diff --git a/.travis.yml b/.travis.yml index f7c2f1b..ed039ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,8 @@ language: go go: - 1.13.x before_install: +- sudo apt-get -y install python3-pip python3-setuptools +- pip3 install scapy - go get -u github.com/mattn/goveralls - go get -u github.com/golangci/golangci-lint/cmd/golangci-lint script: diff --git a/Makefile b/Makefile index 56bdd91..0737c33 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ export GOPRIVATE := code.cfops.it IMPORT_PATH := github.com/majek/slirpnetstack -GOFLAGS=-ldflags=-compressdwarf=false +GOFLAGS=-ldflags=-compressdwarf=false -gcflags=all="-N -l" bin/slirpnetstack: *.go go.mod go build \ diff --git a/dhcp.go b/dhcp.go new file mode 100644 index 0000000..4193a71 --- /dev/null +++ b/dhcp.go @@ -0,0 +1,119 @@ +package main + +import ( + "gvisor.dev/gvisor/pkg/tcpip" + "gvisor.dev/gvisor/pkg/tcpip/adapters/gonet" + "gvisor.dev/gvisor/pkg/tcpip/network/ipv4" + "gvisor.dev/gvisor/pkg/tcpip/stack" + + "github.com/insomniacslk/dhcp/dhcpv4" + "github.com/insomniacslk/dhcp/dhcpv4/server4" + "github.com/sirupsen/logrus" + + "github.com/coredhcp/coredhcp" + "github.com/coredhcp/coredhcp/config" + "github.com/coredhcp/coredhcp/handler" + "github.com/coredhcp/coredhcp/logger" + + "github.com/coredhcp/coredhcp/plugins" + "github.com/coredhcp/coredhcp/plugins/dns" + "github.com/coredhcp/coredhcp/plugins/nbp" + rangepl "github.com/coredhcp/coredhcp/plugins/range" + "github.com/coredhcp/coredhcp/plugins/router" + "github.com/coredhcp/coredhcp/plugins/serverid" +) + +var bootfilePlugin = plugins.Plugin{ + Name: "slirp.bootfile", + Setup4: bootfile_setup4, +} + +var desiredPlugins = []*plugins.Plugin{ + &dns.Plugin, + &rangepl.Plugin, + &router.Plugin, + &serverid.Plugin, + &nbp.Plugin, + &bootfilePlugin, +} + +func bootfile_setup4(args ...string) (handler.Handler4, error) { + h := func(req, resp *dhcpv4.DHCPv4) (*dhcpv4.DHCPv4, bool) { + resp.BootFileName = args[0] + return resp, false + } + return h, nil +} + +func setupDHCP(s *stack.Stack, state *State) error { + log := logger.GetLogger("plugins") + log.Logger.SetLevel(logrus.WarnLevel) + for _, plugin := range desiredPlugins { + if e := plugins.RegisterPlugin(plugin); e != nil { + return e + } + } + + conf := config.New() + plugins := make([]*config.PluginConfig, 0) + plugins = append(plugins, + &config.PluginConfig{ + Name: "range", + Args: []string{"/dev/null", + state.DHCPStart.String(), state.DHCPEnd.String(), + "24h"}, + }, + &config.PluginConfig{ + Name: "dns", + Args: state.DHCPDns.servers, + }, + &config.PluginConfig{ + Name: "server_id", + Args: []string{state.Host.String()}, + }) + if !state.Restricted { + plugins = append(plugins, + &config.PluginConfig{ + Name: "router", + Args: []string{state.Host.String()}, + }, + ) + } + if state.DHCPNbp != "" { + plugins = append(plugins, + &config.PluginConfig{ + Name: "nbp", + Args: []string{state.DHCPNbp}, + }, + ) + } + if state.DHCPBootfile != "" { + plugins = append(plugins, + &config.PluginConfig{ + Name: "slirp.bootfile", + Args: []string{state.DHCPBootfile}, + }, + ) + } + conf.Server4 = &config.ServerConfig{ + Plugins: plugins, + } + + server := coredhcp.NewServer(conf) + if _, _, e := server.LoadPlugins(server.Config); e != nil { + return e + } + + // no IP, this will catch broadcasted packets + addr := tcpip.FullAddress{1, "", dhcpv4.ServerPort} + if conn, e := gonet.DialUDP(s, &addr, nil, ipv4.ProtocolNumber); e != nil { + return e + } else if server4, e := server4.NewServer("", nil, server.MainHandler4, server4.WithConn(conn)); e != nil { + return e + } else { + server.Server4 = server4 + } + go server.Server4.Serve() + + return