Здравствуйте. Написал небольшой скрипт на Lua. Работать должно так:
- Скрипт запускается, открывает себе tcp порт 1994 и слушает.
- Некое приложение (dig, к примеру) присылает tcp пакет с dns запросом.
- Скрипт преобразует tcp пакет в udp, и отправляет на локальный dns сервер.
- dns сервер обрабатывает запрос, отвечает скрипту.
- Скрипт получает ответ, преобразует его в tcp и отправляет обратно
- Слушает дальше и так по кругу
Однако, насколько я понимаю, он лишь принимает пакет и все. Точнее так:
- Висит системный вызов select
- Пакет приходит - вызыаются accept и recievefrom
- Снова висит select
Вот трассировка strace:
Начало (до вызова listen):
root@kali:/# strace lua5.3 scr.lua
execve("/usr/bin/lua5.3", ["lua5.3", "scr.lua"], 0x7fffbfb16f98 /* 26 vars */) = 0
brk(NULL) = 0x55596a694000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=86428, ...}) = 0
mmap(NULL, 86428, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7feabcfce000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libreadline.so.8", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260x\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=329768, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feabcfcc000
mmap(NULL, 337432, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabcf79000
mmap(0x7feabcf8f000, 167936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7feabcf8f000
mmap(0x7feabcfb8000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3f000) = 0x7feabcfb8000
mmap(0x7feabcfc2000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x48000) = 0x7feabcfc2000
mmap(0x7feabcfcb000, 1560, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feabcfcb000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\361\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1325424, ...}) = 0
mmap(NULL, 1327360, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabce34000
mmap(0x7feabce43000, 634880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7feabce43000
mmap(0x7feabcede000, 626688, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xaa000) = 0x7feabcede000
mmap(0x7feabcf77000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x142000) = 0x7feabcf77000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabce2f000
mmap(0x7feabce30000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7feabce30000
mmap(0x7feabce31000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7feabce31000
mmap(0x7feabce32000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7feabce32000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320l\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1820104, ...}) = 0
mmap(NULL, 1832568, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabcc6f000
mprotect(0x7feabcc94000, 1642496, PROT_NONE) = 0
mmap(0x7feabcc94000, 1339392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7feabcc94000
mmap(0x7feabcddb000, 299008, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16c000) = 0x7feabcddb000
mmap(0x7feabce25000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b5000) = 0x7feabce25000
mmap(0x7feabce2b000, 13944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feabce2b000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\351\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=187776, ...}) = 0
mmap(NULL, 190848, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabcc40000
mmap(0x7feabcc4e000, 57344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7feabcc4e000
mmap(0x7feabcc5c000, 57344, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7feabcc5c000
mmap(0x7feabcc6a000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x7feabcc6a000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feabcc3e000
arch_prctl(ARCH_SET_FS, 0x7feabcc3f280) = 0
mprotect(0x7feabce25000, 12288, PROT_READ) = 0
mprotect(0x7feabcc6a000, 16384, PROT_READ) = 0
mprotect(0x7feabce32000, 4096, PROT_READ) = 0
mprotect(0x7feabcf77000, 4096, PROT_READ) = 0
mprotect(0x7feabcfc2000, 8192, PROT_READ) = 0
mprotect(0x555969641000, 8192, PROT_READ) = 0
mprotect(0x7feabd00b000, 4096, PROT_READ) = 0
munmap(0x7feabcfce000, 86428) = 0
brk(NULL) = 0x55596a694000
brk(0x55596a6b5000) = 0x55596a6b5000
openat(AT_FDCWD, "scr.lua", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=8073, ...}) = 0
read(3, "\r\nlocal socket = require \"socket"..., 4096) = 4096
read(3, "\320\267\321\203 \320\277\320\276\321\201\320\273\320\265 \320\267\320\260\320\277\321\203\321\201\320\272\320\260 \320"..., 4096) = 3977
read(3, "", 4096) = 0
close(3) = 0
rt_sigaction(SIGINT, {sa_handler=0x5559696108a0, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_NODEFER|SA_RESETHAND, sa_restorer=0x7feabcca9100}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
openat(AT_FDCWD, "/usr/local/share/lua/5.3/socket.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/share/lua/5.3/socket/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/lib/lua/5.3/socket.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/lib/lua/5.3/socket/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/lua/5.3/socket.lua", O_RDONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/usr/share/lua/5.3/socket.lua", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=4448, ...}) = 0
