Testing routing with MAC addresses

daemon/include/CovertChannel/ProxyChannel.h

@@ -21,7 +21,8 @@ public:
 	 * @param relayOnly true - server only relays traffic | false - server redirects traffic over another relay
 	 */
 	ProxyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &partnerIP,
-	             const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const bool relayOnly);
+	             const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const std::string &ownMAC,
+	             const std::string &originMAC, const std::string &channelGatewayMAC, const std::string &gatewayMAC, const bool relayOnly);
 
 	/**
 	 * Destroys the CovertChannel.
@@ -71,6 +72,11 @@ protected:
 	const Tins::IPv4Address partnerAddress;
 	const Tins::IPv4Address originAddress;
 	const Tins::IPv4Address targetAddress;
+
+	const Tins::HWAddress<6> ownMAC;
+	const Tins::HWAddress<6> channelGatewayMAC;
+	const Tins::HWAddress<6> gatewayMAC;
+	const Tins::HWAddress<6> originMAC;
 };
 
 #endif

daemon/src/CovertChannel/ProxyChannel.cpp

@@ -2,30 +2,35 @@
 #include <iostream>
 
 ProxyChannel::ProxyChannel(const std::string &innerInterface, const std::string &outerInterface, const std::string &ownIP, const std::string &partnerIP,
-                           const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const bool relayOnly)
-    : CovertChannel(innerInterface, outerInterface, "not (tcp and src host " + originIP + " and dst host " + targetIP + " and dst port " + targetPort + ")",
-
-                    "not (tcp and src host " + targetIP + " and dst host " + ownIP + " and src port " + targetPort + ")",
-
+                           const std::string &originIP, const std::string &targetIP, const std::string &targetPort, const std::string &ownMAC,
+                           const std::string &originMAC, const std::string &channelGatewayMAC, const std::string &gatewayMAC, const bool relayOnly)
+    : CovertChannel(innerInterface, outerInterface,
+                    "not (tcp and src host " + originIP + " and dst host " + targetIP + " and dst port " + targetPort + ") and not(dst host " + ownIP + ")",
+                    "not (tcp and src host " + targetIP + " and dst host " + ownIP + " and src port " + targetPort + ") and not(dst host " + ownIP + ")",
                     "tcp and src host " + originIP + " and dst host " + targetIP + " and dst port " + targetPort,
-
                     "tcp and src host " + targetIP + " and dst host " + ownIP + " and src port " + targetPort,
-
                     "tcp and src host " + partnerIP + " and dst host " + ownIP + " and dst port " + targetPort),
-      relayOnly(relayOnly), ownAddress(ownIP), partnerAddress(partnerIP), originAddress(originIP), targetAddress(targetIP) {}
+
+      relayOnly(relayOnly), ownAddress(ownIP), partnerAddress(partnerIP), originAddress(originIP), targetAddress(targetIP), ownMAC(ownMAC),
+      channelGatewayMAC(channelGatewayMAC), gatewayMAC(gatewayMAC), originMAC(originMAC) {}
 
 ProxyChannel::~ProxyChannel() {}
 
 bool ProxyChannel::handleChannelFromOuter(Tins::PDU &pdu) {
 	// TODO: check in a list how to route it and who send the request for this answer
 
+	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
 	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
 	if (relayOnly) {
 		// redirect to partner
+		eth.src_addr(ownMAC);
+		eth.dst_addr(channelGatewayMAC);
 		ip.src_addr(ownAddress);
 		ip.dst_addr(partnerAddress);
 		outerSender.send(pdu);
 	} else {
+		eth.src_addr(gatewayMAC);
+		eth.dst_addr(originMAC);
 		ip.src_addr(targetAddress);
 		ip.dst_addr(originAddress);
 		innerSender.send(pdu);
@@ -35,12 +40,15 @@ bool ProxyChannel::handleChannelFromOuter(Tins::PDU &pdu) {
 }
 
 bool ProxyChannel::handleChannelFromInner(Tins::PDU &pdu) {
+	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
 	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
 	if (relayOnly) {
 		std::cerr << "Fixme: packet cannot be routed back so it's dropped here!!!" << std::endl;
 		// outerSender.send(pdu);
 		// TODO: add pdu to a list to check later how to route it
 	} else {
+		eth.src_addr(ownMAC);
+		eth.dst_addr(channelGatewayMAC);
 		ip.src_addr(ownAddress);
 		ip.dst_addr(partnerAddress);
 		outerSender.send(pdu);
@@ -50,15 +58,17 @@ bool ProxyChannel::handleChannelFromInner(Tins::PDU &pdu) {
 }
 
 bool ProxyChannel::handlePartnerFromOuter(Tins::PDU &pdu) {
+	Tins::EthernetII &eth = pdu.rfind_pdu<Tins::EthernetII>();
 	Tins::IP &ip = pdu.rfind_pdu<Tins::IP>();
 	if (relayOnly) {
-		// redirect to partner
+		// redirect to target
 		ip.src_addr(ownAddress);
 		ip.dst_addr(targetAddress);
 		outerSender.send(pdu);
 		std::cout << "relay" << std::endl;
 	} else {
-		// should already be addressed right
+		eth.src_addr(gatewayMAC);
+		eth.dst_addr(ownMAC);
 		ip.src_addr(targetAddress);
 		ip.dst_addr(originAddress);
 		innerSender.send(pdu);

daemon/src/main.cpp

@@ -28,7 +28,12 @@ int main(int argc, char *argv[]) {
 		const string targetIP = Config::getValue("targetIP");
 		const string targetPort = Config::getValue("targetPort");
 		const string relayMode = Config::getValue("relayMode");
-		covertchannel = new ProxyChannel(innerInterface, outerInterface, ownIP, partnerIP, originIP, targetIP, targetPort, relayMode == "true");
+		const string ownMAC = Config::getValue("ownMAC");
+		const string originMAC = Config::getValue("originMAC");
+		const string gatewayMAC = Config::getValue("gatewayMAC");
+		const string channelGatewayMAC = Config::getValue("channelGatewayMAC");
+		covertchannel = new ProxyChannel(innerInterface, outerInterface, ownIP, partnerIP, originIP, targetIP, targetPort, ownMAC, originMAC, channelGatewayMAC,
+		                                 gatewayMAC, relayMode == "true");
 
 		// covertchannel = new ForwardChannel(innerInterface, outerInterface);
 		covertchannel->startSniffing();