fields.update(modif) #Update packets with our modifications
ippacket.payload = tcppacket #Put back the tcp packet into ip packet
print("seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s" % (self.seqNoa,self.seqNo,self.ackNoa,self.ackNo,self.nextAcka,self.nextAck))
p = str(ippacket)
print("Post build: ",IP(p).fields)
print("Post build: ",IP(p).payload.fields)
l = len(p)
packet.set_verdict_modified(nfqueue.NF_ACCEPT, p, l) #Accept the modified packet
else:
packet.set_verdict(nfqueue.NF_ACCEPT) #packet coming from pystack but caught by the nfqueue
def outgoing_nfqueue_packet(self, dummy, packet):
''' Handler for outgoing packets coming from the nfqueue '''
data = packet.get_data() #Recover raw data
ippacket = IP(data) #Convert bytes to a Scapy IP packet
kwargs = {'IP': ippacket.fields}
tcppacket = ippacket.payload #recover TCP packet
if tcppacket.name != 'TCP':
packet.set_verdict(nfqueue.NF_ACCEPT) #Accept if not TCP
kwargs['TCP'] = tcppacket.fields
print("\nOutgoing: " + tcppacket.summary())
print(
"seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s"
% (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo, self.nextAcka,
self.nextAck))
if self.initialisation: #If we are in the initialisation stage. Initialise all variables
self.localIP = ippacket.src
self.remoteIP = ippacket.dst
self.localPort = tcppacket.sport
self.remotePort = tcppacket.dport
self.connectionID = (self.localIP, self.localPort, self.remoteIP,
self.remotePort)
self.nextAcka = tcppacket.seq
self.nextAck = tcppacket.seq
self.seqNoa = tcppacket.seq
self.seqNo = tcppacket.seq
self.ackNoa = tcppacket.ack
self.ackNo = tcppacket.ack
self.initialisation = False #Finally switch the initialisation boolean to false
print("Initialisation done")
#Test below needed because MITM packets are also caught by the nfqueue, and in this case let them go.
if self.pending.pop(
(ippacket.seq, ippacket.ack),
None): # If packet not sent by 'pystack' (sent by kernel).
self.come_from_kernel = False
else:
self.come_from_kernel = True
if self.come_from_kernel:
if tcppacket.payload:
modif = self.send_packet(
tcppacket.payload.load, tcppacket.flags, **kwargs
) #Call send_packet and get the resulting (modified) packet
else:
modif = self.send_packet(None, tcppacket.flags, **kwargs)
print("About to send(kernel):", ippacket.fields)
print("About to send(kernel):", tcppacket.fields)
del tcppacket.chksum #Remove checksum so that it will be recalculated by Scapy when sent
tcppacket.fields.update(
modif) #Update packets with our modifications
ippacket.payload = tcppacket #Put back the tcp packet into ip packet
print(
"seqNoa: %s\t| seqNo: %s\nackNoa: %s\t| ackNo: %s\nnextAcka: %s\t| nextAck: %s"
% (self.seqNoa, self.seqNo, self.ackNoa, self.ackNo,
self.nextAcka, self.nextAck))
p = str(ippacket)
print("Post build: ", IP(p).fields)
print("Post build: ", IP(p).payload.fields)
l = len(p)
packet.set_verdict_modified(nfqueue.NF_ACCEPT, p,
l) #Accept the modified packet
else:
packet.set_verdict(
nfqueue.NF_ACCEPT
) #packet coming from pystack but caught by the nfqueue
