packet.proxy design do not permit to set verdict on received packages #1202
Description
Hello,
this issue is not really a bug in itself but more a design problem I encountered while trying to use the packet.proxy module with a custom plugin.
I noticed than since the update of the nfqueue package for florian's one at 7605f4a, it was not possible anymore to set the package verdict directly from the bettercap plugin:
func dummyCallback(attribute nfqueue.Attribute) int {
if mod.queueCb != nil {
return mod.queueCb(attribute)
} else {
id := *attribute.PacketID
mod.Info("[%d] %v", id, *attribute.Payload)
mod.queue.SetVerdict(id, nfqueue.NfAccept)
return 0
}
}Here we can see that the queueCb function (the user's plugin OnPacket function) has no access to the Nfqueue object associated with the netfilter queue, but only the Attribute object associated with the packet itself. In the end it imply that received packets are always dropped because it is not possible to set a verdict for them.
I tried to re-create an Nfqueue object withe the same number in my plugin:
package main
import (
"github.com/bettercap/bettercap/v2/log"
nfqueue "github.com/florianl/go-nfqueue/v2"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"syscall"
"time"
)
var queue *nfqueue.Nfqueue
func OnStart() int {
config := nfqueue.Config{
NfQueue: uint16(0),
Copymode: nfqueue.NfQnlCopyPacket,
AfFamily: syscall.AF_INET,
MaxPacketLen: 0xFFFF,
MaxQueueLen: 0xFF,
WriteTimeout: 15 * time.Millisecond,
}
queue, _ = nfqueue.Open(&config)
log.Info("Packet proxy started!")
return 0
}
func OnPacket(attribute nfqueue.Attribute) int {
id := *attribute.PacketID
packet := gopacket.NewPacket(*attribute.Payload, layers.LayerTypeIPv4, gopacket.Default)
ipLayer := packet.Layer(layers.LayerTypeIPv4)
if ipLayer != nil {
ip, _ := ipLayer.(*layers.IPv4)
log.Info("SrcIP: %s, DstIP: %s", ip.SrcIP, ip.DstIP)
err := queue.SetVerdict(id, nfqueue.NfAccept)
if err != nil {
log.Info("Error!")
return 1
}
}
return 0
}but even though it compiles, it does not seem to be possible to have multiple handles for a same queue because the received packages are not accepted even with the SetVerdict(id, nfqueue.NfAccept). Maybe I'm doing it wrong and if so, I'm sorry for the useless issue.
Environment
Please provide:
- Bettercap version you are using (
bettercap -version). - bettercap v2.41.0 (built for linux amd64 with go1.24.3)
- NixOS amd64
- Command line arguments you are using.
bettercap - Caplet code you are using or the interactive session commands.
run('set packet.proxy.chain INPUT')
run('set packet.proxy.rule "-d 192.168.1.127 -p tcp"')
run('set packet.proxy.plugin "./result/plugin.so"')Steps to Reproduce
Expected behavior: packets should be transmitted
Actual behavior: They can' for the reasons explained above