更新README.md
This commit is contained in:
luwenpeng
99
README.md
99
README.md
@@ -2,9 +2,8 @@
|
|||||||
|
|
||||||
## 简介
|
## 简介
|
||||||
|
|
||||||
|
- PacketAdapter 是一个数据包过滤/转换/适配工具。
|
||||||
- PacketAdapter 是一个基于 iptables 的数据包过滤,转换/适配工具。
|
- PacketAdapter 并不会凭空产生数据包,而是将 MRZCPD 上送的数据包重新转换/适配后通过 RAW Socket 回注到管理口。
|
||||||
- PacketAdapter 并不会凭空产生数据包,而是将 iptables 过滤的数据包重新转换/适配后再回注到网络中。
|
|
||||||
- 可用于 Overlay networks 中 Packet encapsulation and decapsulation,屏蔽端到端协议层之间的差异。
|
- 可用于 Overlay networks 中 Packet encapsulation and decapsulation,屏蔽端到端协议层之间的差异。
|
||||||
|
|
||||||
## 应用 -- 实现 GTP Overlay 数据包的解封装
|
## 应用 -- 实现 GTP Overlay 数据包的解封装
|
||||||
@@ -15,7 +14,7 @@ PacketAdapter 通过 iptables 将 Firewall 发送的 GTP RST 包进行过滤,
|
|||||||
|
|
||||||
```
|
```
|
||||||
+-----------+ +-----------+
|
+-----------+ +-----------+
|
||||||
| TCP/UDP | | TCP/UDP |
|
| ********* | | ********* |
|
||||||
+-----------+ +-----------+
|
+-----------+ +-----------+
|
||||||
| IPv4/IPv6 | | IPv4/IPv6 |
|
| IPv4/IPv6 | | IPv4/IPv6 |
|
||||||
+-----------+ +-----------+
|
+-----------+ +-----------+
|
||||||
@@ -24,7 +23,7 @@ PacketAdapter 通过 iptables 将 Firewall 发送的 GTP RST 包进行过滤,
|
|||||||
| UDP | ==> | |
|
| UDP | ==> | |
|
||||||
+-----------+ | |
|
+-----------+ | |
|
||||||
| IPv4/IPv6 | | |
|
| IPv4/IPv6 | | |
|
||||||
+-----------+ | |
|
+-----------+ | Replace |
|
||||||
| MAC | | MAC |
|
| MAC | | MAC |
|
||||||
+-----------+ +-----------+
|
+-----------+ +-----------+
|
||||||
```
|
```
|
||||||
@@ -33,44 +32,62 @@ PacketAdapter 通过 iptables 将 Firewall 发送的 GTP RST 包进行过滤,
|
|||||||
* /MAC/IPv6 的 first next header 必须为 UDP。
|
* /MAC/IPv6 的 first next header 必须为 UDP。
|
||||||
* 目前不支持 GTP 扩展头。
|
* 目前不支持 GTP 扩展头。
|
||||||
|
|
||||||
## 运行环境
|
## 应用 -- 实现 VLAN Overlay 数据包的解封装
|
||||||
|
|
||||||
``` shell
|
```
|
||||||
# yum install --downloadonly --downloaddir=./ libnetfilter_queue.x86_64
|
+-----------+ +-----------+
|
||||||
# yum install --downloadonly --downloaddir=./ libnetfilter_queue-devel.x86_64
|
| ********* | | ********* |
|
||||||
# 安装 libnetfilter_queue
|
+-----------+ +-----------+
|
||||||
yum install -y libnetfilter_queue
|
| IPv4/IPv6 | | IPv4/IPv6 |
|
||||||
|
+-----------+ +-----------+
|
||||||
# 清空 iptables
|
| VLAN | ==> | |
|
||||||
iptables -F -t nat
|
+-----------+ | |
|
||||||
iptables -F -t filter
|
| VLAN | | |
|
||||||
iptables -F -t mangle
|
+-----------+ | Replace |
|
||||||
iptables -F -t raw
|
| MAC | | MAC |
|
||||||
|
+-----------+ +-----------+
|
||||||
ip6tables -F -t nat
|
|
||||||
ip6tables -F -t filter
|
|
||||||
ip6tables -F -t mangle
|
|
||||||
ip6tables -F -t raw
|
|
||||||
|
|
||||||
# 增加 iptables
|
|
||||||
/usr/sbin/iptables -A OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
|
|
||||||
/usr/sbin/ip6tables -A OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
|
|
||||||
|
|
||||||
# 删除 iptables
|
|
||||||
/usr/sbin/iptables -D OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
|
|
||||||
/usr/sbin/ip6tables -D OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
|
|
||||||
|
|
||||||
# 调试 iptables
|
|
||||||
# /usr/sbin/iptables -A OUTPUT -o eno2 -j LOG
|
|
||||||
# /usr/sbin/ip6tables -A OUTPUT -o eno2 -j LOG
|
|
||||||
|
|
||||||
# 启动服务
|
|
||||||
systemctl enable packet_adapter
|
|
||||||
systemctl start packet_adapter
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## TODO
|
## 应用 -- 实现 MPLS Overlay 数据包的解封装
|
||||||
|
|
||||||
|
```
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| ********* | | ********* |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| IPv4/IPv6 | | IPv4/IPv6 |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| MPLS | ==> | |
|
||||||
|
+-----------+ | |
|
||||||
|
| MPLS | | |
|
||||||
|
+-----------+ | Replace |
|
||||||
|
| MAC | | MAC |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
```
|
||||||
|
|
||||||
- [x] support service
|
## 应用 -- 实现 PPPOE Overlay 数据包的解封装
|
||||||
- [ ] support filestat
|
|
||||||
|
```
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| ********* | | ********* |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| IPv4/IPv6 | | IPv4/IPv6 |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| PPPOE | ==> | |
|
||||||
|
+-----------+ | Replace |
|
||||||
|
| MAC | | MAC |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| ********* | | ********* |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| IPv4/IPv6 | | IPv4/IPv6 |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
| PPPOE | ==> | |
|
||||||
|
+-----------+ | |
|
||||||
|
| VLAN | | |
|
||||||
|
+-----------+ | Replace |
|
||||||
|
| MAC | | MAC |
|
||||||
|
+-----------+ +-----------+
|
||||||
|
```
|
||||||
15
platform/test/README.md
Normal file
15
platform/test/README.md
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
# README
|
||||||
|
|
||||||
|
## 配置 IPv6 测试环境
|
||||||
|
|
||||||
|
``` shell
|
||||||
|
# config IPv6 address
|
||||||
|
/usr/sbin/ip addr add fe80::42:acff:fe11:2/64 dev eth0
|
||||||
|
|
||||||
|
# config IPv6 route
|
||||||
|
/usr/sbin/ip -6 route add default dev eth0 via fe80::42:acff:fe11:1
|
||||||
|
|
||||||
|
# config IPv6 neigh
|
||||||
|
/usr/sbin/ip -6 neigh flush dev eth0
|
||||||
|
/usr/sbin/ip -6 neigh add fe80::42:acff:fe11:1 lladdr aa:aa:bb:bb:cc:cc dev eth0 nud permanent
|
||||||
|
```
|
||||||
BIN
platform/test/inject_packet.pcap
Normal file
BIN
platform/test/inject_packet.pcap
Normal file
Binary file not shown.
Reference in New Issue
Block a user