-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbridge.click
More file actions
72 lines (53 loc) · 1.77 KB
/
bridge.click
File metadata and controls
72 lines (53 loc) · 1.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
rrs1::RoundRobinSched()
rrs::RoundRobinSched()
tun::KernelTun($FAKE_NETWORK)
fd::FromDevice($BRIDGE_IF, SNIFFER false)
fd_cl :: Classifier(12/0806 20/0001, 12/0806 20/0002, 12/0800)
aq::ARPQuerier($BRIDGE_IP, $BRIDGE_MAC)
elementclass FixChecksums {
// fix the IP checksum, and any embedded checksums that include data
// from the IP header (TCP and UDP in particular)
input -> SetIPChecksum
-> ipc :: IPClassifier(tcp, udp, -)
-> SetTCPChecksum
-> output;
ipc[1] -> SetUDPChecksum -> output;
ipc[2] -> output
}
/****************************KERNEL*******************************/
// Traffic coming from Kernel
tun -> MarkIPHeader(0)
-> StoreIPAddress($BRIDGE_IP, 12) // store bridge IP as the source address
-> FixChecksums // recalculate checksum
-> gs :: IPClassifier(dst net $BRIDGE_NETWORK, -)
-> GetIPAddress(16)
-> Queue
-> [0]rrs1
//tun[1] -> Queue -> ARPResponder(0/0 01:01:01:01:01:01) -> [2]rrs
// Traffic for external network
gs[1] -> SetIPAddress($GATEWAY_IP) // route via gateway
-> Queue
-> [1]rrs1
pt::PullTee -> Discard
rrs1 -> pt[1]
-> aq
-> Queue
-> rrs
-> ToDevice($BRIDGE_IF)
/*****************BRIDGE***********************/
fd -> fd_cl
// ARP Responder for the host
fd_cl[0] -> ARPResponder($BRIDGE_IP $BRIDGE_MAC)
-> Queue
-> [1]rrs
// ARP response from device
fd_cl[1] -> [1]aq;
// IP from device
fd_cl[2] -> CheckIPHeader(14)
-> ipc :: IPClassifier(dst $BRIDGE_IP) // Packets destined for the host
-> StoreIPAddress($FAKE_IP, 30) // replace the dst addr with the KernelTun address
-> FixChecksums
-> Strip(14)
-> tun
//Anything else from device
//fd_cl[3] -> Print -> tun