cerc-io/stack-orchestrator
12
1
Fork 3
Code Issues 117 Pull Requests 25 Actions 2 Packages Projects Releases 493 Wiki Activity
496c7982cb
stack-orchestrator/scripts/shred-unwrap.py
A. F. Dudley 0b52fc99d7 fix: ashburn relay playbooks and document DZ tunnel ACL root cause 
Playbook fixes from testing:
- ashburn-relay-biscayne: insert DNAT rules at position 1 before
  Docker's ADDRTYPE LOCAL rule (was being swallowed at position 3+)
- ashburn-relay-mia-sw01: add inbound route for 137.239.194.65 via
  egress-vrf vrf1 (nexthop only, no interface — EOS silently drops
  cross-VRF routes that specify a tunnel interface)
- ashburn-relay-was-sw01: replace PBR with static route, remove
  Loopback101

Bug doc (bug-ashburn-tunnel-port-filtering.md): root cause is the
DoubleZero agent on mia-sw01 overwrites SEC-USER-500-IN ACL, dropping
outbound gossip with src 137.239.194.65. The DZ agent controls
Tunnel500's lifecycle. Fix requires a separate GRE tunnel using
mia-sw01's free LAN IP (209.42.167.137) to bypass DZ infrastructure.

Also adds all repo docs, scripts, inventory, and remaining playbooks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 01:44:25 +00:00

35 lines
1.1 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Strip IP+UDP headers from mirrored packets and forward raw UDP payload."""
import socket
import sys
LISTEN_PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 9100
FORWARD_HOST = sys.argv[2] if len(sys.argv) > 2 else "127.0.0.1"
FORWARD_PORT = int(sys.argv[3]) if len(sys.argv) > 3 else 9000
sock_in = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock_in.bind(("0.0.0.0", LISTEN_PORT))
sock_out = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
count = 0
while True:
data, addr = sock_in.recvfrom(65535)
if len(data) < 28:
continue
# IP header: first nibble is version (4), second nibble is IHL (words)
if (data[0] >> 4) != 4:
continue
ihl = (data[0] & 0x0F) * 4
# Protocol should be UDP (17)
if data[9] != 17:
continue
# Payload starts after IP header + 8-byte UDP header
offset = ihl + 8
payload = data[offset:]
if payload:
sock_out.sendto(payload, (FORWARD_HOST, FORWARD_PORT))
count += 1
if count % 10000 == 0:
print(f"Forwarded {count} shreds", flush=True)
Reference in New Issue View Git Blame Copy Permalink