nil +} diff --git a/dnsconfig.go b/dnsconfig.go new file mode 100644 index 0000000..5daa3cc --- /dev/null +++ b/dnsconfig.go @@ -0,0 +1,50 @@ +package main + +import ( + "bufio" + "net" + "os" + "strings" +) + +type dnsConfig struct { + servers []string // server addresses + err error // any error that occurs during open of resolv.conf + unknownOpt bool // anything unknown was encountered +} + +// See resolv.conf(5) on a Linux machine. +func dnsReadConfig(filename string) *dnsConfig { + conf := &dnsConfig{} + + file, err := os.Open(filename) + if err != nil { + conf.err = err + return conf + } + defer file.Close() + + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + if len(line) > 0 && (line[0] == ';' || line[0] == '#') { + // comment. + continue + } + f := strings.Fields(line) + if len(f) < 1 { + continue + } + switch f[0] { + case "nameserver": + if len(f) > 1 && len(conf.servers) < 3 { // small, but the standard limit + if net.ParseIP(f[1]) != nil { + conf.servers = append(conf.servers, f[1]) + } + } + default: + conf.unknownOpt = true + } + } + return conf +} diff --git a/go.mod b/go.mod index 331f1b0..631ac95 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,12 @@ go 1.13 require ( github.com/cenkalti/backoff v2.2.1+incompatible // indirect + github.com/coredhcp/coredhcp v0.0.0-20200209180252-349f5927f59c github.com/golang/protobuf v1.3.3 // indirect + github.com/insomniacslk/dhcp v0.0.0-20200210095418-45e5f320b2f0 github.com/opencontainers/runtime-spec v0.1.2-0.20171211145439-b2d941ef6a78 + github.com/pin/tftp v2.1.0+incompatible + github.com/sirupsen/logrus v1.4.2 github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad // indirect golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect diff --git a/go.sum b/go.sum index ff3073a..511877e 100644 --- a/go.sum +++ b/go.sum @@ -1,53 +1,331 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= +github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM= github.com/cenkalti/backoff v0.0.0-20190506075156-2146c9339422 h1:+FKjzBIdfBHYDvxCv+djmDJdes/AoDtg8gpcxowBlF8= github.com/cenkalti/backoff v0.0.0-20190506075156-2146c9339422/go.mod h1:b6Nc7NRH5C4aCISLry0tLnTjcuTEvoiqcWDdsU0sOGM= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/chappjc/logrus-prefix v0.0.0-20180227015900-3a1d64819adb h1:aZTKxMminKeQWHtzJBbV8TttfTxzdJ+7iEJFE6FmUzg= +github.com/chappjc/logrus-prefix v0.0.0-20180227015900-3a1d64819adb/go.mod h1:xzXc1S/L+64uglB3pw54o8kqyM6KFYpTeC9Q6+qZIu8= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/coredhcp/coredhcp v0.0.0-20200209180252-349f5927f59c h1:PqZFbuVoJ7nEsY1YzbsK4i2a3W67j6PMQdKIfZSKRS0= +github.com/coredhcp/coredhcp v0.0.0-20200209180252-349f5927f59c/go.mod h1:/piWrpy4iCb6qJtXgTDy9MtDOUdYsBowJcc7Zrp/xtk= +github.com/coredhcp/plugins v0.0.0-20191121175107-a201c0b24a48/go.mod h1:hJF/oFJEhbRGGTlpw/34hdLrKVR2rhafe1g+qwez4H8= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= +github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= +github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= +github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= +github.com/go-toolsmith/astfmt v0.0.0-20180903215011-8f8ee99c3086/go.mod h1:mP93XdblcopXwlyN4X4uodxXQhldPGZbcEJIimQHrkg= +github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw= +github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU= +github.com/go-toolsmith/astp v0.0.0-20180903215135-0af7e3c24f30/go.mod h1:SV2ur98SGypH1UjcPpCatrV5hPazG6+IfNHbkDXBRrk= +github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI= +github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoMrjiy4zvdS+Bg6z9jZH82QXwkcgCBX6nOfnmdaHks= +github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc= +github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8= +github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/flock