1. adb shell ip route list
ip route list //打开WIFI连接热点的信息
default via 192.168.235.4 dev wlan0 metric 323
192.168.235.0/24 dev wlan0 proto kernel scope link src 192.168.235.139 metric 323
adb shell ndc interface getcfg wlan0
213 0 00:08:22:f0:c2:fc 192.168.235.87 24 up broadcast running multicast //打开WIIF
2.
adb shell ndc monitor
[Connected to Netd]
===============================打开WIFI↓=============================
600 Iface linkstate wlan%d down
600 Iface added wlan0
600 Iface linkstate wlan0 down
600 Iface added p2p0
600 Iface linkstate p2p0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate p2p0 up
616 Route updated fe80::/64 dev p2p0
600 Iface linkstate p2p0 up
614 Address updated fe80::8:22ff:fee8:f187/64 p2p0 196 253 1
600 Iface linkstate p2p0 up
600 Iface linkstate p2p0 up
616 Route removed fe80::/64 dev p2p0
614 Address removed fe80::8:22ff:fee8:f187/64 p2p0 196 253 1
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 up
600 Iface linkstate wlan0 up
600 Iface linkstate wlan0 up
600 Iface linkstate wlan0 up
616 Route updated fe80::/64 dev wlan0
614 Address updated fe80::208:22ff:fee8:f187/64 wlan0 196 253 1
614 Address updated fe80::208:22ff:fee8:f187/64 wlan0 128 253 1
614 Address updated 192.168.235.178/24 wlan0 128 0 1
614 Address removed FE80::22/64 wlan0 01 01 -1
600 Iface linkstate wlan0 up
613 IfaceClass idle 1 267531533214684
613 IfaceClass active 1 267532932888607 0
613 IfaceClass idle 1 267547972768762
613 IfaceClass active 1 267557108031301 10116
===============================打开WIFI↑=============================
===============================关闭WIFI↓=============================
616 Route removed fe80::/64 dev wlan0
614 Address removed fe80::208:22ff:fee8:f187/64 wlan0 128 253 1
600 Iface linkstate p2p0 down
600 Iface linkstate wlan0 up
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface linkstate wlan0 down
600 Iface removed p2p0
600 Iface removed wlan0
===============================关闭WIFI↑=============================
===============================打开WIFI便携热热点↓=============================
600 Iface linkstate wlan%d down
600 Iface added wlan0
600 Iface linkstate wlan0 down
600 Iface added ap0
600 Iface linkstate ap0 down
600 Iface linkstate wlan0 down
600 Iface linkstate ap0 up
616 Route updated fe80::/64 dev ap0
600 Iface linkstate ap0 up
614 Address updated fe80::8:22ff:febc:e88a/64 ap0 196 253 1
614 Address updated 192.168.43.1/24 ap0 128 0 1
614 Address updated fe80::8:22ff:febc:e88a/64 ap0 128 253 1
614 Address removed FE80::22/64 ap0 01 01 -1
===============================打开WIFI便携热热点↑=============================
===============================关闭WIFI便携热热点↓=============================
614 Address removed 192.168.43.1/24 ap0 128 0 1
600 Iface linkstate ap0 down
616 Route removed fe80::/64 dev ap0
614 Address removed fe80::8:22ff:febc:e88a/64 ap0 128 253 1
600 Iface removed ap0
600 Iface added p2p0
600 Iface linkstate p2p0 down
600 Iface linkstate wlan0 down
600 Iface removed p2p0
600 Iface removed wlan0
===============================关闭WIFI便携热热点↑=============================
3.
adb shell ndc interface list
adb shell ndc interface list
110 0 ip6tnl0
110 0 ccmni6
110 0 ccmni7
110 0 ccmni5
110 0 ccmni0
110 0 ccmni1
110 0 ccmni3
110 0 ccmni4
110 0 ccmni2
110 0 tunl0
110 0 sit0
110 0 ifb0
110 0 ifb1
110 0 lo
【110 0 wlan0】 //打开才出现
【110 0 ap0】【110 0 wlan0】 //打开热点才出现
200 0 Interface list completed
4.
