kingecg
/
gofirewall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

"feat(forwarder): 修改转发规则匹配逻辑,改为基于目标端口进行映射"

This commit is contained in:
程广 2025-07-03 18:34:10 +08:00
parent f27002ddff
commit 7013bd61f1
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
forwarder.go
View File

@ -87,23 +87,24 @@ func (f *Forwarder) ForwardPacket(ipLayer *layers.IPv4, transportLayer gopacket.
// 获取源IP和端口 // 获取源IP和端口
srcIP := ipLayer.SrcIP.String() srcIP := ipLayer.SrcIP.String()
var srcPort int var srcPort, dstPort int
// 根据传输层协议获取端口 // 根据传输层协议获取端口
switch t := transportLayer.(type) { switch t := transportLayer.(type) {
case *layers.TCP: case *layers.TCP:
srcPort = int(t.SrcPort) srcPort = int(t.SrcPort)
// dstPort = int(t.DstPort) dstPort = int(t.DstPort)
case *layers.UDP: case *layers.UDP:
srcPort = int(t.SrcPort) srcPort = int(t.SrcPort)
// dstPort = int(t.DstPort) dstPort = int(t.DstPort)
default: default:
// 不支持的传输层协议 // 不支持的传输层协议
return nil return nil
} }
// 查找转发规则 // 查找转发规则, 按照目标端口查找并转发。
key := fmt.Sprintf("%s:%d", srcIP, srcPort) // 相当于做了一个端口映射。
key := fmt.Sprintf(":%d", dstPort) // srcIP, srcPort)
if forwardAddr, exists := f.natTable[key]; exists { if forwardAddr, exists := f.natTable[key]; exists {
// 解析转发目标地址 // 解析转发目标地址
addr, port, err := net.SplitHostPort(forwardAddr) addr, port, err := net.SplitHostPort(forwardAddr)