Are sendp or send affected by ipfilter rules? (ScaPy as a "reviewing" man in the middle)
2012-02-28 20:27:50 GMT
When I send a frame/packet with sendp or send, is it affected by rules set in ipfilter, or is ipfilter completely blind to anything ScaPy does?
I am trying to send all incoming traffic from the Arcanists server of FunOrb through ScaPy and a callback-function, before passing it on to the Java client running in a browser locally.
If the data received from the server includes a chat message that would cause the client to crash (FunOrb developers are not available to fix this themselves, unfortunately),
ScaPy should remove the crash-inducing part of the data before passing it on to the client (I have not yet implemented this).
To stop the client from getting TCP-traffic from anything but ScaPy, I have added the following to my ipfilter:
(which assumes ScaPy is not affected by ipfilter)
#iptables -A INPUT -p tcp --source 64.79.147.135 --destination 192.168.1.10 -j DROP
#Resulting in
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- cust-64.79.147.135.switchnap.com 192.168.1.10
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(Why is 64.79.147.135 rewritten as cust-.... ?)
...So unless I have overlooked something, I would expect the client to never receive anything from the server (that is caught by the sniff-filters), except for what is passed onto it by ScaPy.
But I seem to have problems getting the passing on of traffic to work:
When the script is run, ScaPy starts passing on frames to the client (which turn out to be SYN-ACK requests from the server) at an insane rate (several hundreds a second).
In the script below, I do nothing to modify or stop packets from being passed on to the client – ScaPy just sends everything it receives from the server to the client with the callback function ForwardPacket.
As I have no rules for outbound traffic, only for inbound traffic, should not the client answer the SYN-ACK requests from the server on its own (outbound traffic is not blocked as far as I know)?
Scapy is as far as I can see just a „man in the middle“ here. Or am I overlooking something?
Script with markup pasted at http://paste.pocoo.org/show/558248/
#!/usr/bin/env python
from scapy.all import *
"""
#Example of frame/packet for reference
<bound method Ether.summary of <Ether dst=00:1f:d0:c4:57:86 src=00:1d:60:a6:2f:46 type=0x800 |
<IP version=4L ihl=5L tos=0x0 len=60 id=14554 flags=DF frag=0L ttl=64 proto=tcp chksum=0x6c59 src=192.168.1.10 dst=64.79.147.135 options=[] |
<TCP sport=34071 dport=www seq=4099164252 ack=0 dataofs=10L reserved=0L flags=S window=14600 chksum=0x95b7 urgptr=0 options=[('MSS', 1460), ('SAckOK', ''),
('Timestamp', (9924742, 0)), ('NOP', None), ('WScale', 7)] |>>>>
"""
class FunOrb(object):
"""Pass all packets on to the Arcanists client, except if they contain chat that causes the disconnect-glitch"""
def __init__(self):
#IP of FunOrb/Arcanists server
self.funorbIP = "64.79.147.135"
self.localIP = "192.168.1.10"
#Catch all packets from FunOrb to the client and forward them to the client via ForwardPacket
sniff(filter="tcp and src {0} and dst {1}".format(self.funorbIP, self.localIP), prn=self.ForwardPacket)
def ForwardPacket(self, FOPacket):
sendp(FOPacket, loop=1)
"""
data = FOPacket.~~
if self.IsChat(data):
if self.IsDCGlitch(data):
FOPacket.~~ = self.FixGlitch(data)
"""
def IsChat(self, data):
"""Checks whether the data in the packet is likely to be chat"""
#Not implemented
if x in data:
return True
else:
return False
def IsDCGlitch(self, data):
"""Checks whether the data in the packet is likely to cause the DC glitch"""
#Not implemented
if x in data:
return True
else:
return False
def FixGlitch(self, data):
"""Returns replacement-data that should not cause the DC glitch"""
#Not implemented
pass
#Instance
FunOrb()
In summary:
I am trying to route all incoming traffic from the given server through ScaPy, modifying the content of the TCP packet if it matches certain criteria.
RSS Feed