func TestInquisitorSourceReceiveOne(t *testing.T) {
_, dispatcher, sniffer := SetupTestInquisitor()
ip := layers.IPv4{
SrcIP: net.IP{1, 2, 3, 4},
DstIP: net.IP{2, 3, 4, 5},
Version: 4,
TTL: 64,
Protocol: layers.IPProtocolTCP,
}
tcp := layers.TCP{
Seq: 3,
SYN: false,
SrcPort: 1,
DstPort: 2,
}
flow := types.NewTcpIpFlowFromLayers(ip, tcp)
p := types.PacketManifest{
Timestamp: time.Now(),
Flow: flow,
IP: ip,
TCP: tcp,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
log.Print("before receive packet")
dispatcher.ReceivePacket(&p)
log.Print("after receive packet")
connsChan := dispatcher.GetObservedConnectionsChan(1)
log.Print("fu1")
<-connsChan
log.Print("fu2")
log.Print("after connsChan receive")
conns := dispatcher.Connections()
log.Print("fu3")
if len(conns) != 1 {
t.Fatalf("number of connections %d is not 1", len(conns))
}
conn := conns[0]
mockConn := conn.(*MockConnection)
log.Print("listen to packet observer chan")
<-mockConn.packetObserverChan
sniffer.Stop()
}
func TestInquisitorResetTwice(t *testing.T) {
_, dispatcher, sniffer := SetupTestInquisitor()
startSeq := 3
ip1 := layers.IPv4{
SrcIP: net.IP{1, 2, 3, 4},
DstIP: net.IP{2, 3, 4, 5},
Version: 4,
TTL: 64,
Protocol: layers.IPProtocolTCP,
}
tcp1 := layers.TCP{
Seq: uint32(startSeq),
SYN: false,
RST: true,
SrcPort: 1,
DstPort: 2,
}
flow1 := types.NewTcpIpFlowFromLayers(ip1, tcp1)
packet1 := types.PacketManifest{
Timestamp: time.Now(),
Flow: flow1,
IP: ip1,
TCP: tcp1,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
ip2 := layers.IPv4{
SrcIP: net.IP{1, 2, 3, 4},
DstIP: net.IP{2, 3, 4, 5},
Version: 4,
TTL: 64,
Protocol: layers.IPProtocolTCP,
}
tcp2 := layers.TCP{
Seq: uint32(startSeq + len(packet1.Payload)),
SYN: false,
RST: true,
SrcPort: 1,
DstPort: 2,
}
flow2 := types.NewTcpIpFlowFromLayers(ip2, tcp2)
packet2 := types.PacketManifest{
Timestamp: time.Now(),
Flow: flow2,
IP: ip2,
TCP: tcp2,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
connsChan := dispatcher.GetObservedConnectionsChan(1)
dispatcher.ReceivePacket(&packet1)
<-connsChan
conns := dispatcher.Connections()
if len(conns) != 1 {
t.Fatalf("number of connections %d is not 1", len(conns))
}
conn := conns[0]
mockConn := conn.(*MockConnection)
<-mockConn.packetObserverChan
conns = dispatcher.Connections()
if len(conns) != 1 {
t.Fatalf("number of connections %d is not 1", len(conns))
}
conn = conns[0]
mockConn = conn.(*MockConnection)
dispatcher.ReceivePacket(&packet2)
<-mockConn.packetObserverChan
sniffer.Stop()
}
func TestStateDataTransfer(t *testing.T) {
options := ConnectionOptions{
MaxBufferedPagesTotal: 0,
MaxBufferedPagesPerConnection: 0,
MaxRingPackets: 40,
PageCache: nil,
LogDir: "fake-log-dir",
AttackLogger: NewDummyAttackLogger(),
}
f := &DefaultConnFactory{}
conn := f.Build(options).(*Connection)
conn.state = TCP_DATA_TRANSFER
clientRingCount := 0
ip := layers.IPv4{
SrcIP: net.IP{1, 2, 3, 4},
DstIP: net.IP{2, 3, 4, 5},
Version: 4,
TTL: 64,
Protocol: layers.IPProtocolTCP,
}
tcp := layers.TCP{
Seq: 3,
SYN: false,
SrcPort: 1,
DstPort: 2,
}
flow := types.NewTcpIpFlowFromLayers(ip, tcp)
p := types.PacketManifest{
Timestamp: time.Now(),
Flow: flow,
IP: ip,
TCP: tcp,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
conn.serverFlow = flow
conn.clientFlow = flow.Reverse()
conn.clientNextSeq = 9666
conn.serverNextSeq = 3
conn.ReceivePacket(&p)