adb shell ndc interface getcfg wlan0
adb shell ndc interface getcfg wlan0
213 0 00:00:00:00:00:00 0.0.0.0 0 down //未打开WIIF
213 0 00:08:22:f0:c2:fc 192.168.235.87 24 up broadcast running multicast //打开WIIF
5.iptables -t raw -L
【iptables 内部的表Table 链Chain 规则Rule】
【规则Rule的执行规则 1.检查是否满足条件Condition 2.满足条件 执行Target 3.不满足执行下一条Rule】
【默认定义的Target 1.ACCEPT 接收数据 2.DROP 丢弃数据包 3.RETURN 返回到Chain 略过后续Rule 4.QUEUE 数据返回到用户空间】
iptables默认含有四张表 filter(默认) nat(网络地址转换) mangle(修改包的信息) raw(iptables高级操作)
iptables -t raw -L 【raw表的内容】
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
bw_raw_PREROUTING all -- anywhere anywhere
idletimer_raw_PREROUTING all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain bw_raw_PREROUTING (1 references)
target prot opt source destination
all -- anywhere anywhere owner socket exists
Chain idletimer_raw_PREROUTING (1 references)
target prot opt source destination
-----------------------------------------------------------------------------------
iptables -t filter -L 【filter 默认表】
Chain INPUT (policy ACCEPT) 【filter.INPUT 是处理目标位本机的数据包】
target prot opt source destination
bw_INPUT all -- anywhere anywhere
firewall all -- anywhere anywhere
fw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)【filter.FORWARD 处理需要本机转发的数据包】
target prot opt source destination
oem_fwd all -- anywhere anywhere
fw_FORWARD all -- anywhere anywhere
bw_FORWARD all -- anywhere anywhere
natctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)【filter.OUTPUT 是处理本机器产生的数据包】
target prot opt source destination
huawei_firewall all -- anywhere anywhere
oem_out all -- anywhere anywhere
firewall all -- anywhere anywhere
fw_OUTPUT all -- anywhere anywhere
st_OUTPUT all -- anywhere anywhere
bw_OUTPUT all -- anywhere anywhere
Chain bw_FORWARD (1 references)
target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination 【当输入输出的数据超过2097152字节 会从Kernel发出报警事件】
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_costly_shared (0 references)
target prot opt source destination
bw_penalty_box all -- anywhere anywhere
Chain bw_happy_box (0 references)
target prot opt source destination
Chain bw_penalty_box (1 references)
target prot opt source destination
Chain firewall (2 references)
target prot opt source destination
mobile all -- anywhere anywhere
mobile all -- anywhere anywhere
mobile all -- anywhere anywhere
mobile all -- anywhere anywhere
mobile all -- anywhere anywhere
wifi all -- anywhere anywhere
Chain fw_FORWARD (1 references)
target prot opt source destination
Chain fw_INPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_OUTPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_dozable (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match 0-9999
DROP all -- anywhere anywhere
Chain fw_standby (2 references)
target prot opt source destination
Chain huawei_firewall (1 references)
target prot opt source destination
wifi_reject_list all -- anywhere anywhere
wifi_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
mobile_reject_list all -- anywhere anywhere
Chain mobile (5 references)
target prot opt source destination
Chain mobile_reject_list (22 references)
target prot opt source destination
Chain natctrl_FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain natctrl_tether_counters (0 references)
target prot opt source destination
Chain oem_fwd (1 references)
target prot opt source destination
Chain oem_out (1 references)
target prot opt source destination
Chain st_OUTPUT (1 references)
target prot opt source destination
Chain st_clear_caught (2 references)
target prot opt source destination
Chain st_clear_detect (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
CONNMARK tcp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
st_clear_caught udp -- anywhere anywhere
Chain st_penalty_log (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
NFLOG all -- anywhere anywhere
Chain st_penalty_reject (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
NFLOG all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain wifi (1 references)
