simplify parser for now

Author: orangepizza

providers/http/nfqueue/nfqueue.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"time"
 
-	nfqueue "github.com/florianl/go-nfqueue"
+	gnfqueue "github.com/florianl/go-nfqueue"
 	"github.com/go-acme/lego/v4/log"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
@@ -59,57 +59,46 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
 	if err != nil {
 		return err
 	}
-	config := nfqueue.Config{
+	config := gnfqueue.Config{
 		NfQueue:      8555,
 		MaxPacketLen: 0xFFFF,
 		MaxQueueLen:  0xFF,
-		Copymode:     nfqueue.NfQnlCopyPacket,
+		Copymode:     gnfqueue.NfQnlCopyPacket,
 		WriteTimeout: 15 * time.Millisecond,
 	}
-	nf, err := nfqueue.Open(&config)
+	nf, err := gnfqueue.Open(&config)
 	if err != nil {
 		return err
 	}
 	defer nf.Close()
 
 	//handle Packet
-	handlepacket := func(a nfqueue.Attribute) int {
-		log.Infof("handlepacket called!")
+	handlepacket := func(a gnfqueue.Attribute) int {
 		id := *a.PacketID
 		opt := gopacket.DecodeOptions{
 			NoCopy: true,
 			Lazy:   false,
 		}
-		payload := gopacket.NewPacket(*a.Payload, layers.LayerTypeEthernet, opt)
-		var srcip net.IP
-		//var ipLayer int
-		//get from/to ips
-		if ipv4Layer := payload.Layer(layers.LayerTypeIPv4); ipv4Layer != nil {
-			//ipv4
-
-			ip, _ := ipv4Layer.(*layers.IPv4)
-			srcip = ip.SrcIP
-			//	ipLayer = 0
-		} else {
-			//ipv6
-			ipv6Layer := payload.Layer(layers.LayerTypeIPv6)
-			ip, _ := ipv6Layer.(*layers.IPv6)
-			srcip = ip.SrcIP
-		}
+		//assume ipv4 for now, will segfault
+		payload := gopacket.NewPacket(*a.Payload, layers.LayerTypeIPv4, opt)
+		ipL := payload.Layer(layers.LayerTypeIPv4)
+		srcip := ipL.(*layers.IPv4).SrcIP
+		log.Infof("%s", srcip.String())
 		if tcpLayer := payload.Layer(layers.LayerTypeTCP); tcpLayer != nil {
-			log.Infof("This is a TCP packet!")
 			// Get actual TCP data from this layer
 			inputTcp, _ := tcpLayer.(*layers.TCP)
 			log.Infof("From src port %d to dst port %d\n", inputTcp.SrcPort, inputTcp.DstPort)
+			log.Infof("layer under P %s", inputTcp.Payload)
 			// this should be HTTP payload
 			httpPayload, err := http.ReadRequest(bufio.NewReader((bytes.NewReader(inputTcp.LayerPayload()))))
 			if err != nil {
-				nf.SetVerdict(id, nfqueue.NfAccept)
+				nf.SetVerdict(id, gnfqueue.NfAccept)
+				return 0
 			}
 			// check token in http
 			if strings.Contains(httpPayload.URL.Path, token) {
-				//we got the token!, block the packet.
-				nf.SetVerdict(id, nfqueue.NfDrop)
+				//we got the token!, block the packet to backend server.
+				nf.SetVerdict(id, gnfqueue.NfDrop)
 				//forge our new reply
 				log.Infof("got token packet")
 				replyhttp := craftkeyauthresponse(keyAuth)
@@ -121,15 +110,18 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
 					Ack:     inputTcp.Seq + 1,
 					Window:  100,
 				}
+				outputTcp.Payload = replyhttp
 				//check network layer
 				outputTcp.SetNetworkLayerForChecksum(&layers.IPv4{})
-				ouputIPpack := gopacket.NewSerializeBuffer()
+				replypacket := gopacket.NewSerializeBuffer()
+				bytes, _ := replypacket.AppendBytes(len(replyhttp))
+
 				opts := gopacket.SerializeOptions{
 					FixLengths:       true,
 					ComputeChecksums: true,
 				}
 				// serialize packet
-				if err := gopacket.SerializeLayers(ouputIPpack, opts, outputTcp, gopacket.Payload(replyhttp)); err != nil {
+				if err := outputTcp.SerializeTo(replypacket, opts); err != nil {
 					panic(err)
 				}
 				//dial validation agent
@@ -138,17 +130,18 @@ func (w *HTTPProvider) serve(domain, token, keyAuth string) error {
 				if err != nil {
 					panic(err)
 				}
-				if _, err := conn.Write(ouputIPpack.Bytes()); err != nil {
+				if _, err := conn.Write(replypacket.Bytes()); err != nil {
 					panic(err)
 				}
-
+				// packet sent, end of function
+				return 0
 			} else {
-				nf.SetVerdict(id, nfqueue.NfAccept)
+				nf.SetVerdict(id, gnfqueue.NfAccept)
 				return 0
 			}
 
 		} else {
-			nf.SetVerdict(id, nfqueue.NfAccept)
+			nf.SetVerdict(id, gnfqueue.NfAccept)
 		}
 
 		return 0