当前位置：首页 > article >正文

udp transparent proxy

article 2025/8/24 3:12:31

测试UDP的透明代理。中间节点向后端中转数据时，保证IP数据包中的四元组信息不变。程序的实现很大参考[1]。测试代码[2]，代码文件tp_udp.cc和udp_end.cc在test文件夹下。
在mininet中测试。拓补文件，4h-1s.py

#!/usr/bin/python
from mininet.topo import Topo
from mininet.net import Mininet
from mininet.cli import CLI
from mininet.link import TCLink
import time
import datetime
import subprocess
import os,signal
import sys
#           1.0      2.0      3.0
#    h1----s1----h2------h3-------h4
#    a_echo      b_hen   c_hen    d_echo
nonbottlebw1=20
bottleneckbw=6
nonbottlebw2=100  
buffer_size =bottleneckbw*1000*30/(1500*8) 
net = Mininet( cleanup=True )
h1 = net.addHost('h1',ip='10.0.1.1')
h2 = net.addHost('h2',ip='10.0.1.2')
h3 = net.addHost('h3',ip='10.0.2.2')
h4 = net.addHost('h4',ip='10.0.3.2')
s1 = net.addSwitch( 's1' )
c0 = net.addController('c0')
net.addLink(h1,s1,intfName1='h1-eth0',intfName2='s1-eth0',cls=TCLink , bw=nonbottlebw1, delay='10ms', max_queue_size=10*buffer_size)
net.addLink(s1,h2,intfName1='s1-eth1',intfName2='h2-eth0',cls=TCLink , bw=nonbottlebw1, delay='10ms', max_queue_size=10*buffer_size) 
net.addLink(h2,h3,intfName1='h2-eth1',intfName2='h3-eth0',cls=TCLink , bw=bottleneckbw, delay='10ms', max_queue_size=buffer_size)
net.addLink(h3,h4,intfName1='h3-eth1',intfName2='h4-eth0',cls=TCLink , bw=nonbottlebw2, delay='10ms', max_queue_size=10*buffer_size)
net.build()
h1.cmd("ifconfig h1-eth0 10.0.1.1/24")
h1.cmd("route add default gw 10.0.1.2 dev h1-eth0")
h1.cmd('sysctl net.ipv4.ip_forward=1')h2.cmd("iptables -t mangle -N DIVERT")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT")
h2.cmd("iptables -t mangle -A DIVERT -j MARK --set-mark 1")
h2.cmd("iptables -t mangle -A DIVERT -j ACCEPTT")
h2.cmd("ip rule add fwmark 1 lookup 100")
h2.cmd("ip route add local 0.0.0.0/0 dev lo table 100")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -d 10.0.3.2  -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -d 10.0.1.1  -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233")h2.cmd("ifconfig h2-eth0 10.0.1.2/24")
h2.cmd("ifconfig h2-eth1 10.0.2.1/24")
h2.cmd("ip route add to 10.0.1.0/24 via 10.0.1.1")
h2.cmd("ip route add to 10.0.2.0/24 via 10.0.2.2")
h2.cmd("ip route add to 10.0.3.0/24 via 10.0.2.2")
h2.cmd('sysctl net.ipv4.ip_forward=1')h3.cmd("ifconfig h3-eth0 10.0.2.2/24")
h3.cmd("ifconfig h3-eth1 10.0.3.1/24")
h3.cmd("ip route add to 10.0.1.0/24 via 10.0.2.1")
h3.cmd("ip route add to 10.0.2.0/24 via 10.0.2.1")
h3.cmd("ip route add to 10.0.3.0/24 via 10.0.3.2")
h3.cmd('sysctl net.ipv4.ip_forward=1')h4.cmd("ifconfig h4-eth0 10.0.3.2/24")
h4.cmd("route add default gw 10.0.3.1 dev h4-eth0")
h4.cmd('sysctl net.ipv4.ip_forward=1')net.start()
time.sleep(1)
CLI(net)
net.stop()

h2充当中间节点。测试前，下载[2]的代码，编译。

cd engine
mkdir build && cd build
cmake ..
make

在mininet中运行拓补。

sudo su
python 4h-1s.py
xerm h1 h2 h4

in h2 shell, run:

./tp_udp

in h4 shell, run:

./t_udp -b 3345

in h1 shell, run:

./t_udp -i 10.0.3.2 -p 3345 -b 4456  -c

If you intend to run it on real hosts, configure the route table before you run tp_udp.

iptables -t mangle -N DIVERT"
iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT"
iptables -t mangle -A DIVERT -j MARK --set-mark 1"
iptables -t mangle -A DIVERT -j ACCEPTT"
ip rule add fwmark 1 lookup 100"
ip route add local 0.0.0.0/0 dev lo table 100"
iptables -t mangle -A PREROUTING -p udp -d dst_ip  -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233"
iptables -t mangle -A PREROUTING -p udp -d src_ip  -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233"

Reference
[1] TPROXY - Transparent proxy
[2] engine

查看全文

http://www.lryc.cn/news/2418329.html