1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Generated by graphviz version 2.34.0 (20140110.0949)
-->
<!-- Title: G Pages: 1 -->
<svg width="675pt" height="596pt"
viewBox="0.00 0.00 675.00 596.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 592)">
<title>G</title>
<polygon fill="white" stroke="white" points="-4,4 -4,-592 671,-592 671,4 -4,4"/>
<g id="clust1" class="cluster"><title>cluster_kernel</title>
<polygon fill="none" stroke="brown" points="55,-334 55,-508 483,-508 483,-334 55,-334"/>
<text text-anchor="start" x="180.5" y="-488" font-family="Cantarell,sans-serif" font-size="20.00">Linux (kernel mode)</text>
</g>
<g id="clust2" class="cluster"><title>cluster_fastalg_nfqueue</title>
<polygon fill="none" stroke="blue" points="8,-126 8,-300 279,-300 279,-126 8,-126"/>
<text text-anchor="start" x="16" y="-280" font-family="Cantarell,sans-serif" font-size="20.00">fastalg-nfqueue (user mode)</text>
</g>
<g id="clust3" class="cluster"><title>cluster_fastalg_protocol</title>
<polygon fill="none" stroke="#00cd00" points="16,-8 16,-92 345,-92 345,-8 16,-8"/>
<text text-anchor="start" x="24" y="-72" font-family="Cantarell,sans-serif" font-size="20.00">fastalg-protocol (user mode library)</text>
</g>
<!-- nft_filter_prerouting -->
<g id="node1" class="node"><title>nft_filter_prerouting</title>
<path fill="none" stroke="black" d="M265.5,-433C265.5,-433 462.5,-433 462.5,-433 468.5,-433 474.5,-439 474.5,-445 474.5,-445 474.5,-457 474.5,-457 474.5,-463 468.5,-469 462.5,-469 462.5,-469 265.5,-469 265.5,-469 259.5,-469 253.5,-463 253.5,-457 253.5,-457 253.5,-445 253.5,-445 253.5,-439 259.5,-433 265.5,-433"/>
<text text-anchor="middle" x="364" y="-447.3" font-family="Cantarell,sans-serif" font-size="14.00">NFTables 規則 (filter, prerouting)</text>
</g>
<!-- nfqueue -->
<g id="node2" class="node"><title>nfqueue</title>
<path fill="none" stroke="black" d="M75,-343C75,-343 233,-343 233,-343 239,-343 245,-349 245,-355 245,-355 245,-367 245,-367 245,-373 239,-379 233,-379 233,-379 75,-379 75,-379 69,-379 63,-373 63,-367 63,-367 63,-355 63,-355 63,-349 69,-343 75,-343"/>
<text text-anchor="middle" x="154" y="-357.3" font-family="Cantarell,sans-serif" font-size="14.00">Netfilter user space queue</text>
</g>
<!-- nft_filter_prerouting->nfqueue -->
<g id="edge2" class="edge"><title>nft_filter_prerouting->nfqueue</title>
<path fill="none" stroke="black" d="M323.261,-432.928C289.209,-418.659 240.506,-398.25 204.078,-382.985"/>
<polygon fill="black" stroke="black" points="205.201,-379.661 194.626,-379.024 202.496,-386.117 205.201,-379.661"/>
<text text-anchor="start" x="277" y="-403.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="red">2</text>
<text text-anchor="start" x="287" y="-403.3" font-family="Cantarell,sans-serif" font-size="14.00"> Enqueue</text>
</g>
<!-- nft_nat_prerouting -->
<g id="node3" class="node"><title>nft_nat_prerouting</title>
<path fill="none" stroke="black" d="M275,-343C275,-343 463,-343 463,-343 469,-343 475,-349 475,-355 475,-355 475,-367 475,-367 475,-373 469,-379 463,-379 463,-379 275,-379 275,-379 269,-379 263,-373 263,-367 263,-367 263,-355 263,-355 263,-349 269,-343 275,-343"/>
<text text-anchor="middle" x="369" y="-357.3" font-family="Cantarell,sans-serif" font-size="14.00">NFTables 規則 (nat, prerouting)</text>
</g>
<!-- nft_filter_prerouting->nft_nat_prerouting -->
