skipped 46 lines 47 47 demo_mode=False): 48 48 """ 49 49 Args: 50 - server_port (int): The port the engine will monitor 50 + server_port (int): The port( s ) the engine will monitor 51 51 string_strategy (str): String representation of strategy DNA to apply to the network 52 52 environment_id (str, None): ID of the given strategy 53 53 server_side (bool, False): Whether or not the engine is running on the server side of the connection skipped 167 lines 221 221 add_or_remove = "D" 222 222 cmds = [] 223 223 for proto in ["tcp", "udp"]: 224 - cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 225 - (add_or_remove, out_chain, proto, port1, self.server_port, self.out_queue_num), 226 - "iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 227 - (add_or_remove, in_chain, proto, port2, self.server_port, self.in_queue_num)] 224 + # Need to change the match rule if multiple ports are specified 225 + # Don't need to do any checking on the port since the iptables command can error, closing the engine 226 + # Default match policy is the protocol 227 + match_policy = proto 228 + if any(x in self.server_port for x in [":", ","]): 229 + match_policy = "multiport" 230 + 231 + cmds += ["iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" % 232 + (add_or_remove, out_chain, proto, match_policy, port1, self.server_port, self.out_queue_num), 233 + "iptables -%s %s -p %s --match %s --%s %s -j NFQUEUE --queue-num %d" % 234 + (add_or_remove, in_chain, proto, match_policy, port2, self.server_port, self.in_queue_num)] 228 235 # If this machine is acting as a middlebox, we need to add the same rules again 229 236 # in the opposite direction so that we can pass packets back and forth 230 237 if self.forwarder: 231 - cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 232 - (add_or_remove, out_chain, proto, port2, self.server_port, self.out_queue_num), 233 - "iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 234 - (add_or_remove, in_chain, proto, port1, self.server_port, self.in_queue_num)] 238 + cmds += ["iptables -%s %s -p %s --match %s - - %s % s -j NFQUEUE --queue-num %d" % 239 + (add_or_remove, out_chain, proto, match_policy , port2, self.server_port, self.out_queue_num), 240 + "iptables -%s %s -p %s --match %s - - %s % s -j NFQUEUE --queue-num %d" % 241 + (add_or_remove, in_chain, proto, match_policy , port1, self.server_port, self.in_queue_num)] 235 242 236 243 for cmd in cmds: 237 244 self.logger.debug(cmd) skipped 171 lines 409 416 Sets up argparse and collects arguments. 410 417 """ 411 418 parser = argparse.ArgumentParser(description='The engine that runs a given strategy.') 412 - parser.add_argument('--server-port', type=int, action='store', required=True) 419 + # Store a string, not int, in case of port ranges/lists. The iptables command checks the port var 420 + parser.add_argument('--server-port', action='store', required=True) 413 421 parser.add_argument('--environment-id', action='store', help="ID of the current strategy under test") 414 422 parser.add_argument('--sender-ip', action='store', help="IP address of sending machine, used for NAT") 415 423 parser.add_argument('--routing-ip', action='store', help="Public IP of this machine, used for NAT") skipped 49 lines