测试UDP的透明代理。中间节点向后端中转数据时,保证IP数据包中的四元组信息不变。程序的实现很大参考[1]。测试代码[2],代码文件tp_udp.cc和udp_end.cc在test文件夹下。
在mininet中测试。拓补文件,4h-1s.py
#!/usr/bin/python
from mininet.topo import Topo
from mininet.net import Mininet
from mininet.cli import CLI
from mininet.link import TCLink
import time
import datetime
import subprocess
import os,signal
import sys
# 1.0 2.0 3.0
# h1----s1----h2------h3-------h4
# a_echo b_hen c_hen d_echo
nonbottlebw1=20
bottleneckbw=6
nonbottlebw2=100
buffer_size =bottleneckbw*1000*30/(1500*8)
net = Mininet( cleanup=True )
h1 = net.addHost('h1',ip='10.0.1.1')
h2 = net.addHost('h2',ip='10.0.1.2')
h3 = net.addHost('h3',ip='10.0.2.2')
h4 = net.addHost('h4',ip='10.0.3.2')
s1 = net.addSwitch( 's1' )
c0 = net.addController('c0')
net.addLink(h1,s1,intfName1='h1-eth0',intfName2='s1-eth0',cls=TCLink , bw=nonbottlebw1, delay='10ms', max_queue_size=10*buffer_size)
net.addLink(s1,h2,intfName1='s1-eth1',intfName2='h2-eth0',cls=TCLink , bw=nonbottlebw1, delay='10ms', max_queue_size=10*buffer_size)
net.addLink(h2,h3,intfName1='h2-eth1',intfName2='h3-eth0',cls=TCLink , bw=bottleneckbw, delay='10ms', max_queue_size=buffer_size)
net.addLink(h3,h4,intfName1='h3-eth1',intfName2='h4-eth0',cls=TCLink , bw=nonbottlebw2, delay='10ms', max_queue_size=10*buffer_size)
net.build()
h1.cmd("ifconfig h1-eth0 10.0.1.1/24")
h1.cmd("route add default gw 10.0.1.2 dev h1-eth0")
h1.cmd('sysctl net.ipv4.ip_forward=1')
h2.cmd("iptables -t mangle -N DIVERT")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT")
h2.cmd("iptables -t mangle -A DIVERT -j MARK --set-mark 1")
h2.cmd("iptables -t mangle -A DIVERT -j ACCEPTT")
h2.cmd("ip rule add fwmark 1 lookup 100")
h2.cmd("ip route add local 0.0.0.0/0 dev lo table 100")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -d 10.0.3.2 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233")
h2.cmd("iptables -t mangle -A PREROUTING -p udp -d 10.0.1.1 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233")
h2.cmd("ifconfig h2-eth0 10.0.1.2/24")
h2.cmd("ifconfig h2-eth1 10.0.2.1/24")
h2.cmd("ip route add to 10.0.1.0/24 via 10.0.1.1")
h2.cmd("ip route add to 10.0.2.0/24 via 10.0.2.2")
h2.cmd("ip route add to 10.0.3.0/24 via 10.0.2.2")
h2.cmd('sysctl net.ipv4.ip_forward=1')
h3.cmd("ifconfig h3-eth0 10.0.2.2/24")
h3.cmd("ifconfig h3-eth1 10.0.3.1/24")
h3.cmd("ip route add to 10.0.1.0/24 via 10.0.2.1")
h3.cmd("ip route add to 10.0.2.0/24 via 10.0.2.1")
h3.cmd("ip route add to 10.0.3.0/24 via 10.0.3.2")
h3.cmd('sysctl net.ipv4.ip_forward=1')
h4.cmd("ifconfig h4-eth0 10.0.3.2/24")
h4.cmd("route add default gw 10.0.3.1 dev h4-eth0")
h4.cmd('sysctl net.ipv4.ip_forward=1')
net.start()
time.sleep(1)
CLI(net)
net.stop()
h2充当中间节点。测试前,下载[2]的代码,编译。
cd engine
mkdir build && cd build
cmake ..
make
在mininet中运行拓补。
sudo su
python 4h-1s.py
xerm h1 h2 h4
in h2 shell, run:
./tp_udp
in h4 shell, run:
./t_udp -b 3345
in h1 shell, run:
./t_udp -i 10.0.3.2 -p 3345 -b 4456 -c
If you intend to run it on real hosts, configure the route table before you run tp_udp.
iptables -t mangle -N DIVERT"
iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT"
iptables -t mangle -A DIVERT -j MARK --set-mark 1"
iptables -t mangle -A DIVERT -j ACCEPTT"
ip rule add fwmark 1 lookup 100"
ip route add local 0.0.0.0/0 dev lo table 100"
iptables -t mangle -A PREROUTING -p udp -d dst_ip -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233"
iptables -t mangle -A PREROUTING -p udp -d src_ip -j TPROXY --tproxy-mark 0x1/0x1 --on-port 2233"
Reference
[1] TPROXY - Transparent proxy
[2] engine
扫一扫
3803
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
