about tunneling - xieyunzi/xieyunzi.github.io GitHub Wiki
tunneling
- Tunneling_protocol
- VPN - Virtual Private Networking (video)
- https://github.com/saminiir/level-ip
- Scapy: the Python-based interactive packet manipulation program & library. https://github.com/secdev/scapy
- A command-line network packet crafting and injection utility https://github.com/troglobit/nemesis
- a network packet capture compiler https://github.com/secureworks/flowsynth
😁
- protocol
- http[s]
- socks5
- ss
- app
- surge
- Surge 原理与实现
- Surge Proxy Server
- for http[s] proxy
- "基本上等同于一个不带 cache 的 squid"
- DNS Client
- "差不多是个 mini 版本的 dnsmasq"
- Surge TUN Interface
- "核心原理就是通过一个 Surge 内部的 TCP stack,将 IP Packet 中的 TCP 数据提取出来,再重新用 Proxy 进行请求(或者直接连接对应的服务器),再将返回的数据重新封装成 IP Packet。"
- IP Layer DNS Forwarder
- "这个组件配合 TUN Interface 使用,会将收到 DNS 的 IP Packet,进行简单改动后直接转发给 upstream DNS。"
- Surge Proxy Server
- Surge 原理与实现
- surge
- tun/tap
(ಥ _ ಥ)
on mac os
$ ifconfig
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::ff2c:5c9a:3099:b1e2%utun0 prefixlen 64 scopeid 0x6
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=80d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1287
inet 172.30.97.78 --> 172.30.97.78 netmask 0xffff0000
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.51.1 UGSc 71 0 en0
10.0.31/24 172.30.97.78 UGSc 0 0 utun1
10.0.32/19 172.30.97.78 UGSc 0 0 utun1
10.0.64/18 172.30.97.78 UGSc 0 0 utun1
10.0.128/17 172.30.97.78 UGSc 0 0 utun1
10.1/16 172.30.97.78 UGSc 0 0 utun1
10.2/15 172.30.97.78 UGSc 0 0 utun1
10.4/14 172.30.97.78 UGSc 0 0 utun1
10.8/13 172.30.97.78 UGSc 0 0 utun1
10.11/16 172.30.97.78 UGSc 0 0 utun1
10.16/12 172.30.97.78 UGSc 0 0 utun1
10.32/11 172.30.97.78 UGSc 0 0 utun1
10.64/12 172.30.97.78 UGSc 0 0 utun1
10.80/13 172.30.97.78 UGSc 0 0 utun1
10.88/15 172.30.97.78 UGSc 0 2 utun1
10.90/16 172.30.97.78 UGSc 0 0 utun1
10.91/17 172.30.97.78 UGSc 0 0 utun1
10.91.128/23 172.30.97.78 UGSc 0 0 utun1
10.91.137/24 172.30.97.78 UGSc 0 0 utun1
169.254 link#9 UCS 0 0 en0 !
172.17 172.30.97.78 UGSc 0 0 utun1
172.18/15 172.30.97.78 UGSc 0 0 utun1
172.20/14 172.30.97.78 UGSc 2 0 utun1
172.20.1.1/32 172.30.97.78 UGSc 1 0 utun1
172.20.1.2/32 172.30.97.78 UGSc 0 0 utun1
172.24/14 172.30.97.78 UGSc 0 0 utun1
172.28 172.30.97.78 UGSc 0 0 utun1
172.30/15 172.30.97.78 UGSc 0 0 utun1
172.30.97.78/32 127.0.0.1 UGSc 76 0 lo0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 47 en0
255.255.255.255/32 link#9 UCS 0 0 en0 !
...
