原文存在代码中有空格情况,以下为修改版:
1. 将代码保存为 geneva.py
首先,打开终端并执行以下命令:
cat <<'EOF' >geneva.py #!/usr/bin/env python3 import os import signal from scapy.all import * from netfilterqueue import NetfilterQueue import argparse window_size = 17 def modify_window(pkt): try: ip = IP(pkt.get_payload()) if ip.haslayer(TCP) and ip[TCP].flags == "SA": ip[TCP].window = window_size del ip[IP].chksum del ip[TCP].chksum pkt.set_payload(bytes(ip)) elif ip.haslayer(TCP) and ip[TCP].flags == "FA": ip[TCP].window = window_size del ip[IP].chksum del ip[TCP].chksum pkt.set_payload(bytes(ip)) elif ip.haslayer(TCP) and ip[TCP].flags == "PA": ip[TCP].window = window_size del ip[IP].chksum del ip[TCP].chksum pkt.set_payload(bytes(ip)) elif ip.haslayer(TCP) and ip[TCP].flags == "A": ip[TCP].window = window_size del ip[IP].chksum del ip[TCP].chksum pkt.set_payload(bytes(ip)) except: pass pkt.accept() def parsearg(): global window_size parser = argparse.ArgumentParser(description='Description of your program') parser.add_argument('-q', '--queue', type=int, help='iptables Queue Num') parser.add_argument('-w', '--window_size', type=int, help='Tcp Window Size') args = parser.parse_args() if args.queue is None or args.window_size is None: exit(1) window_size = args.window_size return args.queue def main(): queue_num = parsearg() nfqueue = NetfilterQueue() nfqueue.bind(queue_num, modify_window) try: print("Starting netfilter_queue process...") nfqueue.run() except KeyboardInterrupt: pass if __name__ == "__main__": #sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0) signal.signal(signal.SIGINT, lambda signal, frame: sys.exit(0)) main() EOF
2. 安装依赖项
CentOS 安装依赖
sudo yum install -y python3 python3-devel gcc gcc-c++ git libnetfilter* libffi-devel pip3 install --upgrade pip pip3 install scapy netfilterqueue
Ubuntu 安装依赖
sudo apt-get update sudo apt-get install -y build-essential python3-dev libnetfilter-queue-dev libffi-dev libssl-dev iptables python3-pip pip3 install --upgrade pip pip3 install scapy netfilterqueue
3. 执行程序
启动程序
nohup python3 geneva.py -q 100 -w 17 & nohup python3 geneva.py -q 101 -w 4 &
配置 iptables 规则
iptables -I OUTPUT -p tcp --sport 80 --tcp-flags SYN,RST,ACK,FIN,PSH SYN,ACK -j NFQUEUE --queue-num 100 iptables -I OUTPUT -p tcp --sport 443 --tcp-flags SYN,RST,ACK,FIN,PSH SYN,ACK -j NFQUEUE --queue-num 101
4. 检查是否运行成功
ps -ef | grep geneva
如果命令输出中包含 geneva.py 的进程信息,则表示程序已成功启动。
待验证是否成功,必须开启强制https
