@@ -17,13 +17,15 @@ type NDPSpoofer struct {
1717 prefix string
1818 prefixLength int
1919 addresses []net.IP
20+ ban bool
2021 waitGroup * sync.WaitGroup
2122}
2223
2324func NewNDPSpoofer (s * session.Session ) * NDPSpoofer {
2425 mod := & NDPSpoofer {
2526 SessionModule : session .NewSessionModule ("ndp.spoof" , s ),
2627 addresses : make ([]net.IP , 0 ),
28+ ban : false ,
2729 waitGroup : & sync.WaitGroup {},
2830 }
2931
@@ -49,12 +51,25 @@ func NewNDPSpoofer(s *session.Session) *NDPSpoofer {
4951 return mod .Start ()
5052 }))
5153
54+ mod .AddHandler (session .NewModuleHandler ("ndp.ban on" , "" ,
55+ "Start NDP spoofer in ban mode, meaning the target(s) connectivity will not work." ,
56+ func (args []string ) error {
57+ mod .ban = true
58+ return mod .Start ()
59+ }))
60+
5261 mod .AddHandler (session .NewModuleHandler ("ndp.spoof off" , "" ,
5362 "Stop NDP spoofer." ,
5463 func (args []string ) error {
5564 return mod .Stop ()
5665 }))
5766
67+ mod .AddHandler (session .NewModuleHandler ("ndp.ban off" , "" ,
68+ "Stop NDP spoofer." ,
69+ func (args []string ) error {
70+ return mod .Stop ()
71+ }))
72+
5873 return mod
5974}
6075
@@ -107,8 +122,13 @@ func (mod *NDPSpoofer) Configure() error {
107122 }
108123
109124 if ! mod .Session .Firewall .IsForwardingEnabled () {
110- mod .Info ("enabling forwarding" )
111- mod .Session .Firewall .EnableForwarding (true )
125+ if mod .ban {
126+ mod .Warning ("running in ban mode, forwarding not enabled!" )
127+ mod .Session .Firewall .EnableForwarding (false )
128+ } else {
129+ mod .Info ("enabling forwarding" )
130+ mod .Session .Firewall .EnableForwarding (true )
131+ }
112132 }
113133
114134 return nil
@@ -166,6 +186,7 @@ func (mod *NDPSpoofer) Start() error {
166186func (mod * NDPSpoofer ) Stop () error {
167187 return mod .SetRunning (false , func () {
168188 mod .Info ("waiting for NDP spoofer to stop ..." )
189+ mod .ban = false
169190 mod .waitGroup .Wait ()
170191 })
171192}
0 commit comments