New networking core based on Freki (#37)

* using freki as networking core

* flag for debug logging

* peek and handle HTTP

* tcp handler test

* smtp test added

* rfb (vnc) test added

* proxy server added

* simple FTP handler added

* simple RDP PDU parser

Author: glaslos

.gitignore

@@ -7,6 +7,8 @@
 _obj
 _test
 build
+vendor
+bin
 
 # Architecture specific extensions/prefixes
 *.[568vq]
@@ -23,6 +25,3 @@ _testmain.go
 *.exe
 *.test
 *.prof
-
-logs.txt
-sensor

.travis.yml

@@ -2,8 +2,11 @@ language: go
 
 before_install:
   - sudo apt-get -qq update
-  - sudo apt-get install -y libpcap-dev
+  - sudo apt-get install -y libpcap-dev libnetfilter-queue-dev iptables-dev
 
-install: go get -t ./...
+install:
+  - go get -v github.com/Masterminds/glide
+  - glide install
+  - go get -t ./...
 
-script: go test -v ./...
+script: go test

Dockerfile

@@ -1,8 +1,17 @@
-FROM alpine:3.4
+FROM golang:1.7.4-alpine3.5
 RUN apk update
-RUN apk add conntrack-tools iptables
-RUN mkdir -p /opt/glutton
-WORKDIR /opt/glutton
-ADD sensor .
-ADD config/ports.yml .
-CMD ["./sensor", "-conf", "ports.yml", "-set-tables"]
+RUN apk add libnetfilter_queue-dev iptables-dev libpcap-dev
+
+RUN mkdir -p $GOPATH/src/github.com/mushorg/glutton
+WORKDIR $GOPATH/src/github.com/mushorg/glutton
+ADD . .
+RUN apk add g++
+
+RUN mkdir -p bin/
+RUN go build -o bin/sensor app/server.go
+
+# RUN mkdir -p /opt/glutton
+# WORKDIR /opt/glutton
+# ADD bin/sensor .
+# ADD rules/rules.yaml .
+CMD ["bin/sensor", "-interface", "eth0", "-rules", "rules/rules.yaml"]

Makefile

@@ -1,11 +1,23 @@
 .PHONY: all test clean build
 
+default: build
+
 build:
-	GOOS=linux go build -o sensor server/glutton_server.go
+	@mkdir -p bin/
+	go build -o bin/sensor app/server.go
+	upx -1 bin/sensor
+
+static:
+	@mkdir -p bin/
+	go build --ldflags '-extldflags "-static"' -o bin/sensor app/server.go
+	upx -1 bin/sensor
+
+clean:
+	rm -rf bin/
 
 run: build
-	sudo ./sensor -conf config/ports.yml
+	sudo ./bin/sensor -rules rules/rules.yaml
 
-docker: build
+docker:
 	docker build -t glutton .
 	docker run --cap-add=NET_ADMIN -it glutton

app/server.go

@@ -0,0 +1,144 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io"
+	"net"
+	"os"
+	"os/signal"
+	"strings"
+	"sync"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/kung-foo/freki"
+	"github.com/mushorg/glutton"
+)
+
+func onErrorExit(err error) {
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func onErrorClose(err error, conn net.Conn) {
+	if err != nil {
+		log.Error(err)
+		err = conn.Close()
+		if err != nil {
+			log.Error(err)
+		}
+	}
+}
+
+func onInterruptSignal(fn func()) {
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt)
+
+	go func() {
+		<-sig
+		fn()
+	}()
+}
+
+func main() {
+	fmt.Println(`
+  _____ _       _   _
+ / ____| |     | | | |
+| |  __| |_   _| |_| |_ ___  _ __
+| | |_ | | | | | __| __/ _ \| '_ \
+| |__| | | |_| | |_| || (_) | | | |
+ \_____|_|\__,_|\__|\__\___/|_| |_|
+
+	`)
+	logPath := flag.String("log", "/dev/null", "Log path")
+	iface := flag.String("interface", "eth0", "Interface to work with")
+	rulesPath := flag.String("rules", "/etc/glutton/rules.yaml", "Rules path")
+	enableDebug := flag.Bool("debug", false, "Set to enable debug log")
+	flag.Parse()
+
+	log.Infof("[glutton ] Loading rules from: %s", *rulesPath)
+	rulesFile, err := os.Open(*rulesPath)
+	onErrorExit(err)
+	rules, err := freki.ReadRulesFromFile(rulesFile)
+	onErrorExit(err)
+	log.Infof("[glutton ] Rules: %+v", rules)
+
+	// Write log to file and stdout
+	f, err := os.OpenFile(*logPath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+	onErrorExit(err)
+	log.SetOutput(io.MultiWriter(f, os.Stdout))
+
+	logger := log.New()
+	if *enableDebug == true {
+		logger.Level = log.DebugLevel
+	}
+
+	// Initiate the freki processor
+	processor, err := freki.New(*iface, rules, logger)
+	onErrorExit(err)
+	// Adding a proxy server
+	processor.AddServer(freki.NewTCPProxy(6000))
+
+	err = processor.Init()
+	onErrorExit(err)
+
+	exitMtx := sync.RWMutex{}
+	exit := func() {
+		exitMtx.Lock()
+		println() // make it look nice after the ^C
+		logger.Debugf("[glutton ] shutting down...")
+		onErrorExit(processor.Shutdown())
+	}
+
+	defer exit()
+	onInterruptSignal(func() {
+		exit()
+		os.Exit(0)
+	})
+
+	go func() {
+		ln, err := net.Listen("tcp", ":5000")
+		onErrorExit(err)
+
+		for {
+			conn, err := ln.Accept()
+			onErrorExit(err)
+
+			go func(conn net.Conn) {
+				// TODO: Figure out how this works.
+				//conn.SetReadDeadline(time.Now().Add(time.Second * 5))
+				host, port, _ := net.SplitHostPort(conn.RemoteAddr().String())
+				ck := freki.NewConnKeyByString(host, port)
+				md := processor.Connections.GetByFlow(ck)
+
+				logger.Debugf("[glutton ] new connection: %s:%s -> %d", host, port, md.TargetPort)
+
+				if md.Rule.Name == "telnet" {
+					go glutton.HandleTelnet(conn)
+				} else if md.TargetPort == 25 {
+					go glutton.HandleSMTP(conn)
+				} else if md.TargetPort == 3389 {
+					go glutton.HandleRDP(conn)
+				} else if md.TargetPort == 21 {
+					go glutton.HandleFTP(conn)
+				} else if md.TargetPort == 5060 {
+					go glutton.HandleSIP(conn)
+				} else if md.TargetPort == 5900 {
+					go glutton.HandleRFB(conn)
+				} else {
+					snip, bufConn, err := glutton.Peek(conn, 4)
+					onErrorClose(err, conn)
+					httpMap := map[string]bool{"GET ": true, "POST": true, "HEAD": true, "OPTI": true}
+					if _, ok := httpMap[strings.ToUpper(string(snip))]; ok == true {
+						go glutton.HandleHTTP(bufConn)
+					} else {
+						go glutton.HandleTCP(bufConn)
+					}
+				}
+			}(conn)
+		}
+	}()
+
+	onErrorExit(processor.Start())
+}