Class: Watobo::NFQ::Connections
- Inherits:
-
Object
- Object
- Watobo::NFQ::Connections
- Defined in:
- bin/nfq_server.rb
Instance Attribute Summary collapse
-
#nfqueue ⇒ Object
readonly
Returns the value of attribute nfqueue.
Instance Method Summary collapse
- #acquire_cert(host, port) ⇒ Object
- #add_ssl_request(c_host, c_port, s_host, s_port) ⇒ Object
- #info(data) ⇒ Object
-
#initialize ⇒ Connections
constructor
A new instance of Connections.
- #start ⇒ Object
- #to_yaml ⇒ Object
Constructor Details
#initialize ⇒ Connections
Returns a new instance of Connections.
92 93 94 95 96 97 98 |
# File 'bin/nfq_server.rb', line 92 def initialize @connections = Hash.new @cert_list = Hash.new @netqueue_lock = Mutex.new @dh_key = OpenSSL::PKey::DH.new(512) @nfqueue = start end |
Instance Attribute Details
#nfqueue ⇒ Object (readonly)
Returns the value of attribute nfqueue.
38 39 40 |
# File 'bin/nfq_server.rb', line 38 def nfqueue @nfqueue end |
Instance Method Details
#acquire_cert(host, port) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'bin/nfq_server.rb', line 100 def acquire_cert(host, port) begin tcp_socket = TCPSocket.new( host, port ) tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1) tcp_socket.sync = true ctx = OpenSSL::SSL::SSLContext.new() ctx.tmp_dh_callback = proc { |*args| @dh_key } socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx) socket.connect #socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1) sk = "#{host}:#{port}" cert = socket.peer_cert @netqueue_lock.synchronize do @cert_list[sk] = cert end # puts cert.subject.methods.sort return cert rescue => bang puts bang puts bang.backtrace if $DEBUG end return nil end |
#add_ssl_request(c_host, c_port, s_host, s_port) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'bin/nfq_server.rb', line 39 def add_ssl_request(c_host, c_port, s_host, s_port) ck = "#{c_host}:#{c_port}" sk = "#{s_host}:#{s_port}" begin unless @cert_list.has_key? sk if cert = acquire_cert(s_host,s_port) @connections[ck] = sk @cert_list[sk] = cert else return false end else @connections[ck] = sk end return true rescue => bang puts bang puts bang.backtrace end return false end |
#info(data) ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'bin/nfq_server.rb', line 69 def info(data) begin ck = "#{data['host']}:#{data['port']}" target_site = '' cert_cn = '' @netqueue_lock.synchronize do if @connections.has_key? ck target_site = @connections[ck] if @cert_list.has_key? target_site cert = @cert_list[target_site] cert_cn = cert.subject.to_s.gsub(/.*=/,"") end end end r = { 'target' => target_site, 'cn' => cert_cn} return r rescue => bang puts bang puts bang.backtrace end return {} end |
#start ⇒ Object
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'bin/nfq_server.rb', line 131 def start puts "starting netfilter_queue ..." t = Thread.new{ begin Netfilter::Queue.create(0) do |p| # puts ">> Netfilter Packet #" + p.id.to_s # $stdout.flush # puts p.data.class raw_src = p.data[12..15] raw_dst = p.data[16..19] src_port = p.data[20..21].unpack("H4")[0].hex dst_port = p.data[22..24].unpack("H4")[0].hex # if p.data.length > 47 # flags = p.data[47].unpack("H*")[0].hex # puts flags.to_s # if flags == 2 # puts "ADD SSL REQUEST" puts "NFQ >> #{get_ip_string(raw_src)}:#{src_port} -> #{get_ip_string(raw_dst)}:#{dst_port}" add_ssl_request(get_ip_string(raw_src), src_port, get_ip_string(raw_dst), dst_port) Netfilter::Packet::ACCEPT end rescue => bang puts bang puts bang.backtrace # retry rescue Netfilter::QueueError puts "NetfilterERROR" exit end } t end |
#to_yaml ⇒ Object
65 66 67 |
# File 'bin/nfq_server.rb', line 65 def to_yaml @connections.to_yaml end |