seedlab:V** tunneling The Container Version
V** tunneling
vpn关键词好像会被屏蔽
Task 1: Network Setup
启动容器
测试下列情况
- Host U can communicate with VPN Server.
进入server查看ip
在host中ping server
VPN Server can communicate with Host V.
进入server ping 两个host
Host U should not be able to communicate with Host V.
进入client,ping两个host(无法成功)
Run tcpdump on the router, and sniff the traffific on each of the network. Show that you can capture packets.
进入router启动tcpdump
在host中ping router和另一个host
router中检测到数据包
Task 2: Create and Confifigure TUN Interface
Task 2.a: Name of the Interface
在server router中赋予tun.py权限,并执行
chmod a+x tun.py
tun.py可以发现tun0接口
Task 2.b: Set up the TUN Interface
在tun.py 中添加下面两行
os.system("ip addr add 192.168.53.99/24 dev {}".format(ifname))
os.system("ip link set dev {} up".format(ifname))
再次查看,该接口有了IP地址
Task 2.c: Read from the TUN Interface
替换tun.py中的循环,在router中启动
while True:# Get a packet from the tun interface
packet = os.read(tun, 2048)
if packet:
ip = IP(packet)
print(ip.summary())
ping 192.168.53.8,观察tun发现输出了消息
ping 192.168.60.6,tun未输出消息
Task 2.d: Write to the TUN Interface
修改tun.py中的循环
while True:packet = os.read(tun, 2048)if packet:ip=IP(packet)newip = IP(src='1.2.3.4', dst=ip.src)newpkt = newip/ip.payloados.write(tun, bytes(newpkt))print(newip.summary())
重新ping 192.168.53.8,tun中消息发生了改变
Task 3: Send the IP Packet to VPN Server Through a Tunnel
在volumes中添加tun_server.py文件
#!/usr/bin/env python3
from scapy.all import *
IP_A = "0.0.0.0"
PORT = 9090
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((IP_A, PORT))
while True:data, (ip, port) = sock.recvfrom(2048)print("{}:{} --> {}:{}".format(ip, port, IP_A, PORT))pkt = IP(data)print(" Inside: {} --> {}".format(pkt.src, pkt.dst))
在server中启动tun_server.py
修改tun.py,替换while循环,重命名为tun_client.py,在client中启动
# Create UDP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
while True:
# Get a packet from the tun interfacepacket = os.read(tun, 2048)if packet:
# Send the packet via the tunnelsock.sendto(packet, ('10.9.0.11', 9090))
ping 192.168.53.8,server中有输出
ping 192.168.60.5,server中无输出
在tun_client.py中添加路由
Host_V= '192.168.60.0/24'
os.system("ip route add {} dev {} via 192.168.53.99".format(Host_V, ifname))
再次ping 192.168.60.5,server中有了输出
Task 4: Set Up the VPN Server
修改tun_server.py中的内容
#!/usr/bin/env python3import fcntl
import struct
import os
import time
from scapy.all import *TUNSETIFF = 0x400454ca
IFF_TUN = 0x0001
IFF_TAP = 0x0002
IFF_NO_PI = 0x1000
Host_U = '192.168.53.0/24'# Create the tun interface
tun = os.open("/dev/net/tun", os.O_RDWR)
ifr = struct.pack('16sH', b'sun_s%d', IFF_TUN | IFF_NO_PI)
ifname_bytes = fcntl.ioctl(tun, TUNSETIFF, ifr)# Get the interface name
ifname = ifname_bytes.decode('UTF-8')[:16].strip("\x00")
print("Interface Name: {}".format(ifname))# Assign an IP address & bring up the interface
os.system("ip addr add 192.168.78.100/24 dev {}".format(ifname))
os.system("ip link set dev {} up".format(ifname))# Send Host-V package to sun0
os.system("ip route add {} dev {} via 192.168.78.100".format(Host_U, ifname))IP_A = "0.0.0.0"
PORT = 9090
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((IP_A, PORT))
while True:data, (ip, port) = sock.recvfrom(2048)print("{}:{} --> {}:{}".format(ip, port, IP_A, PORT))packet = IP(data)print(" Inside: {} --> {}".format(packet.src, packet.dst))if packet:ip = packetif ICMP in ip:# Send out a packet using the tun interfaceos.write(tun, bytes(ip))print('Send out:')print(ip.summary())print()启动server和client后ping 192.168.60.5
查看wireshark
Task 5: Handling Traffific in Both Directions
替换server和client的循环
server:
# We assume that sock and tun file descriptors have already been created.
while True:# this will block until at least one interface is readyready, _, _ = select.select([sock, tun], [], [])for fd in ready:if fd is sock:data, (ip, port) = sock.recvfrom(2048)pkt = IP(data)print("From socket <==: {} --> {}".format(pkt.src, pkt.dst))... (code needs to be added by students) ...if fd is tun:packet = os.read(tun, 2048)pkt = IP(packet)print("From tun ==>: {} --> {}".format(pkt.src, pkt.dst))... (code needs to be added by students) ...client
# Create UDP socket
IP_A = "0.0.0.0"
PORT = 9090
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((IP_A, PORT))while True:# this will block until at least one interface is readyready, _, _ = select.select([sock, tun], [], [])for fd in ready:if fd is sock:# IP 0.0.0.0 Port 9090: Has receive a VPN package!!!data, (ip, port) = sock.recvfrom(2048)print("{}:{} --> {}:{}".format(ip, port, IP_A, PORT))packet = IP(data)print(" Inside: {} --> {}".format(packet.src, packet.dst))if packet:ip = packet# Send out a packet using the tun interfaceos.write(tun, bytes(ip))print('Send out:')print(ip.summary())print()if fd is tun:# Get a packet from the tun interfacepacket = os.read(tun, 2048)pkt = IP(packet)print("From tun ==>: {} --> {}".format(pkt.src, pkt.dst))if packet:# Send the packet via the tunnelsock.sendto(packet, ('10.9.0.11', 9090))
client最终可以成功ping到192.168.60.5
Task 6: Tunnel-Breaking Experiment
在保持远程登录在线状态的同时,打破客户端或服务器的隧道服务,都出现了同样的情况,即无法在远程登录界面输入任何文字,并且不再会有新的输出。当短时间重新连回服务时,积压在TUN文件的报文缓存就会被逐个释放。如图:
Task 7: Routing Experiment on Host V
在client删除默认路由,再添加新路由,查看路由信息
Task 8: VPN Between Private Networks
改用新的容器配置命令启动容器
docker-compose -f docker-compose2.yml build
docker-compose -f docker-compose2.yml up
docker-compose -f docker-compose2.yml down
在 HostU 中 ping 不到Host
然后在客户机与服务器同时打开程序(修改server的发送IP地址)。此时左侧已经可以与右侧通信:
seedlab:V** tunneling The Container Version相关推荐
- java v_java -v报错 java -version正确
如题:maven打包上传项目时报错 mvn deploy Error occurred during initialization of VM java/lang/NoClassDefFoundErr ...
- docker之container
运行一个container的本身就是开启一个具有独立namespace的进程 进程有自己的网络,文件系统等 docker通过run命令来启动一个container 运行一个container必须要指定 ...
- 你知道kernel version的实现原理和细节吗
引言 kernel 启动时通常会看到下面第二行信息的内容,它们代表了当前 kernel 的版本.编译工具版本.编译环境等信息. Booting Linux on physical CPU 0x0 Li ...
- 出现错误“subprocess.CalledProcessError: Command ‘[‘ninja‘, ‘-v‘]‘ returned non-zero exit status 1”解决方法
这个错误的出现主要是因为pytorch版本大于1.5,可行的解决方法有两个: 1. 将pytorch版本降到1.5以下: 2. 将setup.py中的"cmdclass={'build_ex ...
- linux中v参数全称,[置顶] linux 命令中的 -v 参数
也不知从何时起,我比较关注 各种软件的版本号,从ubuntu 9.10 到 14.04 14.10 再到Qt 软件的4,7.0 到5.3.1 ,再到arm-linux-gcc 4.4.1 等等,我觉着 ...
- 记录-简易多媒体流分析工具参数
Simple multimedia streams analyzer usage: ffprobe [OPTIONS] [INPUT_FILE] Main options: -L show licen ...
- TensorFlow用法
TensorFlow用法 什么是TensorFlow TensorFlow是一个开源软件库,用于使用数据流图进行数值计算.图中的节点表示数学运算,而图的边缘表示流动的多维数据数组(张量).这种灵活的体 ...
- Kubernetes1.5源码分析(二) apiServer之资源注册
源码版本 Kubernetes v1.5.0 简介 k8s里面有各种资源,如Pod.Service.RC.namespaces等资源,用户操作的其实也就是这一大堆资源.但这些资源并不是杂乱无章的,使用 ...
- Docker配置指南系列(二):指令集(二)
pause: 停止一个容器的所有进程语法:ocker pause CONTAINER [CONTAINER...] port: 列出容器的端口映射,或者查看指定开放端口的NAT映射语法:docker ...
最新文章
- mvc-3模型和数据(1)
- 论Docker swarm与Kubernetes孰强孰弱
- Https单向认证和双向认证介绍
- Ajax PHP 边学边练 之四 表单
- setuptools与distutils的区别
- Python Django jsonpickle序列化部分字段
- 计算机网络之数据链路层:15、以太网、适配器、MAC地址
- 解决ios上微信无法捕获返回键按钮事件的问题
- php server host,PHP $ _SERVER ['HTTP_HOST']与$ _SERVER
- input placeholder
- ValueError: threshold must be numeric and non-NAN, try sys.maxsize for untruncated representation
- ros实现dhcp上网
- 由程序猿yyyy-MM-dd跨年Bug引发的深思
- keyshot渲染很慢_提高Keyshot逼真渲染的小技巧!
- ArcGIS Runtime SDK for Android 读取tpk、vtpk
- WPS/WORD论文格式调整方法
- 今天给大家推荐一个深挖国内外前端新领域的前端社区
- 单元测试:桌面检查、走查方式、代码审查
- 一个WEB应用的开发流程
- Mockplus是如何节省你的原型时间的?