fix proto
This commit is contained in:
parent
2e6e1e5b3f
commit
1554f3fe0b
@ -15,26 +15,17 @@ struct IPHeader {
|
|||||||
let id: UInt16
|
let id: UInt16
|
||||||
let offset: UInt16
|
let offset: UInt16
|
||||||
let timeToLive: UInt8
|
let timeToLive: UInt8
|
||||||
let proto:UInt8
|
let proto: UInt8
|
||||||
let checksum: UInt16
|
let checksum: UInt16
|
||||||
let source: UInt32
|
let source: UInt32
|
||||||
let destination: UInt32
|
let destination: UInt32
|
||||||
|
|
||||||
var source_ip: String {
|
var source_ip: String {
|
||||||
return intToIp(source)
|
return SDLUtil.int32ToIp(source)
|
||||||
}
|
}
|
||||||
|
|
||||||
var destination_ip: String {
|
var destination_ip: String {
|
||||||
return intToIp(destination)
|
return SDLUtil.int32ToIp(destination)
|
||||||
}
|
|
||||||
|
|
||||||
private func intToIp(_ num: UInt32) -> String {
|
|
||||||
let ip0 = (UInt8) (num >> 24 & 0xFF)
|
|
||||||
let ip1 = (UInt8) (num >> 16 & 0xFF)
|
|
||||||
let ip2 = (UInt8) (num >> 8 & 0xFF)
|
|
||||||
let ip3 = (UInt8) (num & 0xFF)
|
|
||||||
|
|
||||||
return "\(ip0).\(ip1).\(ip2).\(ip3)"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public var description: String {
|
public var description: String {
|
||||||
@ -83,4 +74,15 @@ struct IPPacket {
|
|||||||
func getPayload() -> Data {
|
func getPayload() -> Data {
|
||||||
return data.subdata(in: 20..<data.count)
|
return data.subdata(in: 20..<data.count)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 获取ip数据包里面目标端口
|
||||||
|
func getDstPort() -> UInt16? {
|
||||||
|
guard case .ipv4 = IPVersion(rawValue: self.header.version), self.data.count >= 24 else {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// 系统只会读取到ipv4的数据包,(srcPort:16, dstPort:16, ...)
|
||||||
|
return UInt16(bytes: (self.data[22], self.data[23]))
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -498,9 +498,18 @@ actor SDLContextActor {
|
|||||||
// 检查权限逻辑
|
// 检查权限逻辑
|
||||||
let identitySnapshot = self.snapshotPublisher.current()
|
let identitySnapshot = self.snapshotPublisher.current()
|
||||||
if let ruleMap = identitySnapshot.lookup(data.identityID) {
|
if let ruleMap = identitySnapshot.lookup(data.identityID) {
|
||||||
if ruleMap.isAllow(proto: 2, port: 3) {
|
let proto = ipPacket.header.proto
|
||||||
|
switch TransportProtocol(rawValue: proto) {
|
||||||
|
case .udp, .tcp:
|
||||||
|
if let dstPort = ipPacket.getDstPort(), ruleMap.isAllow(proto: proto, port: dstPort) {
|
||||||
|
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
|
||||||
|
self.provider.packetFlow.writePacketObjects([packet])
|
||||||
|
}
|
||||||
|
case .icmp:
|
||||||
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
|
let packet = NEPacket(data: ipPacket.data, protocolFamily: 2)
|
||||||
self.provider.packetFlow.writePacketObjects([packet])
|
self.provider.packetFlow.writePacketObjects([packet])
|
||||||
|
default:
|
||||||
|
()
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// 向服务器请求权限逻辑
|
// 向服务器请求权限逻辑
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user