nodeman/nodeman.click at master · MirrorZ/nodeman · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
/** For mesh node (Do not make changes) **/

/* Make changes to this AddressInfo element and use it.
   Change REAL_* fields, the FAKE_* doesn't need to be changed usually

   CTRL+F and replace all occurences of eth0(or wlan0) with your own device

   Clear your routing table of all entries, then run this script.

   # ip route flush table 0

   While this script is running, add a route through the fake device using :
   	# ip route add default via FAKE_IP
	like
	# ip route add default via 10.0.0.1

*/

/*
$MESH_IFNAME	Name of the mesh interface
$MESH_IP_ADDR 	IP of the mesh interface
$MESH_NETWORK   Network of the mesh network (Assumed /24)
$MESH_ETH	ETH of the mesh interface
$FAKE_IP	IP of the Fake Device (KernelTAP)
$FAKE_ETH	ETH of the Fake Device (KernelTAP)
$FAKE_NETWORK   Network of the Fake Device (Assumed /24)
*/

// AddressInfo(
// 	REAL_IP 192.168.42.99,
// 	REAL_NETWORK 192.168.42.1/24,
// //	REAL_MAC AC-72-89-25-05-30,
// //	REAL_MAC 00-18-F3-81-1A-B5,
// //	REAL_MAC E8-94-F6-26-25-A5,
// //	REAL_MAC 02-61-67-30-68-59,
// //	REAL_MAC C0-4A-00-23-BA-BD,
// //	REAL_MAC E8-DE-27-09-06-20,
// 	REAL_MAC C4-6E-1F-11-C1-E9,
// 	//FAKE_IP 10.0.0.1,
// 	FAKE_MAC 1A-2B-3C-4D-5E-6F,
// 	//FAKE_NETWORK 10.0.0.1/8
// 	)

// Takes traffic from kernel through Kernel tap and sends it to eth0

kernel_tap :: KernelTap($FAKE_NETWORK, ETHER $FAKE_ETH)

//Add host's IP address

real_arp_handler :: ARPQuerier($MESH_IP_ADDR, $MESH_ETH);
fake_arp_responder :: ARPResponder(0/0 01:01:01:01:01:01);
self_arp_responder :: ARPResponder($MESH_IP_ADDR $MESH_ETH)

fh_cl :: Classifier(12/0806 20/0001, 12/0800, -)
fd_cl :: Classifier(12/0806 20/0001, 12/0806 20/0002, 12/0800, 12/0700, 12/0701, -)

fd :: FromDevice($MESH_IFNAME, SNIFFER false)
rrs :: RoundRobinSched()
gate_selector :: GatewaySelector()

//rrs2 :: RoundRobinSched()

elementclass FixChecksums {
    // fix the IP checksum, and any embedded checksums that include data
    // from the IP header (TCP and UDP in particular)
    input -> SetIPChecksum
        -> ipc :: IPClassifier(tcp, udp, -)
        -> SetTCPChecksum
        -> output;
    ipc[1] -> SetUDPChecksum -> output;
    ipc[2] -> output
}

kernel_tap ->
//Print(ComingFromKernel_Tap) ->
fh_cl;

//ARP request from Host
fh_cl[0] //-> Print(ARPRequestFromKernel_Tap)
	 -> fake_arp_responder
	  //  -> Print(FakeARPResponseToKernel_Tap, MAXLENGTH 200)
	  -> kernel_tap;

rrs1::RoundRobinSched()

//IP from Host
fh_cl[1] //-> Print(IPFromHostPING?, MAXLENGTH 98)
 	 -> Strip(14)				// remove crap Ether header
         -> MarkIPHeader(0)
         -> StoreIPAddress($MESH_IP_ADDR, src)	// store real address as source (Host's IP address)
         -> FixChecksums                        // recalculate checksum