v0.6.1-0.20180915234121-886344bea079 h1:JFTFz3HZTGmgMz4E1TabNBNJljROSYgja1b4l50FNVs= github.com/gofrs/flock v0.6.1-0.20180915234121-886344bea079/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= +github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= +github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= +github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8= +github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o= +github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU= +github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= +github.com/golangci/golangci-lint v1.21.0/go.mod h1:phxpHK52q7SE+5KpPnti4oZTdFCEsn/tKN+nFvCKXfk= +github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU= +github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= +github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o= +github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA= +github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI= +github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= +github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= +github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/subcommands v0.0.0-20190508160503-636abe8753b8/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v0.0.0-20171129191014-dec09d789f3d/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/insomniacslk/dhcp v0.0.0-20200102182701-53297fb6d37d/go.mod h1:CfMdguCK66I5DAUJgGKyNz8aB6vO5dZzkm9Xep6WGvw= +github.com/insomniacslk/dhcp v0.0.0-20200210095418-45e5f320b2f0 h1:jzkAy3xl8j58ylC1cleuFZyBDCGy+swFc0cdxvVawkc= +github.com/insomniacslk/dhcp v0.0.0-20200210095418-45e5f320b2f0/go.mod h1:CfMdguCK66I5DAUJgGKyNz8aB6vO5dZzkm9Xep6WGvw= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= +github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= +github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y= +github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg= +github.com/mdlayher/raw v0.0.0-20190606144222-a54781e5f38f/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/opencontainers/runtime-spec v0.1.2-0.20171211145439-b2d941ef6a78 h1:d9F+LNYwMyi3BDN4GzZdaSiq4otb8duVEWyZjeUtOQI= github.com/opencontainers/runtime-spec v0.1.2-0.20171211145439-b2d941ef6a78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= +github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo= +github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= +github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= +github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= +github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= +github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= +github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/u-root/u-root v6.0.0+incompatible h1:YqPGmRoRyYmeg17KIWFRSyVq6LX5T6GSzawyA6wG6EE= +github.com/u-root/u-root v6.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY= +github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= +github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= +github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= +github.com/uudashr/gocognit v0.0.0-20190926065955-1655d0de0517/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= +github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= +github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/vishvananda/netlink v1.0.1-0.20190318003149-adb577d4a45e/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netns