using context

Author: orangepizza

providers/http/nfqueue/nfqueue.go

@@ -14,13 +14,16 @@ import (
 	"time"
 
 	nfqueue "github.com/florianl/go-nfqueue"
+	"github.com/go-acme/lego/v4/log"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )
 
 // HTTPProvider implements HTTPProvider for `http-01` challenge.
 type HTTPProvider struct {
-	port string
+	port    string
+	context context.Context
+	cancel  context.CancelFunc
 }
 
 // NewHttpDpiProvider returns a HTTPProvider instance with a configured port.
@@ -45,13 +48,13 @@ func craftkeyauthresponse(keyAuth string) []byte {
 	return reply
 }
 
-// Present runs server by sniffing packets on firewall and inject response into it.
+// serve runs server by sniffing packets on firewall and inject response into it.
 // iptables ://
-func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
+func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
 	//run nfqueue start
 	cmd := exec.Command("iptables", "-I", "INPUT", "-p", "tcp", "--dport", w.port, "-j", "NFQUEUE", "--queue-num", "8555")
 	err := cmd.Run()
-	// run this down when
+	// run this down when this server come down
 	defer exec.Command("iptables", "-D", "INPUT", "-p", "tcp", "--dport", w.port, "-j", "NFQUEUE", "--queue-num", "8555").Run()
 	if err != nil {
 		return err
@@ -68,11 +71,10 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
 		return err
 	}
 	defer nf.Close()
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
 
 	//handle Packet
 	handlepacket := func(a nfqueue.Attribute) int {
+		log.Infof("handlepacket called!")
 		id := *a.PacketID
 		opt := gopacket.DecodeOptions{
 			NoCopy: true,
@@ -95,10 +97,10 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
 			srcip = ip.SrcIP
 		}
 		if tcpLayer := payload.Layer(layers.LayerTypeTCP); tcpLayer != nil {
-			fmt.Println("This is a TCP packet!")
+			log.Infof("This is a TCP packet!")
 			// Get actual TCP data from this layer
 			inputTcp, _ := tcpLayer.(*layers.TCP)
-			fmt.Printf("From src port %d to dst port %d\n", inputTcp.SrcPort, inputTcp.DstPort)
+			log.Infof("From src port %d to dst port %d\n", inputTcp.SrcPort, inputTcp.DstPort)
 			// this should be HTTP payload
 			httpPayload, err := http.ReadRequest(bufio.NewReader((bytes.NewReader(inputTcp.LayerPayload()))))
 			if err != nil {
@@ -109,6 +111,7 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
 				//we got the token!, block the packet.
 				nf.SetVerdict(id, nfqueue.NfDrop)
 				//forge our new reply
+				log.Infof("got token packet")
 				replyhttp := craftkeyauthresponse(keyAuth)
 				outputTcp := &layers.TCP{
 					Seq: 3398127,
@@ -152,23 +155,30 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
 	}
 
 	// Register your function to listen on nflqueue queue 100
-	err = nf.Register(ctx, handlepacket)
+	err = nf.Register(w.context, handlepacket)
 	if err != nil {
 		fmt.Println(err)
 		return nil
 	}
 
 	// Block till the context expires
-	<-ctx.Done()
+	<-w.context.Done()
+	return nil
+}
+
+func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
+	w.context, w.cancel = context.WithCancel(context.Background())
+	go w.serve(domain, token, keyAuth)
 	return nil
 }
 
 // CleanUp removes the firewall rule created for the challenge.
-// Present should removed it already but just do be safe:
+// solve should removed it already but just do be safe:
 // iptables -D INPUT -p tcp --dport Port -j NFQUEUE --queue-num 8555
 func (w *HTTPProvider) CleanUp(domain, token, keyAuth string) error {
-	// we can't afford .
 	cmd := exec.Command("iptables", "-D", "INPUT", "-p", "tcp", "--dport", w.port, "-j", "NFQUEUE", "--queue-num", "8555")
 	cmd.Run()
+	// tell nfqueue to shut down
+	w.cancel()
 	return nil
 }