-
Notifications
You must be signed in to change notification settings - Fork 51
/
fqconfig.go
228 lines (196 loc) · 9.93 KB
/
fqconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
package fqconfig
import "strconv"
// FilterQueue captures all the configuration parameters of the NFQUEUEs and Iptables configuration.
type FilterQueue struct {
// QueueSeparation specifies if we should use separate queues per packet type
QueueSeparation bool
// MarkValue is the default mark to set in packets in the RAW chain
MarkValue int
// NetworkQueue is the queue number of the base queue for network packets
NetworkQueue uint16
// NumberOfApplicationQueues is the number of queues that must be allocated
NumberOfApplicationQueues uint16
// numberOfNetworkQueues is the number of network queues allocated
NumberOfNetworkQueues uint16
// ApplicationQueue is the queue number of the first application queue
ApplicationQueue uint16
// ApplicationQueueSize is the size of the application queue
ApplicationQueueSize uint32
// NetworkQueueSize is the size of the network queue
NetworkQueueSize uint32
// NetworkSynQueues the range of network queues for syn packets
NetworkSynQueues []uint32
// NetworkSynAckQueues the range of network queues for syn ack packets
NetworkSynAckQueues []uint32
// NetworkAckQueues the range of network queues for ack packets
NetworkAckQueues []uint32
// NetworkQueuesSvc the range of network queus for services
NetworkQueuesSvc []uint32
// ApplicationSynQueues is the range of application queues for syn packets
ApplicationSynQueues []uint32
// ApplicationAckQueues is the range of application queues for application ack packets
ApplicationAckQueues []uint32
// ApplicationQueuesSvc is the range of queues for application service packets
ApplicationQueuesSvc []uint32
// ApplicationSynAckQueues is the range of queues for application synack packets
ApplicationSynAckQueues []uint32
// NetworkQueuesSynStr is the queue string for network syn
NetworkQueuesSynStr string
// NetworkQueuesAckStr is the queue string for network ack
NetworkQueuesAckStr string
// NetworkQueuesSynAckStr is the queue string for network synack packets
NetworkQueuesSynAckStr string
// NetworkQueuesSvcStr is the queue string for services
NetworkQueuesSvcStr string
// ApplicationQueuesSynStr is the queue string for application syn packets
ApplicationQueuesSynStr string
// ApplicationQueuesAckStr is the queue string for application ack packets
ApplicationQueuesAckStr string
// ApplicationQueuesSvcStr is the queue string for application service packets
ApplicationQueuesSvcStr string
// ApplicationQueuesSynAckStr is the queue string for application synack packets
ApplicationQueuesSynAckStr string
// DNSServerAddress
DNSServerAddress []string
}
// NewFilterQueueWithDefaults return a default filter queue config
func NewFilterQueueWithDefaults() *FilterQueue {
return NewFilterQueue(
DefaultQueueSeperation,
DefaultMarkValue,
DefaultQueueStart,
DefaultNumberOfQueues,
DefaultNumberOfQueues,
DefaultQueueSize,
DefaultQueueSize,
nil,
)
}
func createQueueSlice(startQueue uint16, numQueues uint16) []uint32 {
queues := make([]uint32, int(numQueues))
for i := startQueue; i < (startQueue + numQueues); i++ {
queues[i-startQueue] = uint32(i)
}
return queues
}
// NewFilterQueue returns an instance of FilterQueue
func NewFilterQueue(queueSeparation bool, MarkValue int, QueueStart, NumberOfNetworkQueues, NumberOfApplicationQueues uint16, NetworkQueueSize, ApplicationQueueSize uint32, dnsServerAddress []string) *FilterQueue {
fq := &FilterQueue{
QueueSeparation: queueSeparation,
MarkValue: MarkValue,
NetworkQueueSize: NetworkQueueSize,
ApplicationQueueSize: ApplicationQueueSize,
DNSServerAddress: dnsServerAddress,
}
if queueSeparation {
fq.ApplicationQueue = QueueStart
fq.ApplicationSynQueues = createQueueSlice(fq.ApplicationQueue, NumberOfApplicationQueues)
fq.ApplicationAckQueues = createQueueSlice(fq.ApplicationQueue+1*NumberOfApplicationQueues, NumberOfApplicationQueues)
fq.ApplicationSynAckQueues = createQueueSlice((fq.ApplicationQueue + 2*NumberOfApplicationQueues), NumberOfApplicationQueues)
fq.ApplicationQueuesSvc = createQueueSlice(fq.ApplicationQueue+3*NumberOfApplicationQueues, NumberOfApplicationQueues)
fq.ApplicationQueuesSynStr = strconv.Itoa(int(fq.ApplicationQueue)) + ":" + strconv.Itoa(int(fq.ApplicationQueue+NumberOfApplicationQueues-1))
fq.ApplicationQueuesAckStr = strconv.Itoa(int(fq.ApplicationQueue+1*NumberOfApplicationQueues)) + ":" + strconv.Itoa(int(fq.ApplicationQueue+2*NumberOfApplicationQueues-1))
fq.ApplicationQueuesSynAckStr = strconv.Itoa(int(fq.ApplicationQueue+2*NumberOfApplicationQueues)) + ":" + strconv.Itoa(int(fq.ApplicationQueue+3*NumberOfApplicationQueues-1))
fq.ApplicationQueuesSvcStr = strconv.Itoa(int(fq.ApplicationQueue+3*NumberOfApplicationQueues)) + ":" + strconv.Itoa(int(fq.ApplicationQueue+4*NumberOfApplicationQueues-1))
fq.NumberOfApplicationQueues = NumberOfApplicationQueues * 4
