aiden
/
googerteller
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

and docs for better setup

Browse Source
pull/15/head
bert hubert 3 years ago
parent c3c68c09a3
commit 1ccb32694c
3 changed files with 61 additions and 11 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape Escape View File

@ -37,3 +37,4 @@ CMakeCache.txt
CMakeFiles
Makefile
cmake_install.cmake
*~

47
README.md
Unescape Escape View File

@ -23,26 +23,51 @@ make
```
## How to run
Google is so large its IPv4 and IPv6 footprint can't be handled by tcpdump,
or at least not efficiently. Therefore we need to define an ip(6)tables
`ipset`. This will first exclude Google Cloud, and then include all the
other Google IP addresses.
Install iptables 'ipset', and run (as root) the `ipset-setup.sh` script, or
execute:
```
sudo tcpdump -n -l dst net 192.0.2.1/32 $(for a in $(cat goog-prefixes.txt); do echo or dst net $a; done) | ./teller
ipset create google-services hash:net
for a in $(cat goog-cloud-prefixes.txt)
do
echo $a
ipset add google-services $a nomatch
done
for a in $(cat goog-prefixes.txt)
do
ipset add google-services $a
done
ipset create google-services6 hash:net family inet6
for a in $(cat goog-cloud-prefixes6.txt)
do
ipset add google-services6 $a nomatch
done
for a in $(cat goog-prefixes6.txt)
do
ipset add google-services6 $a
done
iptables -I OUTPUT -m set --match-set google-services dst -j NFLOG --nflog-group 20
ip6tables -I OUTPUT -m set --match-set google-services6 dst -j NFLOG --nflog-group 20
```
And then cry.
## Problems
If `tcpdump` complains about `Warning: Kernel filter failed: Cannot allocate memory`, try
this first:
Then start as:
```
sudo sysctl net.core.optmem_max=204800
sudo tcpdump -i nflog:20 -ln | ./teller
```
And cry.
## Data source
The list of Google services IP addresses can be found on [this Google
support page](https://support.google.com/a/answer/10026322?hl=en).
Note that this splits out Google services and Google cloud user IP
addresses.
addresses. However, it appears the Google services set includes the cloud IP
addresses, so you must check both sets before determining something is in
fact a Google service and not a Google customer.

24
ipset-setup.sh
Unescape Escape View File

@ -0,0 +1,24 @@
#!/bin/sh
ipset create google-services hash:net
for a in $(cat goog-cloud-prefixes.txt)
do
ipset add google-services $a nomatch
done
for a in $(cat goog-prefixes.txt)
do
ipset add google-services $a
done
ipset create google-services6 hash:net family inet6
for a in $(cat goog-cloud-prefixes6.txt)
do
ipset add google-services6 $a nomatch
done
for a in $(cat goog-prefixes6.txt)
do
ipset add google-services6 $a
done
iptables -I OUTPUT -m set --match-set google-services dst -j NFLOG --nflog-group 20
ip6tables -I OUTPUT -m set --match-set google-services6 dst -j NFLOG --nflog-group 20
Write Preview
Loading…
Cancel
Save