ping packet && ip route
vagrant@vagrant:~$ ip route | sed s#default#0.0.0.0/0#
0.0.0.0/0 via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 100
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
10.0.2.2 dev eth0 proto dhcp scope link src 10.0.2.15 metric 100
192.168.160.0/24 dev eth1 proto kernel scope link src 192.168.160.160
vagrant@vagrant:~$ sudo tcpdump -i any -en icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
# ping 127.1.23.33
07:44:16.439069 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.1.23.33: ICMP echo request, id 4372, seq 1, length 64
07:44:16.439083 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.1.23.33 > 127.0.0.1: ICMP echo reply, id 4372, seq 1, length 64
07:44:17.440912 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.1.23.33: ICMP echo request, id 4372, seq 2, length 64
07:44:17.440923 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.1.23.33 > 127.0.0.1: ICMP echo reply, id 4372, seq 2, length 64
07:44:18.448420 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.1.23.33: ICMP echo request, id 4372, seq 3, length 64
07:44:18.448431 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.1.23.33 > 127.0.0.1: ICMP echo reply, id 4372, seq 3, length 64
# ping baidu.com
07:45:03.310642 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 123.125.114.144: ICMP echo request, id 4373, seq 1, length 64
07:45:03.320940 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 123.125.114.144 > 10.0.2.15: ICMP echo reply, id 4373, seq 1, length 64
07:45:04.311986 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 123.125.114.144: ICMP echo request, id 4373, seq 2, length 64
07:45:04.325275 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 123.125.114.144 > 10.0.2.15: ICMP echo reply, id 4373, seq 2, length 64
07:45:05.313184 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 123.125.114.144: ICMP echo request, id 4373, seq 3, length 64
07:45:05.325408 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 123.125.114.144 > 10.0.2.15: ICMP echo reply, id 4373, seq 3, length 64
# ping 127.0.0.1
07:45:37.535926 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo request, id 4374, seq 1, length 64
07:45:37.536283 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 4374, seq 1, length 64
07:45:38.537091 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo request, id 4374, seq 2, length 64
07:45:38.537106 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 4374, seq 2, length 64
07:45:39.539065 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo request, id 4374, seq 3, length 64
07:45:39.539082 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 4374, seq 3, length 64
07:45:40.540960 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo request, id 4374, seq 4, length 64
07:45:40.540976 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 4374, seq 4, length 64
ping packet && dns query
vagrant@vagrant:~$ cat /etc/resolv.conf
nameserver 127.0.0.53
vagrant@vagrant:~$ ping baidu.com
PING baidu.com (220.181.57.216) 56(84) bytes of data.
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=1 ttl=63 time=13.0 ms
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=2 ttl=63 time=14.5 ms
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
vagrant@vagrant:~$ sudo tcpdump -i any -en port not 54618 and port not 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:38:35.834471 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo request, id 4495, seq 1, length 64
12:38:35.834507 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 100: 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 4495, seq 1, length 64
12:38:43.418892 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 71: 127.0.0.1.52808 > 127.0.0.53.53: 11738+ A? baidu.com. (27)
12:38:43.419218 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 82: 10.0.2.15.50140 > 10.0.2.3.53: 34655+ [1au] A? baidu.com. (38)
12:38:43.422245 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 71: 127.0.0.1.52808 > 127.0.0.53.53: 17895+ AAAA? baidu.com. (27)
12:38:43.422777 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 82: 10.0.2.15.56972 > 10.0.2.3.53: 13616+ [1au] AAAA? baidu.com. (38)
12:38:43.470792 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 114: 10.0.2.3.53 > 10.0.2.15.50140: 34655 2/0/1 A 220.181.57.216, A 123.125.114.144 (70)
12:38:43.471191 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 103: 127.0.0.53.53 > 127.0.0.1.52808: 11738 2/0/0 A 220.181.57.216, A 123.125.114.144 (59)
12:38:43.471304 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 125: 10.0.2.3.53 > 10.0.2.15.56972: 13616 0/1/1 (81)
12:38:43.471398 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 71: 127.0.0.53.53 > 127.0.0.1.52808: 17895 0/0/0 (27)
12:38:43.474197 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 220.181.57.216: ICMP echo request, id 4496, seq 1, length 64
12:38:43.487218 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 220.181.57.216 > 10.0.2.15: ICMP echo reply, id 4496, seq 1, length 64
12:38:43.488442 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 89: 127.0.0.1.46480 > 127.0.0.53.53: 14254+ PTR? 216.57.181.220.in-addr.arpa. (45)
12:38:43.488972 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15.33001 > 10.0.2.3.53: 38580+ [1au] PTR? 216.57.181.220.in-addr.arpa. (56)
12:38:43.540091 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 181: 10.0.2.3.53 > 10.0.2.15.33001: 38580 NXDomain 0/1/1 (137)
12:38:43.541147 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 89: 10.0.2.15.33001 > 10.0.2.3.53: 38580+ PTR? 216.57.181.220.in-addr.arpa. (45)
12:38:43.590429 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 170: 10.0.2.3.53 > 10.0.2.15.33001: 38580 NXDomain 0/1/0 (126)
12:38:43.590930 In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 89: 127.0.0.53.53 > 127.0.0.1.46480: 14254 NXDomain 0/0/0 (45)
12:38:44.476282 Out 08:00:27:0c:01:0d ethertype IPv4 (0x0800), length 100: 10.0.2.15 > 220.181.57.216: ICMP echo request, id 4496, seq 2, length 64
12:38:44.490789 In 52:54:00:12:35:02 ethertype IPv4 (0x0800), length 100: 220.181.57.216 > 10.0.2.15: ICMP echo reply, id 4496, seq 2, length 64