MHATC系统笔记3-摩杜云开发者社区

1、FDPTEL进程从NPORT收报 (发报时不能指定-i 接口，因为iptables v1.4.7: Can't use -I with OUTPUT)收冠字"GRD"

vim /etc/rsyslog.conf   添加
kern.debug                                              /var/log/iptables
service rsyslog restart
iptables -I INPUT -i bond0  -p udp --dport 4001 -m string --from 27 --to 29  --string "GRD" --algo bm -j LOG --log-level debug
日志：
ov 29 08:39:23 FSDP-1 kernel: IN=bond0 OUT= MAC=00:50:56:af:5c:de:00:90:e8:09:ea:6e:08:00 SRC=168.192.11.91 DST=168.192.11.51 LEN=69 TOS=0x00 PREC=0x00 TTL=255 ID=32377 PROTO=UDP SPT=56001 DPT=4001 LEN=49

2、FDPTEL进程从NPORT收到报后又转发出去

iptables -I INPUT -i bond0  -p udp  -m string --from 101  --to 103 --string "GRD" --algo bm -j LOG --log-level debug
日志：
Nov 29 08:27:35 FSDP-1 kernel: IN=bond0 OUT= MAC= SRC=168.192.11.51 DST=168.192.11.255 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=6302 DPT=6106 LEN=1480

3、可以测试FDO发报，通过FDP服务进程将报文转发给fdptel，这样也是使用 -I INPUT，log记录INPUT方向，SRC=168.192.11.45和SRC=168.192.11.63，即通过iptables的INPUT链，记录到来自168.192.11.45上运行的FDO和168.192.11.63上运行的fdp进程发来的报文。

---在FDO上发报：
//这里RDG0000需是RDG，默认AAA，iptables匹配不到--string "RDG"；要是使用默认AAA，fdptel日志有记录，但是iptables的log没有。  
ZCZC RDG0000 300205         
FF ZBBBZGZX
300205 ZBYNZPZX
(DEP-CHH1111-ZBYN0204-ZHHH-0)
NNNN
---fdptel日志记录：改变了冠字：GRD0017  GRD0032
<Info>: 202311300205    receive compose or preview packet!
<Info>: 202311300205    assemble_data->nOperType is  <2>
<Info>: 202311300205    ass_tele is [ZCZC GRD0017 300205
FF ZBBBZGZX
300205 ZBYNZPZX
(DEP-CHH1111-ZBYN0204-ZHHH-0)
NNNN]
<Info>: 202311300205    fdp_fdptel_handle:: the MID is <202311300204CHH1111ZBYNZHHH>,the finid is <202311300200017GRD>!
<Info>: 202311300205    first tcp send to fdo, the re is [218],the type is[2003] !
<Info>: 202311300205    send TAG_FDPTEL_ACKASBLAFTN to fdo ,the MID is <202311300204CHH1111ZBYNZHHH>,the MSGtype is <AFTN>,the fintype <DEP>!
<Info>: 202311300205    first tcp send to fdo, the re is [212],the type is[2002] !
<Info>: 202311300205    fdp_fdptel_handle:: 'S' Send AFTNMESSAGE to FDO,the MID is <202311300204CHH1111ZBYNZHHH>,the MsgType is <AFTN>,the Fintype is <DEP>!
<Info>: 202311300205    The msg sended[udp] to NPort is <GRD0032 300205
FF ZBBBZGZX
300205 ZBYNZPZX
(DEP-CHH1111-ZBYN0204-ZHHH-0)
HH���q>, the size[ret] of sended msg is <81>. 
---LOG记录：SRC=168.192.11.63 DST=168.192.11.255
#iptables -I INPUT -i bond0  -p udp  -m string   --string "RDG" --algo bm -j LOG --log-level debug
Nov 30 02:05:26 FSDP-1 kernel: IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:a0:36:9f:75:ee:5a:08:00 SRC=168.192.11.45 DST=168.192.11.255 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55555 DPT=10086 LEN=247 
Nov 30 02:05:26 FSDP-1 kernel: IN=bond0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:af:d3:8c:08:00 SRC=168.192.11.63 DST=168.192.11.255 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=6304 DPT=6102 LEN=1480

4、测试fdptel发报（发冠字"RDG"）。不能指定-i 接口，因为iptables v1.4.7: Can't use -I with OUTPUT

#cat aidc.ini
[UDP0]
linecode=RDG		//线路码,发冠字
#iptables -I OUTPUT   -p udp  -m string --from 27 --to 29 --string "RDG" --algo bm -j LOG --log-level debug
# iptables --list
Chain OUTPUT (policy ACCEPT)
target     prot opt source   destination         
LOG        udp  --  anywhere   anywhere      STRING match "GRD" ALGO name bm TO 65535 LOG level debug 
日志：
NNov 30 07:37:37 FSDP-1 kernel: IN= OUT=bond0 SRC=168.192.11.51 DST=168.192.11.91 LEN=154 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=58884 DPT=6001 LEN=134