v0.0.0-20171111001504-be1fbeda1936/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad h1:W0LEBv82YCGEtcmPA3uNZBI33/qF//HAAs3MawDjRa0= github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad/go.mod h1:Hy8o65+MXnS6EwGElrSRjUzQDLXreJlzYLlWiHtt8hM= +github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M= +golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262 h1:qsl9y/CJx34tuA7QCPNp86JNJe4spst6Ff8MjvPUdPg= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= +golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gvisor.dev/gvisor v0.0.0-20200211012324-c9c7eababe54 h1:PJz9VJjG0lZe4uSZYOGZe28zq1z+DUTgb1XK6pxjSVI= gvisor.dev/gvisor v0.0.0-20200211012324-c9c7eababe54/go.mod h1:XFSKqn1yjdrTzkXKCXVEfnUFdoZN4GlQuVgnLlUnG9U= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= +mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= +mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= +sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/main.go b/main.go index a3292e3..e154dc1 100644 --- a/main.go +++ b/main.go @@ -3,6 +3,8 @@ package main import ( "flag" "fmt" + "io/ioutil" + golog "log" "math/rand" "net" "os" @@ -30,9 +32,21 @@ var ( metricAddr AddrFlags gomaxprocs int pcapPath string + net4, net6 string + dhcpDns string + dhcpBootfile string + dhcpNbp string + tftpPath string + logPkt bool + restricted bool ) func init() { + flag.StringVar(&net4, "net", "10.0.2.2/24", "IPv4 CIDR") + flag.StringVar(&net6, "net6", "2001:2::2/32", "IPv6 CIDR") + flag.StringVar(&dhcpDns, "dhcp-dns", "", "Set DHCP DNS (read from /etc/resolv.conf by default)") + flag.StringVar(&dhcpBootfile, "dhcp-bootfile", "", "Set DHCP bootfile") + flag.StringVar(&dhcpNbp, "dhcp-nbp", "", "Set DHCP NBP URL (ex: tftp://10.0.0.1/my-nbp)") flag.IntVar(&fd, "fd", -1, "Unix datagram socket file descriptor") flag.StringVar(&netNsPath, "netns", "", "path to network namespace") flag.StringVar(&ifName, "interface", "tun0", "interface name within netns") @@ -43,6 +57,9 @@ func init() { flag.Var(&metricAddr, "m", "Metrics addr") flag.IntVar(&gomaxprocs, "maxprocs", 0, "set GOMAXPROCS variable to limit cpu") flag.StringVar(&pcapPath, "pcap", "", "path to PCAP file") + flag.BoolVar(&logPkt, "logpkt", false, "Log packets") + flag.BoolVar(&restricted, "restrict", false, "If this option is enabled, the guest will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect any explicitly set forwarding rules.") + flag.StringVar(&tftpPath, "tftp", "", "TFTP server root path") } func main() { @@ -51,9 +68,18 @@ func main() { } type State struct { + Restricted bool RoutingDeny []*net.IPNet RoutingAllow []*net.IPNet + Host, Host6 net.IP + Net, Net6 *net.IPNet + + DHCPStart, DHCPEnd net.IP + DHCPDns *dnsConfig + DHCPNbp string + DHCPBootfile string + remoteUdpFwd map[string]*FwdAddr remoteTcpFwd map[string]*FwdAddr } @@ -78,6 +104,29 @@ func Main() int { flag.Parse() } + state.Restricted = restricted + + if state.Host, state.Net, err = net.ParseCIDR(net4); err != nil { + fmt.Fprintf(os.Stderr, "[!] Failed to parse -net: %s\n", err) + return 1 + } + if state.Host6, state.Net6, err = net.ParseCIDR(net6); err != nil { + fmt.Fprintf(os.Stderr, "[!] Failed to parse -net6: %s\n", err) + return 1 + } + + state.DHCPStart = append(state.DHCPStart, state.Host.To4()...) + state.DHCPStart[3] = 15 + state.DHCPEnd = append(state.DHCPEnd, state.Host.To4()...) + state.DHCPEnd[3] = 100 + if dhcpDns != "" { + state.DHCPDns = &dnsConfig{servers: []string{dhcpDns}} + } else { + state.DHCPDns = dnsReadConfig("/etc/resolv.conf") + } + state.DHCPNbp = dhcpNbp + state.DHCPBootfile = dhcpBootfile + if gomaxprocs > 0 { runtime.GOMAXPROCS(gomaxprocs) } @@ -166,18 +215,34 @@ func Main() int { defer