MVP

README.md

@@ -3,13 +3,12 @@
 
 # drawbridge
 
-drawbridge description
+**drawbridge** simplifies local nfqueue queues
 
-and witty subtitle<br/>
+without sacrificing performance?<br/>
 
 [Installation](#installation) •
 [Examples](#examples) •
-[Frequently Asked Questions](#faq) •
 [Contributing](#contributing) •
 [License](#license)
 </div>
@@ -17,21 +16,29 @@ and witty subtitle<br/>
 ## Installation
 
 ### with pip
-TBD
+Eventually, install with `pip install drawbridge`, maybe.
+
+For now, clone the repo, navigate to it, and run `pip install .`. You'll need a Linux system for nfqueue.
 
 ## Examples
 
-TBD
+See the examples directory for a WebSocket example.
 
-## FAQ
+```python
+from drawbridge import DrawBridge
 
-**What problem does drawbridge solve?**
+def my_packet_handler(raw_packet):
+    # do things to the raw packet, like
+    #   from scapy.all import *
+    #   pkt = IP(raw_packet)
+    #   ...
+    #   return bytes(pkt)
+    return raw_packet
 
-TBD
-
-**What's your roadmap?**
-
-TBD
+db = DrawBridge()
+db.add_queue(my_packet_handler, src_port=80)
+db.run()
+```
 
 ## Contributing
 

drawbridge/drawbridge.py

@@ -22,7 +22,7 @@ class DrawBridge:
         dst_ip: Optional[str] = None,
         src_port: Optional[int] = None,
         dst_port: Optional[int] = None,
-        protocol: Optional[str] = "",
+        protocol: Optional[str] = "tcp",
         override: bool = False,
     ):
         try:

drawbridge/net_queue.py

@@ -8,7 +8,7 @@ from typing import Union
 import iptc
 
 from .utils.logger import logger
-from .utils.lookup import PROTOCOLS, ALL_TABLES, PREROUTING_MANGLE
+from .utils.lookup import PROTOCOLS, ALL_TABLES, OUTGOING_MANGLE
 
 
 class NetQueue:
@@ -20,7 +20,7 @@ class NetQueue:
         dst_ip: Optional[str] = None,
         src_port: Optional[int] = None,
         dst_port: Optional[int] = None,
-        protocol: Optional[str] = "",
+        protocol: Optional[str] = "tcp",
         override: bool = False,
     ):
         self.callback = self.validate_callable(callback)
@@ -37,18 +37,26 @@ class NetQueue:
         rule = iptc.Rule()
         target = iptc.Target(rule, "NFQUEUE")
         target.set_parameter("queue-num", str(self.queue))
-        if self.protocol:
-            match = iptc.Match(rule, self.protocol)
-            rule.add_match(match)
+        rule.protocol = self.protocol
+        match = rule.create_match(self.protocol)
+        if self.dst_port:
+            match.dport = str(self.dst_port)
+        if self.src_port:
+            match.sport = str(self.src_port)
+        match = iptc.Match(rule, "iprange")
+        if self.src_ip:
+            match.src_range = str(self.src_ip)
+        if self.dst_ip:
+            match.dst_range = str(self.dst_ip)
         rule.target = target
         return rule
 
     def write_rule(self):
-        PREROUTING_MANGLE.insert_rule(self.rule)
+        OUTGOING_MANGLE.insert_rule(self.rule)
 
     def delete_rule(self):
         try:
-            PREROUTING_MANGLE.delete_rule(self.rule)
+            OUTGOING_MANGLE.delete_rule(self.rule)
         except iptc.ip4tc.IPTCError:
             logger.warning("Failed to delete rule, it may have already been deleted")
 

drawbridge/utils/lookup.py

@@ -29,4 +29,5 @@ PROTOCOLS = {
 }
 
 ALL_TABLES = [iptc.Table(t) for t in iptc.Table.ALL]
-PREROUTING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.MANGLE), "PREROUTING")
+PREROUTING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.MANGLE), "PREROUTING")
+OUTGOING_MANGLE = iptc.Chain(iptc.Table(iptc.Table.FILTER), "OUTPUT")