<g id="edge10" class="edge"><title>nft_filter_prerouting->nft_nat_prerouting</title>
<path fill="none" stroke="black" d="M364.988,-432.614C365.691,-420.24 366.65,-403.369 367.453,-389.22"/>
<polygon fill="black" stroke="black" points="370.958,-389.233 368.031,-379.05 363.97,-388.836 370.958,-389.233"/>
<text text-anchor="start" x="366" y="-403.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="#008b00">8</text>
</g>
<!-- netlink_socket -->
<g id="node4" class="node"><title>netlink_socket</title>
<path fill="none" stroke="black" d="M134.5,-225C134.5,-225 217.5,-225 217.5,-225 223.5,-225 229.5,-231 229.5,-237 229.5,-237 229.5,-249 229.5,-249 229.5,-255 223.5,-261 217.5,-261 217.5,-261 134.5,-261 134.5,-261 128.5,-261 122.5,-255 122.5,-249 122.5,-249 122.5,-237 122.5,-237 122.5,-231 128.5,-225 134.5,-225"/>
<text text-anchor="middle" x="176" y="-239.3" font-family="Cantarell,sans-serif" font-size="14.00">Netlink socket</text>
</g>
<!-- nfqueue->netlink_socket -->
<g id="edge3" class="edge"><title>nfqueue->netlink_socket</title>
<path fill="none" stroke="black" d="M157.246,-342.884C160.821,-324.036 166.618,-293.469 170.822,-271.304"/>
<polygon fill="black" stroke="black" points="174.316,-271.663 172.741,-261.186 167.438,-270.359 174.316,-271.663"/>
<text text-anchor="start" x="164" y="-313.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="red">3</text>
<text text-anchor="start" x="174" y="-313.3" font-family="Cantarell,sans-serif" font-size="14.00"> Dequeue</text>
</g>
<!-- pkt_out -->
<g id="node9" class="node"><title>pkt_out</title>
<path fill="none" stroke="black" d="M302,-225C302,-225 436,-225 436,-225 442,-225 448,-231 448,-237 448,-237 448,-249 448,-249 448,-255 442,-261 436,-261 436,-261 302,-261 302,-261 296,-261 290,-255 290,-249 290,-249 290,-237 290,-237 290,-231 296,-225 302,-225"/>
<text text-anchor="middle" x="369" y="-239.3" font-family="Cantarell,sans-serif" font-size="14.00">DNS request 封包輸出</text>
</g>
<!-- nft_nat_prerouting->pkt_out -->
<g id="edge11" class="edge"><title>nft_nat_prerouting->pkt_out</title>
<path fill="none" stroke="black" d="M369,-342.884C369,-324.036 369,-293.469 369,-271.304"/>
<polygon fill="black" stroke="black" points="372.5,-271.186 369,-261.186 365.5,-271.186 372.5,-271.186"/>
<text text-anchor="start" x="369" y="-313.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="#008b00">9</text>
</g>
<!-- udp_inspect -->
<g id="node5" class="node"><title>udp_inspect</title>
<path fill="none" stroke="black" d="M122,-135C122,-135 232,-135 232,-135 238,-135 244,-141 244,-147 244,-147 244,-159 244,-159 244,-165 238,-171 232,-171 232,-171 122,-171 122,-171 116,-171 110,-165 110,-159 110,-159 110,-147 110,-147 110,-141 116,-135 122,-135"/>
<text text-anchor="middle" x="177" y="-149.3" font-family="Cantarell,sans-serif" font-size="14.00">UDP 封包分析程式</text>
</g>
<!-- netlink_socket->udp_inspect -->
<g id="edge4" class="edge"><title>netlink_socket->udp_inspect</title>
<path fill="none" stroke="black" d="M176.198,-224.614C176.338,-212.24 176.53,-195.369 176.691,-181.22"/>
<polygon fill="black" stroke="black" points="180.192,-181.09 176.806,-171.05 173.193,-181.01 180.192,-181.09"/>
<text text-anchor="start" x="177" y="-195.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="blue">4</text>
</g>
<!-- udp_inspect->nft_filter_prerouting -->
<g id="edge9" class="edge"><title>udp_inspect->nft_filter_prerouting</title>
