gfwleak/tsg-packetadapter
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
562e34ca58cc0f4acb815a68ebffcc2b5c46c5ce
tsg-packetadapter/README.md
卢文朋 562e34ca58 Update README.md
2021-09-16 01:51:22 +00:00

77 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# PacketAdapter -- Packet Filtering & Adaptation tools
## 简介
- PacketAdapter 是一个基于 iptables 的数据包过滤,转换/适配工具。
- PacketAdapter 并不会凭空产生数据包,而是将 iptables 过滤的数据包重新转换/适配后再回注到网络中。
- 可用于 Overlay networks 中 Packet encapsulation and decapsulation屏蔽端到端协议层之间的差异。
## 应用 -- 实现 GTP Overlay 数据包的解封装
PacketAdapter 通过 iptables 将 Firewall 发送的 GTP RST 包进行过滤,然后将 GTP 数据解封装后回注到网络中。
例如:将 “MAC/IPv4 or IPv6/UDP/GTP1/IPv4 or IPv6/TCP or UDP“ 中的 "/IPv4 or IPv6/UDP/GTP1" 协议层剥离。
```
+-----------+ +-----------+
| TCP/UDP | | TCP/UDP |
+-----------+ +-----------+
| IPv4/IPv6 | | IPv4/IPv6 |
+-----------+ +-----------+
| GTP1 | | |
+-----------+ | |
| UDP | ==> | |
+-----------+ | |
| IPv4/IPv6 | | |
+-----------+ | |
| MAC | | MAC |
+-----------+ +-----------+
```
注意:
* /MAC/IPv6 的 first next header 必须为 UDP。
* 目前不支持 GTP 扩展头。
## 运行环境
``` shell
# yum install --downloadonly --downloaddir=./ libnetfilter_queue.x86_64
# yum install --downloadonly --downloaddir=./ libnetfilter_queue-devel.x86_64
# 安装 libnetfilter_queue
yum install -y libnetfilter_queue
# 清空 iptables
iptables -F -t nat
iptables -F -t filter
iptables -F -t mangle
iptables -F -t raw
ip6tables -F -t nat
ip6tables -F -t filter
ip6tables -F -t mangle
ip6tables -F -t raw
# 增加 iptables
/usr/sbin/iptables -A OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
/usr/sbin/ip6tables -A OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
# 删除 iptables
/usr/sbin/iptables -D OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
/usr/sbin/ip6tables -D OUTPUT -o eno2 -p udp --dport 2152 -j NFQUEUE --queue-num 1
# 调试 iptables
# /usr/sbin/iptables -A OUTPUT -o eno2 -j LOG
# /usr/sbin/ip6tables -A OUTPUT -o eno2 -j LOG
# 启动服务
systemctl enable nfq_filter_gtp
systemctl start nfq_filter_gtp
```
## TODO
- [x] support service
- [ ] support filestat
Reference in New Issue View Git Blame Copy Permalink