diff --git a/README.md b/README.md
index 8a3bca3..2ab273a 100644
--- a/README.md
+++ b/README.md
@@ -3,13 +3,12 @@
# drawbridge
-drawbridge description
+**drawbridge** simplifies local nfqueue queues
-and witty subtitle
+without sacrificing performance?
[Installation](#installation) •
[Examples](#examples) •
-[Frequently Asked Questions](#faq) •
[Contributing](#contributing) •
[License](#license)
@@ -17,21 +16,29 @@ and witty subtitle
## Installation
### with pip
-TBD
+Eventually, install with `pip install drawbridge`, maybe.
+
+For now, clone the repo, navigate to it, and run `pip install .`. You'll need a Linux system for nfqueue.
## Examples
-TBD
+See the examples directory for a WebSocket example.
-## FAQ
+```python
+from drawbridge import DrawBridge
-**What problem does drawbridge solve?**
+def my_packet_handler(raw_packet):
+ # do things to the raw packet, like
+ # from scapy.all import *
+ # pkt = IP(raw_packet)
+ # ...
+ # return bytes(pkt)
+ return raw_packet
-TBD
-
-**What's your roadmap?**
-
-TBD
+db = DrawBridge()
+db.add_queue(my_packet_handler, src_port=80)
+db.run()
+```
## Contributing
diff --git a/drawbridge/drawbridge.py b/drawbridge/drawbridge.py
index 9aa8467..085afd5 100644
--- a/drawbridge/drawbridge.py
+++ b/drawbridge/drawbridge.py
@@ -22,7 +22,7 @@ class DrawBridge:
dst_ip: Optional[str] = None,
src_port: Optional[int] = None,
dst_port: Optional[int] = None,
- protocol: Optional[str] = "",
+ protocol: Optional[str] = "tcp",
override: bool = False,
):
try:
diff --git a/drawbridge/net_queue.py b/drawbridge/net_queue.py
index 19bcc18..f648bf9 100644
--- a/drawbridge/net_queue.py
+++ b/drawbridge/net_queue.py
@@ -8,7 +8,7 @@ from typing import Union
import iptc
from .utils.logger import logger
-from .utils.lookup import PROTOCOLS, ALL_TABLES, PREROUTING_MANGLE
+from .utils.lookup import PROTOCOLS, ALL_TABLES, OUTGOING_MANGLE
class NetQueue:
@@ -20,7 +20,7 @@ class NetQueue:
dst_ip: Optional[str] = None,
src_port: Optional[int] = None,
dst_port: Optional[int] = None,
- protocol: Optional[str] = "",
+ protocol: Optional[str] = "tcp",
override: bool = False,
):
self.callback = self.validate_callable(callback)
@@ -37,18 +37,26 @@ class NetQueue:
rule = iptc.Rule()
target = iptc.Target(rule, "NFQUEUE")
target.set_parameter("queue-num", str(self.queue))
- if self.protocol:
- match = iptc.Match(rule, self.protocol)
- rule.add_match(match)
+ rule.protocol = self.protocol
+ match = rule.create_match(self.protocol)
+ if self.dst_port:
+ match.dport = str(self.dst_port)
+ if self.src_port:
+ match.sport = str(self.src_port)
+ match = iptc.Match(rule, "iprange")
+ if self.src_ip:
+ match.src_range = str(self.src_ip)
+ if self.dst_ip:
+ match.dst_range = str(self.dst_ip)
rule.target = target
return rule
def write_rule(self):
- PREROUTING_MANGLE.insert_rule(self.rule)
+ OUTGOING_MANGLE.insert_rule(self.rule)
def delete_rule(self):
try:
- PREROUTING_MANGLE.delete_rule(self.rule)
+ OUTGOING_MANGLE.delete_rule(self.rule)
except iptc.ip4tc.IPTCError:
logger.warning("Failed to delete rule, it may have already been deleted")
diff --git a/drawbridge/utils/lookup.py b/drawbridge/utils/lookup.py
index 9c13582..fa33cdb 100644
--- a/drawbridge/utils/lookup.py
+++ b/drawbridge/utils/lookup.py
@@ -29,4 +29,5 @@ PROTOCOLS = {
}
ALL_TABLES = [iptc.Table(t) for t in iptc.Table.ALL]
-PREROUTING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.MANGLE), "PREROUTING")
\ No newline at end of file
+PREROUTING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.MANGLE), "PREROUTING")
+OUTGOING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.FILTER), "OUTPUT")
\ No newline at end of file