Add current ideas to docu
This commit is contained in:
Florian Hoss
parent
a125fb9427
commit
2b3da7d987
5 changed files with 594 additions and 191 deletions
|
|
@ -101,4 +101,65 @@ The same can be done with the esp8266 as described in this article:
|
|||
|
||||
\href{https://carvesystems.com/news/writing-a-simple-esp8266-based-sniffer/}{https://carvesystems.com/news/writing-a-simple-esp8266-based-sniffer/}
|
||||
|
||||
\newpage
|
||||
|
||||
\subsection{IwIP}
|
||||
|
||||
lwIP is a small independent implementation of the TCP/IP protocol suite and is used in the esp-core for network communication. This is the place the firewall need to check for the incoming traffic in order to drop, reject or pass packets based on the rules.
|
||||
|
||||
\cite[cf.][]{lwip}
|
||||
|
||||
\subsubsection{Analysing}
|
||||
|
||||
First step is to analyze the code to find out where the packets are getting handled. Looking in
|
||||
|
||||
\verb|~/.platformio/packages/framework-espidf/components/lwip/lwip/src/core/ipv4|
|
||||
|
||||
there is a function:
|
||||
|
||||
\verb|err_t ip4_input(struct pbuf *p, struct netif *inp)|
|
||||
|
||||
to consume all incoming packages. Simply placing a logger can quickly show that this is the place to put the firewall filter.
|
||||
|
||||
\begin{verbatim}
|
||||
if (ip4_addr4_16_val(iphdr->src) == 211)
|
||||
{
|
||||
ESP_LOGI("PROTO", "%3" U16_F, (u16_t)IPH_PROTO(iphdr));
|
||||
ESP_LOGI("IP", "% " U16_F "% " U16_F "% " U16_F "% " U16_F,
|
||||
ip4_addr1_16_val(iphdr->src),
|
||||
ip4_addr2_16_val(iphdr->src),
|
||||
ip4_addr3_16_val(iphdr->src),
|
||||
ip4_addr4_16_val(iphdr->src));
|
||||
}
|
||||
\end{verbatim}
|
||||
|
||||
Following output can be seen when sending a ping from the machine with IP-Address \verb|10.93.0.211| to the esp. ICMP is therefore marked with protocol 1.
|
||||
|
||||
\begin{verbatim}
|
||||
I (97535) PROTO: 1
|
||||
I (97535) IP: 10 93 0 211
|
||||
\end{verbatim}
|
||||
|
||||
Sending a UDP or TCP package to the ESP (IP-Address: \verb|10.93.0.246|) can be done by executing the python code in the repository.
|
||||
|
||||
\begin{verbatim}
|
||||
python3 tester.py -i 10.93.0.246 -p 80 -t TCP
|
||||
python3 tester.py -i 10.93.0.246 -p 22 -t UPD
|
||||
\end{verbatim}
|
||||
|
||||
Following output can be registered.
|
||||
|
||||
\begin{verbatim}
|
||||
I (1777105) PROTO: 6
|
||||
I (1777105) IP: 10 93 0 211
|
||||
I (1779825) PROTO: 17
|
||||
I (1779825) IP: 10 93 0 211
|
||||
\end{verbatim}
|
||||
|
||||
Looking at the printed protocols this means 6 == "TCP" and 17 == "UDP".
|
||||
|
||||
\subsubsection{Using Hook}
|
||||
|
||||
|
||||
|
||||
\subsection{Benchmark}
|
||||
|
|
|
|||
Reference in a new issue