diff --git a/nfq2/lua.c b/nfq2/lua.c index 241e868..d8ad3ca 100644 --- a/nfq2/lua.c +++ b/nfq2/lua.c @@ -1664,11 +1664,10 @@ void lua_pushf_ctrack_pos(lua_State *L, const t_ctrack *ctrack, const t_ctrack_p LUA_STACK_GUARD_LEAVE(L, 0) } -void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming) +void lua_push_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming) { LUA_STACK_GUARD_ENTER(L) - lua_pushliteral(L, "track"); if (ctrack) { if (!tpos) tpos = &ctrack->pos; @@ -1677,8 +1676,6 @@ void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_posit if (ctrack->incoming_ttl) lua_pushf_int(L, "incoming_ttl", ctrack->incoming_ttl); - else - lua_pushf_nil(L, "incoming_ttl"); lua_pushf_str(L, "l7proto", l7proto_str(ctrack->l7proto)); lua_pushf_str(L, "hostname", ctrack->hostname); if (ctrack->hostname) lua_pushf_bool(L, "hostname_is_ip", ctrack->hostname_is_ip); @@ -1720,6 +1717,16 @@ void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_posit } else lua_pushnil(L); + + LUA_STACK_GUARD_LEAVE(L, 1) +} + +void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming) +{ + LUA_STACK_GUARD_ENTER(L) + + lua_pushliteral(L, "track"); + lua_push_ctrack(L, ctrack, tpos, bIncoming); lua_rawset(L,-3); LUA_STACK_GUARD_LEAVE(L, 0) @@ -2872,8 +2879,8 @@ static int luacall_rawsend_dissect(lua_State *L) uint32_t fwmark; sockaddr_in46 sa; bool b, badsum, keepsum, ip6_preserve_next; - uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16))); uint8_t last_proto; + uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16))); len = sizeof(buf); @@ -2893,6 +2900,52 @@ static int luacall_rawsend_dissect(lua_State *L) LUA_STACK_GUARD_RETURN(L,1) } +static int luacall_conntrack_feed(lua_State *L) +{ + // rawsend(dissect, reconstruct_opts) return track,bOutgoing + lua_check_argc_range(L,"conntrack_feed",1,3); + + LUA_STACK_GUARD_ENTER(L) + + if (params.ctrack_disable) + goto err; + else + { + size_t len; + bool badsum, keepsum, ip6_preserve_next, bReverse; + uint8_t last_proto; + struct dissect dis; + t_ctrack *ctrack; + uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16))); + + len = sizeof(buf); + + luaL_checktype(L,1,LUA_TTABLE); + lua_reconstruct_extract_options(L, 2, &keepsum, &badsum, &ip6_preserve_next, &last_proto); + + if (!lua_reconstruct_dissect(L, 1, buf, &len, keepsum, badsum, last_proto, ip6_preserve_next)) + luaL_error(L, "invalid dissect data"); + + proto_dissect_l3l4(buf, len, &dis, false); + + ConntrackPoolPurge(¶ms.conntrack); + if (ConntrackPoolFeed(¶ms.conntrack, &dis, &ctrack, &bReverse)) + { + lua_push_ctrack(L, ctrack, NULL, bReverse); + lua_pushboolean(L, !bReverse); // outgoing + } + else + goto err; + } + +ex: + LUA_STACK_GUARD_RETURN(L,2) +err: + lua_pushnil(L); + lua_pushnil(L); + goto ex; +} + static int luacall_get_source_ip(lua_State *L) { // get_source_ip(target_ip) @@ -4125,6 +4178,9 @@ static void lua_init_functions(void) {"rawsend",luacall_rawsend}, {"rawsend_dissect",luacall_rawsend_dissect}, + // conntrack inject packet + {"conntrack_feed",luacall_conntrack_feed}, + // get source addr when connecting to specified target addr {"get_source_ip",luacall_get_source_ip}, // get os interface intformation diff --git a/nfq2/lua.h b/nfq2/lua.h index d7b055c..c0e9c52 100644 --- a/nfq2/lua.h +++ b/nfq2/lua.h @@ -101,6 +101,7 @@ void lua_push_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len); void lua_pushf_ip6hdr(lua_State *L, const struct ip6_hdr *ip6, size_t len); void lua_push_dissect(lua_State *L, const struct dissect *dis); void lua_pushf_dissect(lua_State *L, const struct dissect *dis); +void lua_push_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming); void lua_pushf_ctrack(lua_State *L, const t_ctrack *ctrack, const t_ctrack_positions *tpos, bool bIncoming); void lua_pushf_args(lua_State *L, const struct str2_list_head *args, int idx_desync, bool subst_prefix); void lua_pushf_pos(lua_State *L, const char *name, const struct packet_pos *pos);