conntracker

#!/usr/bin/env lua5.1
--[[
A conntracker wrapper using a pluggable queueing method and protocol decoder to set expectations.
Assumes iptables rules have been setup appropriately.
See ECHO.txt for usage.
]]

require"exptrack"

-- arguments

arg.method = "queue"
arg.decode = "echo"
arg.verbose = nil -- bool
arg.debug = nil -- bool
arg.expector = nil -- "c" or "lua" or default
arg.filter = nil -- a pcap filter, used if method = pcap
--[[
Example:
  filter="(dst port 9999 and dst host 127.0.0.1) or (src port 9999 and src host 127.0.0.1)"

sudo ./conntracker method=pcap decode=echo expector=external verbose=very filter="(dst port 9999 and dst host 127.0.0.1) or (src port 9999 and src host 127.0.0.1)"
  
]]

for i,a in ipairs(arg) do
    local s,e,k,v = a:find("^([^=]+)=(.*)$")
    arg[k] = v
end

if arg.verbose then
    exptrack.verbose = print
end
if arg.verbose == "very" then
    exptrack.debug = print
end

expector = {
    lua = function (src, dst, sport, dport, expectport, timeout, flag)
        local ext = {
            "nfct-expect-create-userspace",
            "expect="..expectport,
            "src="..src,
            "dst="..dst,
            "sport="..sport,
            "dport="..dport,
            "timeout="..timeout
        }
        if flag then
            table.insert(ext, "flag="..flag)
        end
        local cmd = table.concat(ext, " ")
        exptrack.debug("cmd=", cmd)
        exptrack.debug("ret=", os.execute(cmd))
    end;
    c = function(src, dst, sport, dport, expectport, timeout, flag)
        local ext = {
            "expect-create-userspace",
            "-e "..expectport,
            "-s "..src,
            "-d "..dst,
            "-f "..sport,
            "-t "..dport,
            "-T "..timeout,
        }
        if flag then
            assert(flag == "permanent") -- the only one supported
            table.insert(ext, "-P")
        end
        local cmd = table.concat(ext, " ")
        exptrack.debug("cmd=", cmd)
        exptrack.debug("ret=", os.execute(cmd))
    end;
    loop_c = function(src, dst, sport, dport, expectport, timeout, flag)
        local ext = {
            "watch",
            "-n 60",
            "expect-create-userspace",
            "-e "..expectport,
            "-s "..src,
            "-d "..dst,
            "-f "..sport,
            "-t "..dport,
            "-T "..timeout,
            "> /dev/null 2>&1" -- Too verbose otherwise
        }
        if flag then
            assert(flag == "permanent") -- the only one supported
            table.insert(ext, "-P")
        end
        local cmd = table.concat(ext, " ")
        exptrack.debug("cmd=", cmd)
        exptrack.debug("ret=", os.execute(cmd))
    end;
}

expector.external = expector.lua -- Legacy support

method = {
    queue = {
        open = function()
            return exptrack.open(arg.queuenum)
        end;

        catch = exptrack.catch;
    };

    pcap = {
        open = function()
            require"pcap"

            local cap = assert(pcap.open_live(arg.ifx))
            if arg.filter then
                assert(cap:set_filter(arg.filter))
            end
            return cap
        end;

        catch = function(cap, decode)
            local linkhdrsize = ({
                [pcap.DLT.EN10MB] = 14,
                [pcap.DLT.LINUX_SLL] = 16,
            })[cap:datalink()]

            assert(linkhdrsize)
            while true do
                local capdata, timestamp, wirelen = cap:next()
                if capdata then
                    -- strip the datalink header to get to the IP
                    local inip = string.sub(capdata, 1+linkhdrsize)
                    decode(inip)
                elseif timestamp == "timeout" then
                    -- keep looping
                    exptrack.verbose("timeout on pcap next")
                else
                    assert(capdata, timestamp)
                end
            end
        end;
    };
}

arg.expector = expector[arg.expector]

exptrack.debug"debug output is on"
exptrack.verbose"verbose output is on"
exptrack.verbose("decode", arg.decode, "method", arg.method, "expector", arg.expector)

decoder = require(arg.decode)
catcher = method[arg.method]

c = catcher.open()
d = decoder.decode

catcher.catch(c, d)