pcapFile.Close() } + if logPkt { + log.SetLevel(log.Debug) + linkEP = sniffer.New(linkEP) + } if err = createNIC(s, 1, linkEP); err != nil { panic(fmt.Sprintf("Failed to createNIC: %s", err)) } - StackRoutingSetup(s, 1, "10.0.2.2/24") + StackRoutingSetup(s, 1, state.Host, state.Net) StackPrimeArp(s, 1, netParseIP("10.0.2.100")) - StackRoutingSetup(s, 1, "2001:2::2/32") + StackRoutingSetup(s, 1, state.Host6, state.Net6) doneChannel := make(chan bool) + // Silence insomniacslk/dhcp... + golog.SetOutput(ioutil.Discard) + if err = setupDHCP(s, &state); err != nil { + fmt.Fprintf(os.Stderr, "[!] Failed to setup DHCP: %s\n", err) + return 1 + } + + if err = setupTFTP(s, &state, tftpPath); err != nil { + fmt.Fprintf(os.Stderr, "[!] Failed to setup TFTP: %s\n", err) + return 1 + } + for _, lf := range localFwd { var srv Listener switch lf.network { diff --git a/routing.go b/routing.go index 17c9e2e..94e8fb5 100644 --- a/routing.go +++ b/routing.go @@ -47,7 +47,7 @@ func UdpRoutingHandler(s *stack.Stack, state *State) func(*udp.ForwarderRequest) go func() { if rf != nil { RemoteForward(conn, rf) - } else { + } else if !state.Restricted { RoutingForward(conn, loc) } }() @@ -90,7 +90,7 @@ func TcpRoutingHandler(state *State) func(*tcp.ForwarderRequest) { go func() { if rf != nil { RemoteForward(conn, rf) - } else { + } else if !state.Restricted { RoutingForward(conn, loc) } }() diff --git a/stack.go b/stack.go index 1be9ed9..f6f404b 100644 --- a/stack.go +++ b/stack.go @@ -145,12 +145,7 @@ func MustSubnet(ipNet *net.IPNet) *tcpip.Subnet { return &subnet } -func StackRoutingSetup(s *stack.Stack, nic tcpip.NICID, assignNet string) { - ipAddr, ipNet, err := net.ParseCIDR(assignNet) - if err != nil { - panic(fmt.Sprintf("Unable to ParseCIDR(%s): %s", assignNet, err)) - } - +func StackRoutingSetup(s *stack.Stack, nic tcpip.NICID, ipAddr net.IP, ipNet *net.IPNet) { if ipAddr.To4() != nil { s.AddAddress(nic, ipv4.ProtocolNumber, tcpip.Address(ipAddr.To4())) } else { diff --git a/tests/base.py b/tests/base.py index c79d4fe..182d0cc 100644 --- a/tests/base.py +++ b/tests/base.py @@ -13,6 +13,8 @@ import tempfile import unittest +from scapy.all import StreamSocket, sndrcv, Ether, conf, Route, ARP + LIBC = ctypes.CDLL("libc.so.6") SLIRPNETSTACKBIN = os.environ.get('SLIRPNETSTACKBIN') DEBUG = bool(os.environ.get('DEBUG')) @@ -231,6 +233,11 @@ def assertTcpRefusedError(self, ip="127.0.0.1", port=0): s.recv(1024) self.assertEqual(e.exception.errno, errno.ECONNREFUSED) + def assertTcpTimeout(self, ip, port): + with self.assertRaises(socket.timeout) as e: + s = utils.connect(ip, port, cleanup=self) + s.recv(1024) + def assertStartSync(self, p, fd=False): if not fd: self.assertIn("[.] Join", p.stderr_line()) @@ -243,6 +250,78 @@ def assertListenLine(self, p, in_pattern): return int(line.split(":")[-1]) +def withFd(): + def decorate(fn): + fn_name = fn.__name__ + @functools.wraps(fn) + def maybe(*args, **kw): + sp = socket.socketpair(type=socket.SOCK_DGRAM) + os.set_inheritable(sp[0].fileno(), True) + self = args[0] + p = self.prun("-fd %d" % sp[0].fileno(), close_fds=False, netns=False) + self.assertStartSync(p, fd=True) + kw['fd'] = sp[1] + ret = fn(*args, **kw) + sp[0].close() + sp[1].close() + return ret + return maybe + return decorate + + +class testScapySocket(object): + def __init__(self, fd): + ss = StreamSocket(fd) + ss.basecls = Ether + self.ss = ss + conf.route = Route() # reinitializes the route based on the NS + # send a gratious ARP to tell our MAC/IP + arp = ARP() + self.e = Ether(src=arp.hwsrc, dst='70:71:aa:4b:29:aa') + self.send(arp) + + def send(self, x): + self.ss.send(self.e / x) + + def recv(self, x): + # this