target prot opt source destination
Chain wifi_reject_list (2 references)
target prot opt source destination
-----------------------------------------------------------------------------------
iptables -t nat -L 【nat 网络地址转换表】
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
oem_nat_pre all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
natctrl_nat_POSTROUTING all -- anywhere anywhere
dualon_nat_POSTROUTING all -- anywhere anywhere
Chain dualon_nat_POSTROUTING (1 references)
target prot opt source destination
Chain natctrl_nat_POSTROUTING (1 references)
target prot opt source destination
Chain oem_nat_pre (1 references)
target prot opt source destination
-----------------------------------------------------------------------------------
iptables -t mangle -L 【mangle 修改包的信息】
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x30063
Chain FORWARD (policy ACCEPT)
target prot opt source destination
natctrl_mangle_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
bw_mangle_POSTROUTING all -- anywhere anywhere
idletimer_mangle_POSTROUTING all -- anywhere anywhere
fw_mangle_POSTROUTING all -- anywhere anywhere
Chain CONNMARK1 (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x5a
CONNMARK all -- anywhere anywhere CONNMARK save
Chain CONNMARK2 (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x5b
CONNMARK all -- anywhere anywhere CONNMARK save
Chain bw_mangle_POSTROUTING (1 references)
target prot opt source destination
all -- anywhere anywhere owner socket exists
Chain dualon_mangle_OUTPUT (0 references)
target prot opt source destination
Chain fw_mangle_POSTROUTING (1 references)
target prot opt source destination
Chain idletimer_mangle_POSTROUTING (1 references)
target prot opt source destination
Chain natctrl_mangle_FORWARD (1 references)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN/SYN TCPMSS clamp to PMTU
6.iptables -t nat -A POSTROUTING -s 192.169.1.0/24 -o eth0 -j SNAT --to 1.2.3.4
【往nat表添加过滤数据】POSTROUTING路由后
更改来自 192.169.1.0/24的数据包的源IP地址为 1.2.3.4
iptables -t nat -A POSTROUTING -s 192.169.1.0/24 -o eth0 -j SNAT --to 1.2.3.4
更改来自 192.169.1.0/24的数据包的目的IP地址为 5.6.7.8
iptables -t nat -A PREROUTING -s 192.169.1.0/24 -i eth0 -j DNAT --to 5.6.7.8
adb shell
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
oem_nat_pre all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
natctrl_nat_POSTROUTING all -- anywhere anywhere
dualon_nat_POSTROUTING all -- anywhere anywhere
Chain dualon_nat_POSTROUTING (1 references)
target prot opt source destination
Chain natctrl_nat_POSTROUTING (1 references)
target prot opt source destination
Chain oem_nat_pre (1 references)
target prot opt source destination
------------------------------------------------------------------
130|root@HWMYA-L6737:/ # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
oem_nat_pre all -- anywhere anywhere
DNAT all -- 192.169.1.0/24 anywhere to:5.6.7.8【添加的Rule】
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
natctrl_nat_POSTROUTING all -- anywhere anywhere
dualon_nat_POSTROUTING all -- anywhere anywhere
SNAT all -- 192.169.1.0/24 anywhere to:1.2.3.4 【添加的Rule】
Chain dualon_nat_POSTROUTING (1 references)
target prot opt source destination
Chain natctrl_nat_POSTROUTING (1 references)
target prot opt source destination
Chain oem_nat_pre (1 references)
target prot opt source destination
7.adb shell | cat /proc/net/dev
cat /proc/net/dev
cat /proc/net/dev
接口名: 接受的数据 发送的数据
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
ccmni5: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
wlan0: 112153 375 0 0 0 0 0 0 71800 267 0 0 0 0 0 0
p2p0: 0 0 0 0 0 0 0 0 168 2 0 0 0 0 0 0
ifb0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni7: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ip6tnl0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ifb1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ccmni4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
tunl0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0