JakeHillion/dissertation-2-code
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
The code for my dissertation.
70 Commits 4 Branches 0 Tags 257 KiB
Go 97.6%
Lua 1.7%
Makefile 0.7%
45b201156a
Go to file
Jake Hillion 45b201156a
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Merge branch 'develop' into security
2020-12-24 18:12:37 +00:00
config formatting fixes 2020-12-21 14:51:32 +00:00
crypto Security start 2020-11-29 22:06:38 +00:00
mocks functional udp 2020-11-27 20:17:59 +00:00
proxy fixed formatting 2020-12-21 14:38:54 +00:00
shared refactored timestamping 2020-11-28 17:15:56 +00:00
tcp Security start 2020-11-29 22:06:38 +00:00
tun refactored timestamping 2020-11-28 17:15:56 +00:00
udp Merge branch 'develop' into security 2020-12-21 14:50:53 +00:00
utils udp testing 2020-11-26 22:10:37 +00:00
.drone.yml resigned reformatted dronefile 2020-12-21 14:43:15 +00:00
.gitignore added makefile 2020-11-02 17:44:30 +00:00
go.mod Security start 2020-11-29 22:06:38 +00:00
go.sum first configuration 2020-10-23 20:07:15 +01:00
LICENSE Added License 2020-12-24 18:11:43 +00:00
main.go udp testing 2020-11-26 22:10:37 +00:00
Makefile initial udp code 2020-11-26 18:55:29 +00:00
README.md readme 2020-11-25 14:38:22 +00:00

README.md

A Multi-Path Bidirectional Layer 3 Proxy

Setup Notes

Linux

Policy Based Routing

ip route flush 10
ip route add table 10 to 1.1.1.0/24 dev eth1
ip rule add from 1.1.1.4 table 10 priority 10

ip route flush 11
ip route add table 11 to 1.1.1.0/24 dev eth2
ip rule add from 1.1.1.5 table 11 priority 11

ARP Flux

sysctl -w net.ipv4.conf.all.arp_announce=1
sysctl -w net.ipv4.conf.all.arp_ignore=1

See http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP

Setup Scripts

These are functional setup scripts that make the application run as intended on Linux. They should later be split into component parts, or incorporated into the main application.

Remote Portal

#!/bin/bash
set -e

# IPv4 Forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.proxy_arp=1

# Tunnel addr/up
ip addr add 172.19.152.2/31 dev nc0
ip link set up nc0

# Deliberately break local routing
ip rule add from all table local priority 20
ip rule del 0 || true

# Route packets to the interface but for nc to this host
ip rule add to 1.1.1.3 dport 1234 table local priority 9

# Route packets to the interface but not for nc via the tunnel
ip route flush 10
ip route add table 10 to 1.1.1.3 via 172.19.152.3 dev nc0
ip rule add to 1.1.1.3 table 10 priority 10

Local Portal

#!/bin/bash
set -e

# Fix ARP
sysctl -w net.ipv4.conf.all.arp_announce=1
sysctl -w net.ipv4.conf.all.arp_ignore=1

# IPv4 Forwarding
sysctl -w net.ipv4.ip_forward=1

# Tunnel addr/up
ip addr add 172.19.152.3/31 dev nc0
ip link set up nc0

# Fix routing out of the correct interfaces
ip route flush 10
ip route add table 10 to 1.1.1.0/24 dev eth1
ip rule add from 1.1.1.4 table 10 priority 10

ip route flush 11
ip route add table 11 to 1.1.1.0/24 dev eth2
ip rule add from 1.1.1.5 table 11 priority 11

# Route packets from the remote portal's address on the client interface via the tunnel
ip route flush 12
ip route add table 12 to 1.1.1.0/24 via 172.19.152.2 dev nc0
ip rule add from 1.1.1.3 iif eth3 table 12 priority 12

# Route packets to the remote portal's address out of the client interface
ip route flush 13
ip route add table 13 to 1.1.1.3 dev eth3
ip rule add to 1.1.1.3 table 13 priority 13

Client

No configuration needed. Simply set the IP to that of the remote server/32 with a gateway of 192.168.1.1.