Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HevIFwd: Add support for iptables forwarding #61

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

HevIFwd: Add support for iptables forwarding #61

wants to merge 1 commit into from

Conversation

MikeWang000000
Copy link
Contributor

iptables implementation for #51 .

Example of usage:

sudo natmap -m iptables -s turn.cloudflare.com -h a.co -t 127.0.0.1 -p 80

Check iptables rules:

sudo iptables -t nat --list-rules
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N NATMAP
-A PREROUTING -j NATMAP
-A OUTPUT -j NATMAP
-A NATMAP -d 10.0.1.100/32 -p tcp -m tcp --dport 11609 -j DNAT --to-destination 10.0.1.100:80

The rule will be removed automatically when NATMap exits normally (e.g. Ctrl-C, SIGTERM).

MikeWang000000
MikeWang000000 commented May 3, 2024
View reviewed changes
src/hev-ifwd.c
Comment on lines +110 to +113
if (waitpid (pid, &status, 0) == -1) {
LOGV (E, "%s", strerror (errno));
goto err_close_read;
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

waitpid() here is somehow conflict with

natmap/src/hev-exec.c

Line 46 in c564210

signal (SIGCHLD, signal_handler);

MikeWang000000
MikeWang000000 commented May 3, 2024
View reviewed changes
src/hev-ifwd.c
close (pipefd_o[0]);
close (pipefd_e[0]);

signal(SIGCHLD, hev_exec_signal_handler);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not very elegant here

MikeWang000000
MikeWang000000 commented May 3, 2024
View reviewed changes
src/hev-ifwd.c
int nbyte;
pid_t pid;

signal(SIGCHLD, SIG_DFL);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary solution.

heiher
heiher reviewed May 6, 2024
View reviewed changes
Copy link
Owner

@heiher heiher left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ifwd与exec里对SIGCHLD信号处理的问题还得再想想。

另外,我在想能不能换了实现方式,比如让exec script支持链式的,app内置一些iptables/nftables等防火墙配置脚本并插入exec script链中。通过-m参数来选择。

那些预置脚本就是独立的脚本文件,内容是直观的,也能独立使用-e来测试。编译过程会最终链接到app里。

src/hev-tnsk.c
hev_tfwd_run (fd);
break;
case HEV_FWD_IPTABLES:
hev_ifwd_run (fd);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hev-unsk.c也需要相同的逻辑

src/hev-ifwd.h
*
* Start iptables port forwarding.
*/
void hev_ifwd_run (int fd);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

对于udp,如果侦测到外部地址或端口变了,hev_xfwd_run会被多次调用,但又没有对应调用hev_xfwd_kill,hev_xfwd_run要支持重入。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heiher heiher heiher left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MikeWang000000 @heiher