if conn.state != TCP_DATA_TRANSFER {
t.Error("invalid state transition\n")
t.Fail()
}
clientRingCount = conn.ClientStreamRing.Prev().Count()
if clientRingCount != 1 {
t.Errorf("clientRingCount %d not correct", clientRingCount)
t.Fail()
}
// next set of tests
tcp = layers.TCP{
Seq: 10,
SYN: false,
SrcPort: 1,
DstPort: 2,
}
p = types.PacketManifest{
Timestamp: time.Now(),
Flow: flow,
IP: ip,
TCP: tcp,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
conn.ReceivePacket(&p)
if conn.state != TCP_DATA_TRANSFER {
t.Error("invalid state transition\n")
t.Fail()
}
clientRingCount = conn.ClientStreamRing.Prev().Count()
if clientRingCount != 2 {
t.Errorf("clientRingCount %d not correct", clientRingCount)
t.Fail()
}
// next test
tcp = layers.TCP{
Seq: 5,
SYN: false,
SrcPort: 1,
DstPort: 2,
}
p = types.PacketManifest{
Timestamp: time.Now(),
Flow: flow,
IP: ip,
TCP: tcp,
Payload: []byte{1, 2, 3, 4, 5, 6, 7},
}
conn.ReceivePacket(&p)
if conn.state != TCP_DATA_TRANSFER {
t.Error("invalid state transition\n")
t.Fail()
}
clientRingCount = conn.ClientStreamRing.Prev().Count()
if clientRingCount != 2 {
t.Errorf("clientRingCount %d not correct", clientRingCount)
t.Fail()
}
}
func main() {
defer util.Run()()
var eth layers.Ethernet
var dot1q layers.Dot1Q
var ip4 layers.IPv4
var ip6 layers.IPv6
var ip6extensions layers.IPv6ExtensionSkipper
var tcp layers.TCP
var payload gopacket.Payload
decoded := make([]gopacket.LayerType, 0, 4)
// target/track all TCP flows from this TCP/IP service endpoint
trackedFlows := make(map[types.TcpIpFlow]int)
serviceIP := net.ParseIP(*serviceIPstr)
if serviceIP == nil {
panic(fmt.Sprintf("non-ip target: %q\n", serviceIPstr))
}
serviceIP = serviceIP.To4()
if serviceIP == nil {
panic(fmt.Sprintf("non-ipv4 target: %q\n", serviceIPstr))
}
streamInjector := attack.TCPStreamInjector{}
err := streamInjector.Init("0.0.0.0")
if err != nil {
panic(err)
}
streamInjector.Payload = []byte("meowmeowmeow")
handle, err := pcap.OpenLive(*iface, int32(*snaplen), true, pcap.BlockForever)
if err != nil {
log.Fatal("error opening pcap handle: ", err)
}
if err := handle.SetBPFFilter(*filter); err != nil {
log.Fatal("error setting BPF filter: ", err)
}
parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet,
ð, &dot1q, &ip4, &ip6, &ip6extensions, &tcp, &payload)
flow := &types.TcpIpFlow{}
log.Print("collecting packets...\n")
for {
data, ci, err := handle.ZeroCopyReadPacketData()
if err != nil {
log.Printf("error getting packet: %v %s", err, ci)
continue
}
err = parser.DecodeLayers(data, &decoded)
if err != nil {
log.Printf("error decoding packet: %v", err)
continue
}
// if we see a flow coming from the tcp/ip service we are watching
// then track how many packets we receive from each flow
if tcp.SrcPort == layers.TCPPort(*servicePort) && ip4.SrcIP.Equal(serviceIP) {
flow = types.NewTcpIpFlowFromLayers(ip4, tcp)
_, isTracked := trackedFlows[*flow]
if isTracked {
trackedFlows[*flow] += 1
} else {
trackedFlows[*flow] = 1
}
} else {
continue
}
// after 3 packets from a given flow then inject packets into the stream
if trackedFlows[*flow]%10 == 0 {
err = streamInjector.SetIPLayer(ip4)
if err != nil {
panic(err)
}
streamInjector.SetTCPLayer(tcp)
err = streamInjector.SpraySequenceRangePackets(tcp.Seq, 20)
if err != nil {
panic(err)
}
log.Print("packet spray sent!\n")
}
}
}