is not symmetrical with send, which appends Ether + # header, but ss.basecls will strip it of: not sure if that's + # the best way of doing things in fact, but that seem to work.. + return self.ss.recv(x) + + def fileno(self): + return self.ss.fileno() + + def sr1(self, x, checkIPaddr=True, *args, **kwargs): + conf.checkIPaddr = checkIPaddr + ans, _ = sndrcv(self.ss, self.e / x, *args, **kwargs) + return ans[0][1] + + def sr(self, x, checkIPaddr=True, *args, **kwargs): + conf.checkIPaddr = checkIPaddr + return sndrcv(self.ss, self.e / x, *args, **kwargs) + + +def withScapy(): + def decorate(fn): + fn_name = fn.__name__ + @functools.wraps(fn) + def maybe(*args, **kw): + sp = socket.socketpair(type=socket.SOCK_DGRAM) + os.set_inheritable(sp[0].fileno(), True) + self = args[0] + arg = kw.pop('parg', '') + p = self.prun(arg + " -fd %d" % sp[0].fileno(), close_fds=False, netns=False) + self.assertStartSync(p, fd=True) + kw['s'] = testScapySocket(sp[1]) + ret = fn(*args, **kw) + sp[0].close() + sp[1].close() + return ret + return maybe + return decorate + + def isolateHostNetwork(): def decorate(fn): fn_name = fn.__name__ diff --git a/tests/data/resolv.conf b/tests/data/resolv.conf new file mode 100644 index 0000000..88ea58c --- /dev/null +++ b/tests/data/resolv.conf @@ -0,0 +1,8 @@ +# /etc/resolv.conf + +domain localdomain +nameserver 8.8.8.8 +nameserver 2001:4860:4860::8888 +nameserver fe80::1 +options ndots:5 timeout:10 attempts:3 rotate +options attempts 3 diff --git a/tests/test_basic.py b/tests/test_basic.py index 11a6eca..06ba08d 100644 --- a/tests/test_basic.py +++ b/tests/test_basic.py @@ -1,11 +1,13 @@ from . import base from . import utils +from ipaddress import IPv4Address import os import socket import struct import unittest import urllib.request +from scapy.all import * class BasicTest(base.TestCase): def test_help(self): @@ -16,6 +18,24 @@ def test_help(self): e = p.stderr_line() self.assertIn("Usage of ", e) + def test_net(self): + ''' Basic test if -net parses succesfully. ''' + p = self.prun("-net 12.12.0.1/23") + self.assertStartSync(p) + p.close() + p = self.prun("-net 12.12.foo/23") + self.assertIn("invalid CIDR", p.stderr_line()) + p = self.prun("-net 12.12.32.23") + self.assertIn("invalid CIDR", p.stderr_line()) + + p = self.prun("-net6 2002:1::2/32") + self.assertStartSync(p) + p.close() + p = self.prun("-net6 2002:1::foo/32") + self.assertIn("invalid CIDR", p.stderr_line()) + p = self.prun("-net6 2002:1::2") + self.assertIn("invalid CIDR", p.stderr_line()) + def test_basic_ping(self): ''' Due to how netstack is configured, we will answer to ping against any IP. Let's test it!. @@ -28,6 +48,11 @@ def test_basic_ping(self): r = os.system("ping -q 1.1.1.1 -c 1 -n > /dev/null") self.assertEqual(r, 0) + def test_logpkt(self): + ''' Check -logpkt ''' + p = self.prun("-logpkt") + self.assertStartSync(p) + def test_pcap(self): ''' Check -pcap capture ''' pcap = self.get_tmp_filename("test.pcap") @@ -46,12 +71,9 @@ def test_pcap(self): # sometimes see some other packet at 76 bytes (arp?) self.assertIn(captured_length, (28,76)) - def test_fd(self): + @base.withFd() + def test_fd(self, fd): ''' Check inherinting tuntap fd with -fd option ''' - sp = socket.socketpair(type=socket.SOCK_DGRAM) - os.set_inheritable(sp[0].fileno(), True) - p = self.prun("-fd %d" % sp[0].fileno(), close_fds=False, netns=False) - self.assertStartSync(p, fd=True) # 10.0.2.15->10.0.2.2 ICMP Echo (ping) request ping = bytes.fromhex(''' 52 55 0a 00 02 02 70 71 aa 4b 29 aa 08 00 45 00 @@ -61,13 +83,32 @@ def test_fd(self): 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37'''.replace('\n','').replace(' ', '')) - sp[1].sendall(ping) + fd.sendall(ping) while