redo sending by syscall

Author: orangepizza

providers/http/nfqueue/nfqueue.go

@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"os/exec"
 	"strings"
+	"syscall"
 	"time"
 
 	gnfqueue "github.com/florianl/go-nfqueue"
@@ -40,14 +41,63 @@ func NewHttpDpiProvider(port string) (*HTTPProvider, error) {
 func craftkeyauthresponse(keyAuth string) []byte {
 	var reply []byte
 	reply = fmt.Append(reply, "HTTP/1.1 200 OK\r\n")
-	reply = fmt.Append(reply, "Content-Type: text/plain")
-	reply = fmt.Append(reply, "server: go-acme-nfqueue")
-	reply = fmt.Append(reply, "Content-Length: %d\r\n", len(keyAuth))
+	reply = fmt.Append(reply, "Content-Type: text/plain\r\n")
+	reply = fmt.Append(reply, "server: go-acme-nfqueue\r\n")
+	reply = fmt.Appendf(reply, "Content-Length: %d\r\n", len(keyAuth))
 	reply = fmt.Append(reply, "\r\n", keyAuth)
 
 	return reply
 }
 
+// craft packet
+func craftReplyPacketBytes(keyAuth string, inputpacket gopacket.Packet) []byte {
+	outbuffer := gopacket.NewSerializeBuffer()
+	opt := gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}
+	inputTcp := inputpacket.Layer(layers.LayerTypeTCP).(*layers.TCP)
+	inputIPv4 := inputpacket.Layer(layers.LayerTypeIPv4).(*layers.IPv4)
+
+	httplayer := gopacket.Payload(craftkeyauthresponse(keyAuth))
+	tcplayer := &layers.TCP{
+		Seq: inputTcp.Ack + 1,
+		// we reply back so reverse src and dst ports
+		SrcPort: inputTcp.DstPort,
+		DstPort: inputTcp.SrcPort,
+		Ack:     inputTcp.Seq + 1,
+		Window:  100,
+	}
+	//check network layer
+	// this is reply so we reverse sorce and dst ip
+	iplayer := &layers.IPv4{
+		SrcIP: inputIPv4.DstIP,
+		DstIP: inputIPv4.SrcIP,
+	}
+	tcplayer.SetNetworkLayerForChecksum(iplayer)
+	gopacket.SerializeLayers(outbuffer, opt, iplayer, tcplayer, httplayer)
+
+	return outbuffer.Bytes()
+}
+
+func sendPacketv4(packet []byte, DstIP net.IP) {
+	var err error
+	DstIP = DstIP.To4()
+	dst := [4]byte{DstIP[0], DstIP[1], DstIP[2], DstIP[3]}
+	sk, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_RAW, syscall.IPPROTO_RAW)
+	if err != nil {
+		panic(err)
+	}
+	addr := syscall.SockaddrInet4{
+		Port: 0,
+		Addr: dst,
+	}
+	err = syscall.Sendto(sk, packet, 0, &addr)
+	if err != nil {
+		log.Fatal("Sendto:", err)
+	}
+}
+
 // serve runs server by sniffing packets on firewall and inject response into it.
 // iptables ://
 func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
@@ -101,38 +151,12 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
 				nf.SetVerdict(id, gnfqueue.NfDrop)
 				//forge our new reply
 				log.Infof("got token packet")
-				replyhttp := craftkeyauthresponse(keyAuth)
-				outputTcp := &layers.TCP{
-					Seq: inputTcp.Ack - 1,
-					// we reply back so reverse src and dst ports
-					SrcPort:    inputTcp.DstPort,
-					DstPort:    inputTcp.SrcPort,
-					Ack:        inputTcp.Seq + uint32(len(tcpLayer.LayerPayload())),
-					DataOffset: 5,
-					PSH:        true,
-				}
-				outputTcp.Payload = replyhttp
-				//check network layer
-				outputTcp.SetNetworkLayerForChecksum(&layers.IPv4{})
-				replypacket := gopacket.NewSerializeBuffer()
-
-				opts := gopacket.SerializeOptions{
-					FixLengths:       true,
-					ComputeChecksums: true,
-				}
-				// serialize packet
-				if err := outputTcp.SerializeTo(replypacket, opts); err != nil {
-					panic(err)
-				}
+
+				replypacket := craftReplyPacketBytes(keyAuth, payload)
 				//dial validation agent
 				// Send the modified packet back into the session
-				conn, err := net.Dial("tcp4", srcip.String()+":"+inputTcp.SrcPort.String())
-				if err != nil {
-					panic(err)
-				}
-				if _, err := conn.Write(replypacket.Bytes()); err != nil {
-					panic(err)
-				}
+				log.Infof(string(replypacket))
+				sendPacketv4(replypacket, srcip)
 				// packet sent, end of function
 				return 0
 			} else {