fq.NetworkQueue = QueueStart + fq.NumberOfApplicationQueues
fq.NetworkQueuesSynStr = strconv.Itoa(int(fq.NetworkQueue)) + ":" + strconv.Itoa(int(fq.NetworkQueue+NumberOfNetworkQueues-1))
fq.NetworkSynQueues = createQueueSlice(fq.NetworkQueue, NumberOfNetworkQueues)
fq.NetworkAckQueues = createQueueSlice(fq.NetworkQueue+1*NumberOfNetworkQueues, NumberOfNetworkQueues)
fq.NetworkSynAckQueues = createQueueSlice(fq.NetworkQueue+2*NumberOfNetworkQueues, NumberOfNetworkQueues)
fq.NetworkQueuesSvc = createQueueSlice(fq.NetworkQueue+3*NumberOfNetworkQueues, NumberOfNetworkQueues)
fq.NetworkQueuesAckStr = strconv.Itoa(int(fq.NetworkQueue+1*NumberOfNetworkQueues)) + ":" + strconv.Itoa(int(fq.NetworkQueue+2*NumberOfNetworkQueues-1))
fq.NetworkQueuesSynAckStr = strconv.Itoa(int(fq.NetworkQueue+2*NumberOfNetworkQueues)) + ":" + strconv.Itoa(int(fq.NetworkQueue+3*NumberOfNetworkQueues-1))
fq.NetworkQueuesSvcStr = strconv.Itoa(int(fq.NetworkQueue+3*NumberOfNetworkQueues)) + ":" + strconv.Itoa(int(fq.NetworkQueue+4*NumberOfNetworkQueues-1))
fq.NumberOfNetworkQueues = NumberOfNetworkQueues * 4
} else {
fq.ApplicationQueue = QueueStart
fq.ApplicationQueuesSynStr = strconv.Itoa(int(fq.ApplicationQueue)) + ":" + strconv.Itoa(int(fq.ApplicationQueue+NumberOfApplicationQueues-1))
fq.ApplicationQueuesAckStr = fq.ApplicationQueuesSynStr
fq.ApplicationQueuesSvcStr = fq.ApplicationQueuesSynStr
fq.ApplicationQueuesSynAckStr = fq.ApplicationQueuesSynStr
fq.NumberOfApplicationQueues = NumberOfApplicationQueues
fq.NetworkQueue = QueueStart + fq.NumberOfApplicationQueues
fq.NetworkQueuesSynStr = strconv.Itoa(int(fq.NetworkQueue)) + ":" + strconv.Itoa(int(fq.NetworkQueue+NumberOfNetworkQueues-1))
fq.NetworkQueuesAckStr = fq.NetworkQueuesSynStr
fq.NetworkQueuesSynAckStr = fq.NetworkQueuesSynStr
fq.NetworkQueuesSvcStr = fq.NetworkQueuesSynStr
fq.NumberOfNetworkQueues = NumberOfNetworkQueues
}
return fq
}
// GetMarkValue returns a mark value to be used by iptables action
func (f *FilterQueue) GetMarkValue() int {
return f.MarkValue
}
// GetNetworkQueueStart returns start of network queues to be used by iptables action
func (f *FilterQueue) GetNetworkQueueStart() uint16 {
return f.NetworkQueue
}
// GetNumNetworkQueues returns number of network queues to be used by iptables action
func (f *FilterQueue) GetNumNetworkQueues() uint16 {
return f.NumberOfNetworkQueues
}
// GetNetworkQueueSize returns size of network queues to be used by iptables action
func (f *FilterQueue) GetNetworkQueueSize() uint32 {
return f.NetworkQueueSize
}
// GetApplicationQueueStart returns start of application queues to be used by iptables action
func (f *FilterQueue) GetApplicationQueueStart() uint16 {
return f.ApplicationQueue
}
// GetNumApplicationQueues returns number of application queues to be used by iptables action
func (f *FilterQueue) GetNumApplicationQueues() uint16 {
return f.NumberOfApplicationQueues
}
// GetApplicationQueueSize returns size of application queues to be used by iptables action
func (f *FilterQueue) GetApplicationQueueSize() uint32 {
return f.ApplicationQueueSize
}
// GetNetworkQueueSynStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetNetworkQueueSynStr() string {
return f.NetworkQueuesSynStr
}
// GetNetworkQueueAckStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetNetworkQueueAckStr() string {
return f.NetworkQueuesAckStr
}
// GetNetworkQueueSynAckStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetNetworkQueueSynAckStr() string {
return f.NetworkQueuesSynAckStr
}
// GetNetworkQueueSvcStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetNetworkQueueSvcStr() string {
return f.NetworkQueuesSvcStr
}
// GetApplicationQueueSynStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetApplicationQueueSynStr() string {
return f.ApplicationQueuesSynStr
}
// GetApplicationQueueAckStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetApplicationQueueAckStr() string {
return f.ApplicationQueuesAckStr
}
// GetApplicationQueueSynAckStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetApplicationQueueSynAckStr() string {
return f.ApplicationQueuesSynAckStr
}
// GetApplicationQueueSvcStr returns a queue id string to be used by iptables action
func (f *FilterQueue) GetApplicationQueueSvcStr() string {
return f.ApplicationQueuesSvcStr
}
// Default parameters for the NFQUEUE configuration. Parameters can be
// changed after an isolator has been created and before its started.
// Change in parameters after the isolator is started has no effect
const (
// DefaultQueueSeperation specifies if we should use separate queues for packet types
DefaultQueueSeperation = true
// DefaultNumberOfQueues is the default number of queues used in NFQUEUE
DefaultNumberOfQueues = 4
// DefaultQueueStart represents the queue number to start
DefaultQueueStart = 0
// DefaultQueueSize is the size of the queues
DefaultQueueSize = 500
// DefaultMarkValue is the default Mark for packets in the raw chain
DefaultMarkValue = 0x1111
)