Accueil Explorer Aide
Connexion
AetherVPN
/
slackhq.nebula
miroir de https://github.com/slackhq/nebula.git
3
0
Fork 0
Fichiers Tickets 0 Wiki
Branche: multiport
Branches Tags
slackhq.nebula
/
firewall
/
packet.go

packet.go 2.0 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. package firewall
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"fmt"
    6. 

  6. 	mathrand "math/rand"
    7. 

  7. 	"net/netip"
    8. 

  8. )
    9. 

  9. 

  10. type m = map[string]any
    11. 

  11. 

  12. const (
    13. 

  13. 	ProtoAny    = 0 // When we want to handle HOPOPT (0) we can change this, if ever
    14. 

  14. 	ProtoTCP    = 6
    15. 

  15. 	ProtoUDP    = 17
    16. 

  16. 	ProtoICMP   = 1
    17. 

  17. 	ProtoICMPv6 = 58
    18. 

  18. 

  19. 	PortAny      = 0  // Special value for matching `port: any`
    20. 

  20. 	PortFragment = -1 // Special value for matching `port: fragment`
    21. 

  21. )
    22. 

  22. 

  23. type Packet struct {
    24. 

  24. 	LocalAddr  netip.Addr
    25. 

  25. 	RemoteAddr netip.Addr
    26. 

  26. 	LocalPort  uint16
    27. 

  27. 	RemotePort uint16
    28. 

  28. 	Protocol   uint8
    29. 

  29. 	Fragment   bool
    30. 

  30. }
    31. 

  31. 

  32. func (fp *Packet) Copy() *Packet {
    33. 

  33. 	return &Packet{
    34. 

  34. 		LocalAddr:  fp.LocalAddr,
    35. 

  35. 		RemoteAddr: fp.RemoteAddr,
    36. 

  36. 		LocalPort:  fp.LocalPort,
    37. 

  37. 		RemotePort: fp.RemotePort,
    38. 

  38. 		Protocol:   fp.Protocol,
    39. 

  39. 		Fragment:   fp.Fragment,
    40. 

  40. 	}
    41. 

  41. }
    42. 

  42. 

  43. func (fp Packet) MarshalJSON() ([]byte, error) {
    44. 

  44. 	var proto string
    45. 

  45. 	switch fp.Protocol {
    46. 

  46. 	case ProtoTCP:
    47. 

  47. 		proto = "tcp"
    48. 

  48. 	case ProtoICMP:
    49. 

  49. 		proto = "icmp"
    50. 

  50. 	case ProtoUDP:
    51. 

  51. 		proto = "udp"
    52. 

  52. 	default:
    53. 

  53. 		proto = fmt.Sprintf("unknown %v", fp.Protocol)
    54. 

  54. 	}
    55. 

  55. 	return json.Marshal(m{
    56. 

  56. 		"LocalAddr":  fp.LocalAddr.String(),
    57. 

  57. 		"RemoteAddr": fp.RemoteAddr.String(),
    58. 

  58. 		"LocalPort":  fp.LocalPort,
    59. 

  59. 		"RemotePort": fp.RemotePort,
    60. 

  60. 		"Protocol":   proto,
    61. 

  61. 		"Fragment":   fp.Fragment,
    62. 

  62. 	})
    63. 

  63. }
    64. 

  64. 

  65. // UDPSendPort calculates the UDP port to send from when using multiport mode.
    66. 

  66. // The result will be from [0, numBuckets)
    67. 

  67. func (fp Packet) UDPSendPort(numBuckets int) uint16 {
    68. 

  68. 	if numBuckets <= 1 {
    69. 

  69. 		return 0
    70. 

  70. 	}
    71. 

  71. 

  72. 	// If there is no port (like an ICMP packet), pick a random UDP send port
    73. 

  73. 	if fp.LocalPort == 0 {
    74. 

  74. 		return uint16(mathrand.Intn(numBuckets))
    75. 

  75. 	}
    76. 

  76. 

  77. 	// A decent enough 32bit hash function
    78. 

  78. 	// Prospecting for Hash Functions
    79. 

  79. 	// - https://nullprogram.com/blog/2018/07/31/
    80. 

  80. 	// - https://github.com/skeeto/hash-prospector
    81. 

  81. 	//   [16 21f0aaad 15 d35a2d97 15] = 0.10760229515479501
    82. 

  82. 	x := (uint32(fp.LocalPort) << 16) | uint32(fp.RemotePort)
    83. 

  83. 	x ^= x >> 16
    84. 

  84. 	x *= 0x21f0aaad
    85. 

  85. 	x ^= x >> 15
    86. 

  86. 	x *= 0xd35a2d97
    87. 

  87. 	x ^= x >> 15
    88. 

  88. 

  89. 	return uint16(x) % uint16(numBuckets)
    90. 

  90. }
    91.