True: - pong = sp[1].recv(1024) + pong = fd.recv(1024) if pong[14+9] == 1 and pong[14+20] == 0: #ICMP and echo reply break - sp[0].close() - sp[1].close() + + @base.withScapy() + def test_ping(self, s): + ''' Test Scapy ping ''' + pkt = s.sr1(IP(dst="10.0.2.2")/ICMP()) + self.assertEqual(pkt[ICMP].type, 0) + + @base.withScapy() + def _scapy_echo(self, s): + from scapy.layers import http + get_sc = lambda *args, **kwargs: s + l = TCP_client.tcplink(http.HTTP, "192.0.2.5", 80, ll=get_sc, recvsock=get_sc) + l.send(http.HTTPRequest()) + req = l.recv() + self.assertIn('GET', req.summary()) + l.close() + + def test_scapy_echo(self): + ''' Test a fancy HTTP request echo with Scapy ''' + echo_port = self.start_tcp_echo() + self._scapy_echo(parg="-R 192.0.2.5:80:127.0.0.1:%s" % echo_port) def test_basic_connection(self): ''' Test connection reset on netstack IP. Netstack is not supposed to @@ -127,6 +168,16 @@ def test_metric(self): self.assertIn(b"Types of profiles available:", f.read(300)) + @base.isolateHostNetwork() + def test_restrict(self): + ''' Test -restrict ''' + echo_port = self.start_tcp_echo() + p = self.prun("-restrict") + self.assertStartSync(p) + with self.guest_netns(): + self.assertTcpTimeout(ip="192.168.1.100", port=echo_port) + + class RoutingTest(base.TestCase): @base.isolateHostNetwork() def test_tcp_routing(self): @@ -526,3 +577,109 @@ def test_tcp_pp_local_fwd_v6(self): s.close() self.assertIn("abcd::1", read_log()) self.assertIn("local-fwd PP done", p.stdout_line()) + + +class TFTPTest(base.TestCase): + @base.withScapy() + def tftp_serve(self, s): + get_sc = lambda *args, **kwargs: s + r = TFTP_read("data/resolv.conf", "10.0.2.2", ll=get_sc, recvsock=get_sc).run() + self.assertIn("8.8.8.8", r.decode()) + + with self.assertRaisesRegex(scapy.automaton.Automaton.ErrorState, "File not found"): + TFTP_read("a-missing-file", "10.0.2.2", ll=get_sc, recvsock=get_sc).run() + + def test_tftp(self): + ''' Test TFTP sever ''' + testdir = os.path.dirname(__file__) + self.tftp_serve(parg='-tftp %s' % testdir) + + +class DHCPTest(base.TestCase): + @base.withScapy() + def test_dhcp_v4(self, s): + ''' Test DHCPv4 discover ''' + bootp = BOOTP(xid=RandInt()) + dhcp = DHCP(options=[("message-type","discover"),"end"]) + p = IP(src='0.0.0.0', dst='255.255.255.255')/UDP(sport=68,dport=67)/bootp/dhcp + pkt = s.sr1(p, checkIPaddr=False) + # BOOTREPLY + self.assertEqual(pkt[BOOTP].op, 2) + addr = IPv4Address(pkt[BOOTP].yiaddr) + self.assertGreaterEqual(addr, IPv4Address('10.0.2.15')) + self.assertLess(addr, IPv4Address('10.0.2.100')) + for o in pkt[DHCP].options: + if o[0] in ('router', 'server_id'): + self.assertEqual(o[1], '10.0.2.2') + opts = [o[0] for o in pkt[DHCP].options if isinstance(o, tuple)] + self.assertIn('router', opts) + self.assertIn('name_server', opts) + self.assertIn('lease_time', opts) + self.assertIn('server_id', opts) + + @base.withScapy() + def dhcp_and_net(self, s): + bootp = BOOTP(xid=RandInt()) + dhcp = DHCP(options=[("message-type","discover"),"end"]) + p = IP(src='0.0.0.0', dst='255.255.255.255')/UDP(sport=68,dport=67)/bootp/dhcp + pkt = s.sr1(p, checkIPaddr=False) + # BOOTREPLY + self.assertEqual(pkt[BOOTP].op, 2) + addr = IPv4Address(pkt[BOOTP].yiaddr) + self.assertGreaterEqual(addr, IPv4Address('12.34.56.15')) + self.assertLess(addr, IPv4Address('12.34.56.100')) + + def test_dhcp_and_net(self): + ''' Test DHCPv4 and -net ''' + self.dhcp_and_net(parg='-net 12.34.56.1/16') + + @base.withScapy() + def dhcp_dns(self, s): + bootp = BOOTP(xid=RandInt()) + dhcp = DHCP(options=[("message-type","discover"),"end"]) + p = IP(src='0.0.0.0', dst='255.255.255.255')/UDP(sport=68,dport=67)/bootp/dhcp + pkt = s.sr1(p, checkIPaddr=False) + # BOOTREPLY + for o in pkt[DHCP].options: + if o[0] == 'name_server': + self.assertEqual(o[1], '8.8.8.8') + return + self.fail() + + def test_dhcp_dns(self): + ''' Test DHCPv4 DNS option ''' + self.dhcp_dns(parg='-dhcp-dns 8.8.8.8') + + @base.withScapy() + def dhcp_nbp(self, s): + bootp = BOOTP(xid=RandInt()) + dhcp = DHCP(options=[("message-type","discover"),"end"]) + p = IP(src='0.0.0.0', dst='255.255.255.255')/UDP(sport=68,dport=67)/bootp/dhcp + pkt = s.sr1(p, checkIPaddr=False) + # BOOTREPLY + bootFileName=None + tftpServerName=None + for o in pkt[DHCP].options: + if o[0] == 'boot-file-name': + bootFileName = o[1].decode() + elif o[0] in (66, 'tftp-server-name'): # FIXME: scapy doesn't know that field? + tftpServerName = o[1].decode() + self.assertEqual(bootFileName, '/my-nbp') + self.assertEqual(tftpServerName, '10.0.0.1') + + def test_dhcp_nbp(self): + ''' Test DHCPv4 NBP option ''' + self.dhcp_nbp(parg='-dhcp-nbp tftp://10.0.0.1/my-nbp') + + @base.withScapy() + def dhcp_bootfile(self, s): + bootp = BOOTP(xid=RandInt()) + dhcp = DHCP(options=[("message-type","discover"),"end"]) + p = IP(src='0.0.0.0', dst='255.255.255.255')/UDP(sport=68,dport=67)/bootp/dhcp + pkt = s.sr1(p, checkIPaddr=False) + # BOOTREPLY + self.assertEqual(pkt[BOOTP].file.decode().rstrip('\0'), 'http://boot.netboot.xyz/') + + def test_dhcp_bootfile(self): + ''' Test DHCPv4 bootfile option ''' + self.dhcp_bootfile(parg='-dhcp-bootfile http://boot.netboot.xyz/') diff --git a/tftp.go b/tftp.go new file mode 100644 index 0000000..19b3dad --- /dev/null +++ b/tftp.go @@ -0,0 +1,59 @@ +package main + +import ( + "errors" + "fmt" + "io" + "os" + "path/filepath" + "strings" + + "gvisor.dev/gvisor/pkg/tcpip" + "gvisor.dev/gvisor/pkg/tcpip/adapters/gonet" + "gvisor.dev/gvisor/pkg/tcpip/network/ipv4" + "gvisor.dev/gvisor/pkg/tcpip/stack" + + "github.com/pin/tftp" +) + +func setupTFTP(s *stack.Stack, state *State, rootPath string) error { + if rootPath == "" { + return nil + } + + if abs, err := filepath.Abs(rootPath); err != nil { + fmt.Fprintf(os.Stderr, "Invalid TFTP root path: %v\n", err) + return err + } else { + rootPath = abs + } + + server := tftp.NewServer(func(filename string, rf io.ReaderFrom) error { + filename = filepath.Join(rootPath, filename) + if !strings.HasPrefix(filename, rootPath) { + fmt.Fprintf(os.Stderr, "Invalid filename %v\n", filename) + return errors.New("Invalid filename") + } + + file, err := os.Open(filename) + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + return err + } + if _, err := rf.ReadFrom(file); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + return err + } + return nil + }, nil) + server.EnableSinglePort() + + addr := tcpip.FullAddress{1, tcpip.Address(state.Host), 69} + if conn, e := gonet.DialUDP(s, &addr, nil, ipv4.ProtocolNumber); e != nil { + return e + } else { + go server.Serve(conn) + } + + return nil +} diff --git a/util_test.go b/util_test.go new file mode 100644 index 0000000..22b5ebe --- /dev/null +++ b/util_test.go @@ -0,0 +1,31 @@ +package main + +import ( + "reflect" + "testing" +) + +var dnsReadConfigTests = []struct { + name string + want *dnsConfig +}{ + { + name: "tests/data/resolv.conf", + want: &dnsConfig{ + servers: []string{"8.8.8.8", "2001:4860:4860::8888", "fe80::1"}, + unknownOpt: true, + }, + }, +} + +func TestDNSReadConfig(t *testing.T) { + for _, tt := range dnsReadConfigTests { + conf := dnsReadConfig(tt.name) + if conf.err != nil { + t.Fatal(conf.err) + } + if !reflect.DeepEqual(conf, tt.want) { + t.Errorf("%s:\ngot: %+v\nwant: %+v", tt.name, conf, tt.want) + } + } +}