Skip to content

Commit 1bbcb2e

Browse files
orangepizzaorangepizza
committed
trim more debug loglines
1 parent ff4bc78 commit 1bbcb2e

File tree

1 file changed

+8
-16
lines changed

1 file changed

+8
-16
lines changed

providers/http/nfqueue/nfqueue.go

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ import (
1414
"time"
1515

1616
gnfqueue "github.com/florianl/go-nfqueue"
17-
"github.com/go-acme/lego/v4/log"
1817
"github.com/google/gopacket"
1918
"github.com/google/gopacket/layers"
2019
)
@@ -81,15 +80,16 @@ func craftReplyPacketBytes(keyAuth string, inputpacket gopacket.Packet) []byte {
8180
return outbuffer.Bytes()
8281
}
8382

84-
func sendPacketv4(packet []byte, DstIP *net.IP) {
83+
// sendPacket sends packet: TODO: call cleanup if errors out
84+
func sendPacket(packet []byte, DstIP *net.IP) error {
8585
var err error
8686
con, err := net.Dial("ip:6", DstIP.String())
8787
if err != nil {
88-
log.Fatal(err)
88+
return err
8989
}
9090
_, err = con.Write(packet)
9191
if err != nil {
92-
log.Fatal(err)
92+
return err
9393
}
9494
}
9595

@@ -99,7 +99,7 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
9999
//run nfqueue start
100100
cmd := exec.Command("iptables", "-I", "INPUT", "-p", "tcp", "--dport", w.port, "-j", "NFQUEUE", "--queue-num", "8555")
101101
err := cmd.Run()
102-
// run this down when this server come down
102+
// ensure even if clean funtion failed to called
103103
defer exec.Command("iptables", "-D", "INPUT", "-p", "tcp", "--dport", w.port, "-j", "NFQUEUE", "--queue-num", "8555").Run()
104104
if err != nil {
105105
return err
@@ -128,13 +128,9 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
128128
payload := gopacket.NewPacket(*a.Payload, layers.LayerTypeIPv4, opt)
129129
ipL := payload.Layer(layers.LayerTypeIPv4)
130130
srcip := ipL.(*layers.IPv4).SrcIP
131-
log.Infof("%s, %s", srcip.String())
132131
if tcpLayer := payload.Layer(layers.LayerTypeTCP); tcpLayer != nil {
133132
// Get actual TCP data from this layer
134133
inputTcp, _ := tcpLayer.(*layers.TCP)
135-
log.Infof("From src port %d to dst port %d\n", inputTcp.SrcPort, inputTcp.DstPort)
136-
log.Infof("Payload: %s", inputTcp.Payload)
137-
log.Infof("tcp header: %s", inputTcp.LayerContents())
138134
// this should be HTTP payload
139135
httpPayload, err := http.ReadRequest(bufio.NewReader((bytes.NewReader(inputTcp.LayerPayload()))))
140136
if err != nil {
@@ -146,13 +142,9 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
146142
//we got the token!, block the packet to backend server.
147143
nf.SetVerdict(id, gnfqueue.NfDrop)
148144
//forge our new reply
149-
log.Infof("got token packet")
150-
151145
replypacket := craftReplyPacketBytes(keyAuth, payload)
152-
//dial validation agent
153-
// Send the modified packet back into the session
154-
log.Infof(string(replypacket))
155-
sendPacketv4(replypacket, &srcip)
146+
// Send the modified packet back to VA, ignore err as it won't crash
147+
sendPacket(replypacket, &srcip)
156148
// packet sent, end of function
157149
return 0
158150
} else {
@@ -167,7 +159,7 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
167159
return 0
168160
}
169161

170-
// Register your function to listen on nflqueue queue 100
162+
// Register your function to listen on nflqueue queue
171163
err = nf.Register(w.context, handlepacket)
172164
if err != nil {
173165
fmt.Println(err)

0 commit comments

Comments
 (0)