nfqws2: conntrack_feed()

nfq2/lua.c

@@ -1664,11 +1664,10 @@ void lua_pushf_ctrack_pos(lua_State *L, const t_ctrack *ctrack, const t_ctrack_p
 	LUA_STACK_GUARD_LEAVE(L, 0)
 }
 
-void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming)
+void lua_push_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming)
 {
 	LUA_STACK_GUARD_ENTER(L)
 
-	lua_pushliteral(L, "track");
 	if (ctrack)
 	{
 		if (!tpos) tpos = &ctrack->pos;
@@ -1677,8 +1676,6 @@ void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_posit
 
 		if (ctrack->incoming_ttl)
 			lua_pushf_int(L, "incoming_ttl", ctrack->incoming_ttl);
-		else
-			lua_pushf_nil(L, "incoming_ttl");
 		lua_pushf_str(L, "l7proto", l7proto_str(ctrack->l7proto));
 		lua_pushf_str(L, "hostname", ctrack->hostname);
 		if (ctrack->hostname) lua_pushf_bool(L, "hostname_is_ip", ctrack->hostname_is_ip);
@@ -1720,6 +1717,16 @@ void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_posit
 	}
 	else
 		lua_pushnil(L);
+
+	LUA_STACK_GUARD_LEAVE(L, 1)
+}
+
+void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming)
+{
+	LUA_STACK_GUARD_ENTER(L)
+
+	lua_pushliteral(L, "track");
+	lua_push_ctrack(L, ctrack, tpos, bIncoming);
 	lua_rawset(L,-3);
 
 	LUA_STACK_GUARD_LEAVE(L, 0)
@@ -2872,8 +2879,8 @@ static int luacall_rawsend_dissect(lua_State *L)
 	uint32_t fwmark;
 	sockaddr_in46 sa;
 	bool b, badsum, keepsum, ip6_preserve_next;
-	uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16)));
 	uint8_t last_proto;
+	uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16)));
 
 	len = sizeof(buf);
 
@@ -2893,6 +2900,52 @@ static int luacall_rawsend_dissect(lua_State *L)
 	LUA_STACK_GUARD_RETURN(L,1)
 }
 
+static int luacall_conntrack_feed(lua_State *L)
+{
+	// rawsend(dissect, reconstruct_opts) return track,bOutgoing
+	lua_check_argc_range(L,"conntrack_feed",1,3);
+
+	LUA_STACK_GUARD_ENTER(L)
+
+	if (params.ctrack_disable)
+		goto err;
+	else
+	{
+		size_t len;
+		bool badsum, keepsum, ip6_preserve_next, bReverse;
+		uint8_t last_proto;
+		struct dissect dis;
+		t_ctrack *ctrack;
+		uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16)));
+
+		len = sizeof(buf);
+
+		luaL_checktype(L,1,LUA_TTABLE);
+		lua_reconstruct_extract_options(L, 2, &keepsum, &badsum, &ip6_preserve_next, &last_proto);
+
+		if (!lua_reconstruct_dissect(L, 1, buf, &len, keepsum, badsum, last_proto, ip6_preserve_next))
+			luaL_error(L, "invalid dissect data");
+
+		proto_dissect_l3l4(buf, len, &dis, false);
+
+		ConntrackPoolPurge(&params.conntrack);
+		if (ConntrackPoolFeed(&params.conntrack, &dis, &ctrack, &bReverse))
+		{
+			lua_push_ctrack(L, ctrack, NULL, bReverse);
+			lua_pushboolean(L, !bReverse); // outgoing
+		}
+		else
+			goto err;
+	}	
+
+ex:
+	LUA_STACK_GUARD_RETURN(L,2)
+err:
+	lua_pushnil(L);
+	lua_pushnil(L);
+	goto ex;
+}
+
 static int luacall_get_source_ip(lua_State *L)
 {
 	// get_source_ip(target_ip)
@@ -4125,6 +4178,9 @@ static void lua_init_functions(void)
 		{"rawsend",luacall_rawsend},
 		{"rawsend_dissect",luacall_rawsend_dissect},
 
+		// conntrack inject packet
+		{"conntrack_feed",luacall_conntrack_feed},
+
 		// get source addr when connecting to specified target addr
 		{"get_source_ip",luacall_get_source_ip},
 		// get os interface intformation

nfq2/lua.h

@@ -101,6 +101,7 @@ void lua_push_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len);
 void lua_pushf_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len);
 void lua_push_dissect(lua_State *L, const struct dissect *dis);
 void lua_pushf_dissect(lua_State *L, const struct dissect *dis);
+void lua_push_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming);
 void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming);
 void lua_pushf_args(lua_State *L, const struct str2_list_head *args, int idx_desync, bool subst_prefix);
 void lua_pushf_pos(lua_State *L, const char *name, const struct packet_pos *pos);