/*
	The IPClassifier (gs) does not seem to REALLY do something useful. The LOCAL and REMOTE IP Packets are split here. Annotations are set
	in both cases. Then they are combined back using a roundrobin and a pulltee. This seems like unnecessary overhead.
	A possibly better way seems to be that we pass both local and remote into the GatewaySelector (differnet input ports) and then
	let the selector set the appropriate annotation. Once annotations are set, both kinds of packets should be sent out on
	the output[0] which is directly connected to ToDevice($MESH_IFNAME) element, thereby reducing a lot of unnecessary overhead.
*/

	 -> gs :: IPClassifier(dst net $MESH_NETWORK, -)
	 -> GetIPAddress(16)
	 -> Queue(1)
	 -> [0]rrs1

fh_cl[2] //-> Print(OtherPacketFromHost)
	 -> Discard;

/* gate_selector , for the case that no gates are present on the network. It should push the packets
out of output[1] (currently not implemented) right here which should then be discarded. This will reduce
the packet roaming in the network and then eventually dying as there are no gates. This will hopefully
reduce some unnecessary traffic. Also, this will relieve us of the ugly hack used in gatewayselector.cc
where we return 0.0.0.0 which messes up the arp querier later. So it makes sense to keep it here and
simply discard, after maybe printing a warning.
*/

gs[1] //-> Print("ToGateSelector")
      -> [0]gate_selector[0]
      //-> Print("AfterGateSelector")
      -> Queue -> [1]rrs1
gate_selector[1]
//	-> Print(DiscardedGateSelector)
	-> Discard;

rrs1 -> pt::PullTee -> Discard

/* This case of real_arp_handler can be avoided if gate_selector automatically frames the IP packet into
the correct L2 Frame. This will help in some gain as this element is going away. Since we already have
the correct IP EtH mapping inside the gatewaySelector element, it makes sense to just frame it there
and push it to ToDevice() and not use real_arp_handler
*/

pt[1]	 -> [0]real_arp_handler
//	 -> Print(AfterARPQ, MAXLENGTH 200)
//	 -> IPPrint()
	 -> Queue -> [0]rrs;

rrs -> ToDevice($MESH_IFNAME);
//rrs2 -> pt :: PullTee[1] ->[0]real_arp_handler -> Queue -> [0]rrs;
//pt[0] -> Discard;

//From Device to CLassifier
fd -> fd_cl; //Print(FromDevice)
   -> fd_cl;

// ARP req from device
// ARPResponder to resolve requests for host's IP
// Replace it with host's IP address and MAC address
fd_cl[0] -> self_arp_responder ->  Queue -> [1]rrs
self_arp_responder[1] ->  Discard;

//ARP response from device
fd_cl[1] ->  [1]real_arp_handler;

/* It doesn't make sense to send this ARP Response back to the kernel
Because we have already sent back the FAKE MAC (1:1:1:1:1:1) and the arp
table has an entry for that. This results in two entries for the same IP
CONFIRMED and FIXED. REMOVE THIS.
// t[1] -> kernel_tap;
*/

//IP from device
fd_cl[2] //-> Print(IPFromDevice, MAXLENGTH 200)
	 -> CheckIPHeader(14)
         // check for responses from the test network
	 //        -> ipc :: IPClassifier(src net 192.168.42.1/24, -)
	 ->ipc :: IPClassifier(dst $MESH_IP_ADDR, -)
          // replace the real destination address with the fake address
         -> StoreIPAddress($FAKE_IP, 30)
         -> FixChecksums
	  //	-> Print(fd_cl2, MAXLENGTH 200)
	 -> Strip(14)
	 -> EtherEncap(0x0800, $MESH_ETH, $FAKE_ETH)
         -> kernel_tap

//Do not Forward IP packets not meant for the host
ipc[1] -> Discard;

//Broadcasts coming from Gate using mac-ping (Replacement for mon0 as too many packets)
fd_cl[3] //-> Print(GoingIntoGateSelector[1])
-> [1]gate_selector;

fd_cl[4] -> [2]gate_selector;

//Anything else from device
fd_cl[5] // -> Print(GoingToKernelTapDirectly)
	   -> kernel_tap