tunvis
所属分类:网络
开发工具:C++
文件大小:0KB
下载次数:0
上传日期:2022-01-16 12:55:21
上 传 者:
sh-1993
说明: Linux网络限制器
(Linux Network Limiter)
文件列表:
Makefile (624, 2022-01-16)
dat/ (0, 2022-01-16)
dat/rules1.txt (797, 2022-01-16)
doc/ (0, 2022-01-16)
doc/tunvis_log.png (199569, 2022-01-16)
scripts/ (0, 2022-01-16)
scripts/ra8 (13, 2022-01-16)
scripts/rah (26, 2022-01-16)
scripts/ric (89, 2022-01-16)
scripts/rif (52, 2022-01-16)
scripts/rild (529, 2022-01-16)
scripts/rili (2985, 2022-01-16)
scripts/rilt (1006, 2022-01-16)
scripts/rim (66, 2022-01-16)
scripts/rin (57, 2022-01-16)
scripts/rls (56, 2022-01-16)
scripts/rrl (45, 2022-01-16)
scripts/rrll (54, 2022-01-16)
scripts/rrt (42, 2022-01-16)
scripts/rrt0 (64, 2022-01-16)
scripts/rrt1 (59, 2022-01-16)
scripts/rrt2 (59, 2022-01-16)
scripts/rs0 (82, 2022-01-16)
scripts/rs08 (76, 2022-01-16)
scripts/rs0e (138, 2022-01-16)
scripts/rs1 (177, 2022-01-16)
scripts/rs2 (177, 2022-01-16)
scripts/tunvis_forever (347, 2022-01-16)
src/ (0, 2022-01-16)
src/tools/ (0, 2022-01-16)
src/tools/IPv4.cpp (2526, 2022-01-16)
src/tools/IPv4.h (1149, 2022-01-16)
src/tools/Log.cpp (6159, 2022-01-16)
src/tools/Log.h (786, 2022-01-16)
src/tools/Process.cpp (522, 2022-01-16)
src/tools/Process.h (104, 2022-01-16)
src/tools/Routing.cpp (5124, 2022-01-16)
src/tools/Routing.h (382, 2022-01-16)
... ...
# Linux Network Limiter
## Description
* Limits access to specified addresses by download size or time span
* Creates tunnel using TUN interface
![](https://github.com/Gediminas/tunvis/blob/master/doc/tunvis_log.png)
## Demo
https://youtu.be/sLjPGN29ssI
## Requirements
* OS: Linux (Debian)
* Programming language: C++17
* Compiler: g++ (Debian 8.3.0-6)
* Root/sudo permission
## Compile / Run
```
$ make
$ sudo ./tunvis ./dat/rules1.txt
# or
$ sudo ./tunvis --interface eth0 ./dat/rules1.txt
```
## Filter Rules
Sample rules file:
```
8.8.8.8/24 ICMP 10s # google-dns1
8.8.4.4/24 ICMP 1,5kb # google-dns2
80.249.106.141/32 TCP 5kb # thinkbroadband.com
80.249.99.148/32 TCP 5mb # thinkbroadband dwn
# 1.2.3.4/8 UDP 1h # commented/inactive
```
Columns:
1) address (CIDR notation)
2) protocol (ICMP/TCP/UDP)
3) limit (size: b/kb/mb/gb/tb or time: s/m/h)
4) comment
* Rules are overwritten by later lines
* Decimal number separator must be comma (bug)
## Notes
* IP header is subtracted from download size calculations
* TCP header size is subtracted (TCP only)
## Routing
```
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ echo 0 > /proc/sys/net/ipv4/conf/tunvis1/rp_filter
$ ip link set tunvis1 up
$ ip link set tunvis2 up
$ ip addr add 10.0.1.1/24 dev tunvis1
$ ip addr add 10.0.2.2/24 dev tunvis2
```
### Output
```
(snat-1)
v
APP -> OUTPUT -> POSTROUTING -------------------> direct rooute --------------------- [eth0] --> INTERNET
^ \ / (192.168.x.x)
(mark-1) -> [tunvis1] == TunVisApp ==> [tunvis2] -> PRE -> FWD -> POST -
( =>fwmark-1) ^ ^ ^ ^
(10.0.1.1/24) (10.0.2.2/24) (mark-2) (snat-2)
```
```
$ ip rule add fwmark 1 table 1 //fwmark-1
$ ip route add table 1 default via 10.0.1.1 //fwmark-1
$ iptables -t mangle -A OUTPUT -j MARK --set-mark 1 //mark-1
$ iptables -t mangle -A PREROUTING -i tunvis2 -j MARK --set-mark 2 //mark-2
$ iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to-source 10.0.2.22 //snat-1
$ iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source 192.168.x.x //snat-2
```
### Input
```
<-- [tunvis1] <== TunVisApp == [tunvis2] <--
/ ^ ^ \
/ (10.0.1.1/24) (10.0.2.2/24) POSTROUTING
/ \
PREROUTING FORWARD
/ (drop-1) \
APP <- INPUT <--------------------- direct rooute <---|||------- PREROUTING <-- [eth0] <-- INTERNET
(dnat-1) (192.168.x.x)
```
```
$ iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.2.22 //dnat-1
```
```
# Close direct route
$ iptables -I INPUT -i eth0 -j DROP //drop-1
```
近期下载者:
相关文件:
收藏者: