Class: Watobo::NFQ::Connections

Inherits:
Object
  • Object
show all
Defined in:
bin/nfq_server.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConnections

Returns a new instance of Connections.



93
94
95
96
97
98
99
 
# File 'bin/nfq_server.rb', line 93

def initialize
  @connections = Hash.new
  @cert_list = Hash.new
  @netqueue_lock = Mutex.new
  @dh_key = OpenSSL::PKey::DH.new(512)
  @nfqueue = start
end

Instance Attribute Details

#nfqueueObject (readonly)

Returns the value of attribute nfqueue.



39
40
41
 
# File 'bin/nfq_server.rb', line 39

def nfqueue
  @nfqueue
end

Instance Method Details

#acquire_cert(host, port) ⇒ Object 



101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'bin/nfq_server.rb', line 101

def acquire_cert(host, port)

  begin
    tcp_socket = TCPSocket.new( host, port )
    tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
    tcp_socket.sync = true
    ctx = OpenSSL::SSL::SSLContext.new()

    ctx.tmp_dh_callback = proc { |*args|
      @dh_key
    }

    socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)

    socket.connect
    #socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
    sk = "#{host}:#{port}"
    cert = socket.peer_cert
    @netqueue_lock.synchronize do
      @cert_list[sk] = cert
    end
    # puts cert.subject.methods.sort
    return cert

  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return nil
end

#add_ssl_request(c_host, c_port, s_host, s_port) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'bin/nfq_server.rb', line 40

def add_ssl_request(c_host, c_port, s_host, s_port)
  ck = "#{c_host}:#{c_port}"
  sk = "#{s_host}:#{s_port}"

  begin

    unless @cert_list.has_key? sk
      if cert = acquire_cert(s_host,s_port)
      @connections[ck] = sk
      @cert_list[sk] = cert
      else
      return false
      end
    else
    @connections[ck] = sk
    end

    return true
  rescue => bang
    puts bang
    puts bang.backtrace
  end
  return false

end

#info(data) ⇒ Object 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'bin/nfq_server.rb', line 70

def info(data)
  begin
    ck = "#{data['host']}:#{data['port']}"
    target_site = ''
    cert_cn = ''
    @netqueue_lock.synchronize do
      if @connections.has_key? ck
        target_site = @connections[ck]
        if @cert_list.has_key? target_site
          cert = @cert_list[target_site]
          cert_cn = cert.subject.to_s.gsub(/.*=/,"")
        end
      end
    end
    r = { 'target' => target_site, 'cn' => cert_cn}
    return r
  rescue => bang
    puts bang
    puts bang.backtrace
  end
  return {}
end

#startObject 



132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
# File 'bin/nfq_server.rb', line 132

def start

  puts "starting netfilter_queue ..."
  t = Thread.new{
    begin
      Netfilter::Queue.create(0) do |p|
      #   puts ">> Netfilter Packet #" + p.id.to_s
      #  $stdout.flush
      #   puts p.data.class
        raw_src = p.data[12..15]
        raw_dst = p.data[16..19]
        src_port = p.data[20..21].unpack("H4")[0].hex
        dst_port = p.data[22..24].unpack("H4")[0].hex
        # if p.data.length > 47
        # flags = p.data[47].unpack("H*")[0].hex
        # puts flags.to_s
        # if flags == 2
        #    puts  "ADD SSL REQUEST"
        puts "NFQ >> #{get_ip_string(raw_src)}:#{src_port} -> #{get_ip_string(raw_dst)}:#{dst_port}"
        add_ssl_request(get_ip_string(raw_src), src_port, get_ip_string(raw_dst), dst_port)

        Netfilter::Packet::ACCEPT
      end
    rescue => bang
      puts bang
      puts bang.backtrace
      # retry
    rescue Netfilter::QueueError
      puts "NetfilterERROR"
      exit
    end
  }

  t
end

#to_yamlObject 



66
67
68
 
# File 'bin/nfq_server.rb', line 66

def to_yaml
  @connections.to_yaml
end