From 28c320e009289d8252c1a81ca93d98f268fb3af3 Mon Sep 17 00:00:00 2001 From: Paolo Invernizzi Date: Thu, 11 Jul 2024 19:21:41 +0200 Subject: [PATCH] Implement Layer 3 and 4 filtering (WIP) --- sockets/raw_socket.go | 51 ++++++++++++++++++++++--------------- tui/models/packets_table.go | 6 ++--- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/sockets/raw_socket.go b/sockets/raw_socket.go index 5c7974a..6a4aebc 100644 --- a/sockets/raw_socket.go +++ b/sockets/raw_socket.go @@ -4,6 +4,7 @@ import ( "fmt" "net" "os" + "strings" "syscall" "github.com/NamelessOne91/bisturi/protocols" @@ -36,11 +37,17 @@ type RawSocket struct { // NewRawSocket opens a raw socket for the specified protocol by calling SYS_SOCKET // and returns the struct representing it, or eventual errors func NewRawSocket(protocol string, ethType uint16) (*RawSocket, error) { + filter := "all" + if strings.HasPrefix(protocol, "udp") { + filter = "udp" + } else if strings.HasPrefix(protocol, "tcp") { + filter = "tcp" + } rawSocket := &RawSocket{ shutdownChan: make(chan os.Signal, 1), ethType: ethType, - layer4Filter: protocol, + layer4Filter: filter, } // AF_PACKET specifies a packet socket, operating at the data link layer (Layer 2) // SOCK_RAW specifies a raw socket @@ -76,31 +83,18 @@ func (rs *RawSocket) ReadToChan(dataChan chan<- NetworkPacket, errChan chan<- er } switch rs.ethType { - case syscall.ETH_P_IP: - fallthrough - case syscall.ETH_P_IPV6: + case syscall.ETH_P_ARP: + // TODO: ARP parsing + case syscall.ETH_P_IP, syscall.ETH_P_IPV6: packet, err := protocols.IPPacketFromBytes(buf[:n]) if err != nil { errChan <- fmt.Errorf("error reading IP packet: %v", err) continue } - + // IPv4 VS IPv6 packets filtering should be handled by the socket itself l4Protocol := packet.Header().TransportLayerProtocol() - switch l4Protocol { - case "udp": - packet, err := protocols.UDPPacketFromIPPacket(packet) - if err != nil { - errChan <- fmt.Errorf("error reading UDP packet: %v", err) - continue - } - dataChan <- packet - case "tcp": - packet, err := protocols.TCPPacketFromIPPacket(packet) - if err != nil { - errChan <- fmt.Errorf("error reading TCP packet: %v", err) - continue - } - dataChan <- packet + if rs.layer4Filter == "all" || (l4Protocol == rs.layer4Filter) { + handleLayer4Protocol(l4Protocol, packet, dataChan, errChan) } } } @@ -110,3 +104,20 @@ func (rs *RawSocket) ReadToChan(dataChan chan<- NetworkPacket, errChan chan<- er func (rs *RawSocket) Close() error { return syscall.Close(rs.fd) } + +func handleLayer4Protocol(protocol string, packet protocols.IPPacket, dataChan chan<- NetworkPacket, errChan chan<- error) { + var np NetworkPacket + var err error + + switch protocol { + case "udp": + np, err = protocols.UDPPacketFromIPPacket(packet) + case "tcp": + np, err = protocols.TCPPacketFromIPPacket(packet) + } + + if err != nil { + errChan <- fmt.Errorf("error reading UDP packet: %v", err) + } + dataChan <- np +} diff --git a/tui/models/packets_table.go b/tui/models/packets_table.go index ae19316..c3d5eca 100644 --- a/tui/models/packets_table.go +++ b/tui/models/packets_table.go @@ -33,9 +33,9 @@ func newPacketsTable(max int) packetsTablemodel { cachedRows: rows, table: table.New([]table.Column{ table.NewColumn(columnKeyID, "#", 5), - table.NewColumn(columnKeyDate, "Date", 20), - table.NewColumn(columnKeySource, "Source", 30), - table.NewColumn(columnKeyDestination, "Destination", 30), + table.NewColumn(columnKeyDate, "Date", 18), + table.NewColumn(columnKeySource, "Source", 50), + table.NewColumn(columnKeyDestination, "Destination", 50), table.NewColumn(columnKeyInfo, "Info", 100), }). WithRows(rows).