2017-09-27 13:44:02 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"net"
|
2017-09-28 09:35:05 +00:00
|
|
|
"time"
|
2017-09-27 21:56:07 +00:00
|
|
|
"github.com/mkideal/cli"
|
2017-09-27 13:44:02 +00:00
|
|
|
)
|
|
|
|
|
|
2017-09-27 21:56:07 +00:00
|
|
|
type knockArguments struct {
|
|
|
|
|
cli.Helper
|
|
|
|
|
WhitelistPort int `cli:'wp' usage:'The port to launch the whitelist server on'`
|
|
|
|
|
GatewayPort int `cli:'gp' usage:'The port to protect'`
|
|
|
|
|
Destination string `cli:'d' usage:'The destination to relay traffic to'`
|
2017-09-28 09:35:05 +00:00
|
|
|
Timeout int64 `cli:'t' usage:'Time in seconds after which a whitelist entry will be removed'`
|
2017-09-27 21:56:07 +00:00
|
|
|
}
|
|
|
|
|
|
2017-09-28 09:35:05 +00:00
|
|
|
var whitelist = make(map[string]int64)
|
2017-09-27 21:56:07 +00:00
|
|
|
var arguments *knockArguments
|
2017-09-27 13:44:02 +00:00
|
|
|
|
|
|
|
|
func main() {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Parse command line arguments
|
2017-09-27 21:56:07 +00:00
|
|
|
cli.Run(new(knockArguments), func(ctx *cli.Context) error {
|
|
|
|
|
arguments = ctx.Argv() . (*knockArguments)
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
|
2017-09-28 10:11:54 +00:00
|
|
|
// Launch listeners
|
2017-09-27 21:56:07 +00:00
|
|
|
go listener(arguments.WhitelistPort, whitelist_handler)
|
|
|
|
|
listener(arguments.GatewayPort, gateway_handler)
|
2017-09-27 14:24:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func listener(port int, listen_func func(c net.Conn)) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Set up listening sockets on specified port and hand over to specified listen_func
|
2017-09-27 14:24:38 +00:00
|
|
|
ln, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
|
2017-09-27 13:44:02 +00:00
|
|
|
|
|
|
|
|
if err != nil {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[ERR] Creating listener for Port ", port)
|
2017-09-28 08:56:36 +00:00
|
|
|
fmt.Println(" Error is ", err)
|
2017-09-27 13:44:02 +00:00
|
|
|
} else {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[OK ] Creating listener for Port ", port)
|
2017-09-27 13:44:02 +00:00
|
|
|
for {
|
|
|
|
|
conn, err := ln.Accept()
|
|
|
|
|
if err != nil {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[ERR] Accepting on Port ", port)
|
2017-09-27 13:44:02 +00:00
|
|
|
} else {
|
2017-09-27 14:24:38 +00:00
|
|
|
go listen_func(conn)
|
2017-09-27 13:44:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-27 14:24:38 +00:00
|
|
|
func whitelist_handler(c net.Conn) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Handler function for whitelist socket connections, whitelisting the connecting host
|
2017-09-27 13:44:02 +00:00
|
|
|
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
|
|
|
|
|
2017-09-27 14:44:52 +00:00
|
|
|
io.WriteString(c, fmt.Sprintf("Knock Knock, %s.", host))
|
2017-09-27 14:24:38 +00:00
|
|
|
add_to_whitelist(host)
|
|
|
|
|
c.Close()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func gateway_handler(c net.Conn) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Filter connections whether or not the connecting host is whitelisted
|
2017-09-27 14:24:38 +00:00
|
|
|
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
|
|
|
|
|
2017-09-27 13:44:02 +00:00
|
|
|
if is_whitelisted(host) {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[OK ] Whitelisted host ", host, " connected")
|
2017-09-28 09:54:10 +00:00
|
|
|
update_whitelist_time(host)
|
2017-09-27 14:40:29 +00:00
|
|
|
proxy(c)
|
2017-09-27 13:44:02 +00:00
|
|
|
} else {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[BLK] Blocking host ", host)
|
2017-09-27 13:44:02 +00:00
|
|
|
}
|
|
|
|
|
c.Close()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func add_to_whitelist(addr string) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Add the specified address to the whitelist
|
2017-09-27 13:44:02 +00:00
|
|
|
if ! is_whitelisted(addr) {
|
2017-09-28 09:35:05 +00:00
|
|
|
update_whitelist_time(addr)
|
2017-09-27 13:44:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-28 09:35:05 +00:00
|
|
|
func remove_from_whitelist(addr string) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Remove specified address from whitelist
|
2017-09-28 09:35:05 +00:00
|
|
|
delete(whitelist, addr)
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-27 13:44:02 +00:00
|
|
|
func is_whitelisted(addr string) bool {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Check whether or not the specified address is whitelisted and inside the timing window
|
2017-09-28 09:35:05 +00:00
|
|
|
if _, present := whitelist[addr]; present {
|
|
|
|
|
// Key is present in whitelist map
|
|
|
|
|
if (whitelist[addr] + arguments.Timeout) >= time.Now().Unix() {
|
|
|
|
|
// AND we are still in the timing window
|
|
|
|
|
update_whitelist_time(addr)
|
2017-09-27 13:44:02 +00:00
|
|
|
return true
|
2017-09-28 09:35:05 +00:00
|
|
|
} else {
|
|
|
|
|
// But we're outside of the timing window
|
|
|
|
|
remove_from_whitelist(addr)
|
|
|
|
|
return false
|
2017-09-27 13:44:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-09-28 09:35:05 +00:00
|
|
|
// Entry is not present.
|
2017-09-27 13:44:02 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2017-09-27 14:40:29 +00:00
|
|
|
|
2017-09-28 09:35:05 +00:00
|
|
|
func update_whitelist_time(addr string) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Update whitelist - prevent timeout of connection
|
2017-09-28 09:35:05 +00:00
|
|
|
whitelist[addr] = time.Now().Unix()
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-27 14:40:29 +00:00
|
|
|
func proxy(c net.Conn) {
|
2017-09-28 10:11:54 +00:00
|
|
|
// Proxy connection between the destination server and our connecting client
|
2017-09-27 21:56:07 +00:00
|
|
|
ln, err := net.Dial("tcp", arguments.Destination)
|
2017-09-27 14:40:29 +00:00
|
|
|
if err != nil {
|
2017-09-27 21:08:23 +00:00
|
|
|
fmt.Println("[ERR] Proxy connection to server failed")
|
2017-09-28 08:56:36 +00:00
|
|
|
fmt.Println(" Error is ", err)
|
2017-09-27 14:40:29 +00:00
|
|
|
} else {
|
|
|
|
|
go io.Copy(c, ln)
|
|
|
|
|
io.Copy(ln, c)
|
|
|
|
|
}
|
|
|
|
|
}
|
