netcat is small and flexible, and can handle all kinds of network tests you need.
But understand that the network scenarios that netcat can handle are basically end-to-end, such as TCP and UDP.
There is another aspect of the network, the link itself. What if you want to simulate a firewall and simulate a NAT? Can it be done with netcat? At this time you may have to write the kernel module yourself.
Netfilter? eBPF? NFV? These are too complicated!
You can try to do it in the user mode when the user mode is completed, simple and stable is the most important.
I recommend simpletun.
simpletun is not a well-known open source software, but you can find a large piece on the Internet, just find a juggler. The function of simpletun to simulate network equipment is not to say that it can be done directly with its binary system, but to say that you can make three or two lines of magical changes to it at will, and let it realize the function you need.
I won’t talk about building a TCP tunnel here, see:
https://github.com/marywangran/simpletun/blob/main/simpletun.c
In this article, I want to demonstrate a NAT function.
I happen to be investigating a NAT64 solution. I am thinking about whether I can build one with tun equipment if there is no ready-made solution. Of course, there must be a ready-made solution, so tun equipment is not used. But I always want to try and see how simple it is, so I simply wrote one:
https://github.com/marywangran/simpletun/blob/main/tunnat.c
The gameplay is very simple. It is written in the README:
The key here is a few lines of code:
if (FD_ISSET(tap_fd, &rd_set)) {
struct iphdr *iph;
/* data from tun/tap: just read it and write it to the network */
unsigned int addr1 = inet_addr(from_ip);
unsigned int addr2 = inet_addr(to_ip);
nread = cread(tap_fd, buffer, BUFSIZE);
iph = (struct iphdr *)buffer;
if (addr2 == iph->daddr) {
iph->daddr = addr1;
} else if (addr1 == iph->saddr) {
iph->saddr = addr2;
} else {
continue;
}
iph->check = 0;
iph->check = ip_checksum((unsigned short *)iph, 20);
nwrite = cwrite(tap_fd, buffer, nread);
}
Of course, if you want to implement a fully usable NAT, you definitely need to maintain some linked lists to save sessions, but POC does not need these.
Correspondingly, if you want to simulate a NAT64 with tun, it is not difficult:
- The traffic that needs to be NAT64 is routed to the tun network card.
- Use your program to replace the IPv4 header of the raw packet read from the tun character device with the IPv6 header.
- Write the changed bare package as a buffer back to the tun character device.
It is enough to coordinate some external configurations, which can basically be completed with iproute2.
Simpletun is indeed very low, just like netcat and nginx are also very low, the problem is what you need to do with it. The reason why I am good at verifying whether a thing works or not in a short time is that I am not good at tossing about complicated things. My view has always been that if I were a painter, I wanted to pick up a pen and paint instead of learning those complicated tools.
Are the so-called great people in many fields really great in this field or are they great as a living manual? Many excellent designers cannot find jobs because they don’t know how to CAD, and many rookie designers have reached the top because they are proficient in CAD...
The leather shoes in Wenzhou, Zhejiang are wet, so they won’t get fat in the rain.