89 89 "engine", 90 90 self.environment_id, 91 91 log_level=log_level, 92 + iface=iface, 92 93 demo_mode=demo_mode) 93 94 # Warn if these are not provided 94 95 if not environment_id: 115 116 self.out_nfqueue_thread = None 116 117 self.in_nfqueue_thread = None 117 118 self.censorship_detected = False 119 + 120 + self.interface = iface 121 + if not iface: 122 + self.interface = actions.utils.get_interface() 123 + 118 124 # Specifically define an L3Socket to send our packets. This is an optimization 119 125 # for scapy to send packets more quickly than using just send(), as under the hood 120 126 # send() creates and then destroys a socket each time, imparting a large amount 121 127 # of overhead. 122 - self.socket = conf.L3socket(iface=actions . utils .get_interface ( ) ) 128 + self.socket = conf.L3socket(iface=self .interface ) 123 129 124 130 def __enter__(self): 125 131 """ 221 227 add_or_remove = "D" 222 228 cmds = [] 223 229 for proto in ["tcp", "udp"]: 224 - cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 225 - (add_or_remove, out_chain, proto, port1, self.server_port, self.out_queue_num), 226 - "iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 227 - (add_or_remove, in_chain, proto, port2, self.server_port, self.in_queue_num)] 230 + cmds += ["iptables -%s %s -p %s --%s %d -i % s - j NFQUEUE --queue-num %d" % 231 + (add_or_remove, out_chain, proto, port1, self.server_port, self.interface , self . out_queue_num), 232 + "iptables -%s %s -p %s --%s %d -i % s - j NFQUEUE --queue-num %d" % 233 + (add_or_remove, in_chain, proto, port2, self.server_port, self.interface , self . in_queue_num)] 228 234 # If this machine is acting as a middlebox, we need to add the same rules again 229 235 # in the opposite direction so that we can pass packets back and forth 230 236 if self.forwarder: 231 - cmds += ["iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 232 - (add_or_remove, out_chain, proto, port2, self.server_port, self.out_queue_num), 233 - "iptables -%s %s -p %s --%s %d -j NFQUEUE --queue-num %d" % 234 - (add_or_remove, in_chain, proto, port1, self.server_port, self.in_queue_num)] 237 + cmds += ["iptables -%s %s -p %s --%s %d -i % s - j NFQUEUE --queue-num %d" % 238 + (add_or_remove, out_chain, proto, port2, self.server_port, self.interface , self . out_queue_num), 239 + "iptables -%s %s -p %s --%s %d -i % s - j NFQUEUE --queue-num %d" % 240 + (add_or_remove, in_chain, proto, port1, self.server_port, self.interface , self . in_queue_num)] 235 241 236 242 for cmd in cmds: 237 243 self.logger.debug(cmd) 424 430 parser.add_argument('--no-save-packets', action='store_false', help='Disables recording captured packets') 425 431 parser.add_argument("--in-queue-num", action="store", help="NfQueue number for incoming packets", default=1, type=int) 426 432 parser.add_argument("--out-queue-num", action="store", help="NfQueue number for outgoing packets", default=None, type=int) 433 + parser.add_argument("--interface", action="store", help="Limit the engine to just this interface", default=None) 427 434 parser.add_argument("--demo-mode", action='store_true', help="Replaces all IPs with dummy IPs in log messages so as not to reveal sensitive IP addresses") 428 435 429 436 args = parser.parse_args() 451 458 in_queue_num=args["in_queue_num"], 452 459 out_queue_num=args["out_queue_num"], 453 460 save_seen_packets=args["no_save_packets"], 461 + iface=args["interface"], 454 462 demo_mode=args["demo_mode"]) 455 463 eng.initialize_nfqueue() 456 464 while True:
Kkevsterrr
committed
4 years ago
1 parent 1a7aa7c2