read(3, "--------------------------------"..., 4096) = 4096
read(3, "al = sock:receive(socket.BLOCKSI"..., 4096) = 352
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/usr/local/share/lua/5.3/socket/core.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/share/lua/5.3/socket/core/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/lib/lua/5.3/socket/core.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/lib/lua/5.3/socket/core/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/lua/5.3/socket/core.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/lua/5.3/socket/core/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "./socket/core.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "./socket/core/init.lua", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/lib/lua/5.3/socket/core.so", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/lua/5.3/socket/core.so", O_RDONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/lua/5.3/socket/core.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320=\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=58280, ...}) = 0
mmap(NULL, 2153416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feabca30000
mprotect(0x7feabca3d000, 2093056, PROT_NONE) = 0
mmap(0x7feabcc3c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7feabcc3c000
close(3) = 0
mprotect(0x7feabcc3c000, 4096, PROT_READ) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[PIPE], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7feabcca9100}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
gettimeofday({tv_sec=1579106484, tv_usec=98850}, NULL) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(1994), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
Продолжение:
listen(3, 32) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
write(1, "tcp dns connected\n", 18tcp dns connected
) = 18
gettimeofday({tv_sec=1579106484, tv_usec=99797}, NULL) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = 4
fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_INET, sin_port=htons(1394), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
write(1, "udp dns port open\n", 18udp dns port open
) = 18
gettimeofday({tv_sec=1579106484, tv_usec=100246}, NULL) = 0
select(5, [3 4], [], NULL, NULL) = 1 (in [3])
gettimeofday({tv_sec=1579106487, tv_usec=247077}, NULL) = 0
accept(3, {sa_family=AF_INET, sin_port=htons(38711), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({tv_sec=1579106487, tv_usec=247325}, NULL) = 0
gettimeofday({tv_sec=1579106487, tv_usec=247348}, NULL) = 0
recvfrom(5, 0x55596a6ad008, 8192, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=5, events=POLLIN}], 1, -1) = 1 ([{fd=5, revents=POLLIN}])
recvfrom(5, "\0003#\363\1 \0\1\0\0\0\0\0\1\6google\3com\0\0\1\0\1\0\0"..., 8192, 0, NULL, NULL) = 53
gettimeofday({tv_sec=1579106487, tv_usec=247765}, NULL) = 0
gettimeofday({tv_sec=1579106487, tv_usec=247800}, NULL) = 0
select(5, [3 4], [], NULL, NULL^C) = ? ERESTARTNOHAND (To be restarted if no handler)
strace: Process 10253 detached
Вызываю dig так:
root@kali:/# dig @127.0.0.1 +tcp -p 1994 google.com
UPD: Список дескрипторов:
root@kali:/# lsof -p 10324
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
lua5.3 10324 root cwd DIR 202,1 4096 919032 /etc/stunnel
lua5.3 10324 root rtd DIR 202,1 4096 2 /
lua5.3 10324 root txt REG 202,1 236536 525872 /usr/bin/lua5.3
lua5.3 10324 root mem REG 202,1 58280 539213 /usr/lib/x86_64-linux-gnu/liblua5.3-socket.so.2.0.0
lua5.3 10324 root mem REG 202,1 187776 527282 /usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
lua5.3 10324 root mem REG 202,1 1820104 536533 /usr/lib/x86_64-linux-gnu/libc-2.29.so
lua5.3 10324 root mem REG 202,1 14592 536540 /usr/lib/x86_64-linux-gnu/libdl-2.29.so
lua5.3 10324 root mem REG 202,1 1325424 536541 /usr/lib/x86_64-linux-gnu/libm-2.29.so
lua5.3 10324 root mem REG 202,1 329768 527911 /usr/lib/x86_64-linux-gnu/libreadline.so.8.0
lua5.3 10324 root mem REG 202,1 165632 525726 /usr/lib/x86_64-linux-gnu/ld-2.29.so
lua5.3 10324 root 0u CHR 136,0 0t0 3 /dev/pts/0
lua5.3 10324 root 1u CHR 136,0 0t0 3 /dev/pts/0
lua5.3 10324 root 2u CHR 136,0 0t0 3 /dev/pts/0
lua5.3 10324 root 3u IPv4 102921 0t0 TCP localhost:1994 (LISTEN)
lua5.3 10324 root 4u IPv4 102922 0t0 UDP localhost:46165->localhost:1394
lua5.3 10324 root 5u IPv4 102937 0t0 TCP localhost:1994->localhost:46757 (CLOSE_WAIT)
Bind слушает на 1394 порту
Вот вывод netstat -aptun (убрал то, что не надо):
root@kali:/# netstat -aptun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 776/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5432/named
tcp 0 0 127.0.0.1:1994 0.0.0.0:* LISTEN 10324/lua5.3
tcp 0 0 172.31.40.132:1394 0.0.0.0:* LISTEN 5432/named
tcp 0 0 127.0.0.1:1394 0.0.0.0:* LISTEN 5432/named
tcp 0 340 172.31.40.132:22 10.63.19.67:48980 ESTABLISHED 9379/sshd: ec2-user
tcp 1 0 127.0.0.1:1994 127.0.0.1:46757 CLOSE_WAIT 10324/lua5.3
tcp6 0 0 :::22 :::* LISTEN 776/sshd
tcp6 0 0 ::1:953 :::* LISTEN 5432/named
udp 0 0 127.0.0.1:46165 127.0.0.1:1394 ESTABLISHED 10324/lua5.3
udp 0 0 172.31.40.132:1394 0.0.0.0:* 5432/named
udp 0 0 127.0.0.1:1394 0.0.0.0:* 5432/named
