shramos
GOOSE messages not being parsed by function
Hi,
I'm trying to create a function which filters for GOOSE messages.
First i setup polymorph to be in capture mode with a goose filter(capture -i lo -f goose). So I inject a single GOOSE message (attached is the pcap) via tcpreplay (tcpreplay -i lo Single\ GOOSE.pcapng) into the lo and it is detected and a template generated. But then when i go to use intercept -localhost and i inject again, the packet never appears. The function i am using to verify this is:
def funco(packet): print("hi") return packet
So when i inject a packet, of any kind, i should see hi printed on the terminal, but I never see a "hi" when i inject a GOOSE message. I can confirm via wireshark that the messages are appearing at my lo.
Any help would be appreciated
Using: Ubuntu 20.04 python 3.8 polymorph 2.0.5 (installed via pip3)
Incase anyone runs in to similar trouble as me, it seems to be a limitation stemming from iptables. It just wont forward non-ip packets such as GOOSE. i explored changing to nftables or ebtables, but there's no support for netftilerqueue (NFQUEUE) as an output. This means a fair chunk of work would need to be done in order to get this functionality implemented.
Hi @ConorShore ,
That's right. This is also related to your question about access to the ETH layer. However, access to the ETH layer can be implemented in a relatively "simple" way, but what you are requesting in this case, would mean to stop using netfilterqueue as a library to perform the interception. I'm going to take a look at it in detail and evaluate if this could be implemented in any way.