<path fill="none" stroke="black" d="M244.291,-162.749C317.319,-173.597 427.478,-194.352 457,-224 470.582,-237.641 506.116,-341.495 484,-380 471.33,-402.058 448.732,-417.822 426.537,-428.735"/>
<polygon fill="black" stroke="black" points="425.008,-425.586 417.413,-432.972 427.957,-431.934 425.008,-425.586"/>
<text text-anchor="start" x="489" y="-313.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="blue">7</text>
<text text-anchor="start" x="499" y="-313.3" font-family="Cantarell,sans-serif" font-size="14.00"> Set packet mark + Verdict</text>
</g>
<!-- dns_parser -->
<g id="node6" class="node"><title>dns_parser</title>
<path fill="none" stroke="black" d="M43.5,-17C43.5,-17 126.5,-17 126.5,-17 132.5,-17 138.5,-23 138.5,-29 138.5,-29 138.5,-41 138.5,-41 138.5,-47 132.5,-53 126.5,-53 126.5,-53 43.5,-53 43.5,-53 37.5,-53 31.5,-47 31.5,-41 31.5,-41 31.5,-29 31.5,-29 31.5,-23 37.5,-17 43.5,-17"/>
<text text-anchor="middle" x="85" y="-31.3" font-family="Cantarell,sans-serif" font-size="14.00">DNS 分析函式</text>
</g>
<!-- udp_inspect->dns_parser -->
<g id="edge5" class="edge"><title>udp_inspect->dns_parser</title>
<path fill="none" stroke="black" d="M109.893,-144.152C93.2513,-138.845 77.2605,-130.154 67,-116 55.7546,-100.487 61.3082,-79.1745 69.1056,-62.4476"/>
<polygon fill="black" stroke="black" points="72.3954,-63.7026 73.8457,-53.2074 66.1671,-60.5074 72.3954,-63.7026"/>
<text text-anchor="start" x="67" y="-105.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="blue">5</text>
<text text-anchor="start" x="77" y="-105.3" font-family="Cantarell,sans-serif" font-size="14.00"> packet list</text>
</g>
<!-- hostname_matcher -->
<g id="node7" class="node"><title>hostname_matcher</title>
<path fill="none" stroke="black" d="M188,-17C188,-17 306,-17 306,-17 312,-17 318,-23 318,-29 318,-29 318,-41 318,-41 318,-47 312,-53 306,-53 306,-53 188,-53 188,-53 182,-53 176,-47 176,-41 176,-41 176,-29 176,-29 176,-23 182,-17 188,-17"/>
<text text-anchor="middle" x="247" y="-31.3" font-family="Cantarell,sans-serif" font-size="14.00">Hostname 配對函式</text>
</g>
<!-- udp_inspect->hostname_matcher -->
<g id="edge7" class="edge"><title>udp_inspect->hostname_matcher</title>
<path fill="none" stroke="black" d="M181.262,-134.974C184.274,-124.5 188.868,-111.019 195,-100 202.73,-86.108 213.538,-72.2257 223.3,-60.9586"/>
<polygon fill="black" stroke="black" points="226.125,-63.0488 230.164,-53.2539 220.898,-58.3925 226.125,-63.0488"/>
<text text-anchor="start" x="195" y="-105.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="blue">6</text>
<text text-anchor="start" x="205" y="-105.3" font-family="Cantarell,sans-serif" font-size="14.00"> hostname</text>
</g>
<!-- dns_parser->udp_inspect -->
<g id="edge6" class="edge"><title>dns_parser->udp_inspect</title>
<path fill="none" stroke="black" d="M103.898,-53.129C116.883,-65.4419 134.048,-82.835 147,-100 153.085,-108.065 158.864,-117.478 163.695,-126.062"/>
<polygon fill="black" stroke="black" points="160.678,-127.841 168.535,-134.948 166.825,-124.492 160.678,-127.841"/>
</g>
<!-- hostname_matcher->udp_inspect -->
<g id="edge8" class="edge"><title>hostname_matcher->udp_inspect</title>
<path fill="none" stroke="black" d="M260.491,-53.2298C272.156,-70.3808 285.228,-96.841 272,-116 267.102,-123.094 260.612,-128.791 253.315,-133.367"/>
<polygon fill="black" stroke="black" points="251.514,-130.363 244.427,-138.239 254.878,-136.501 251.514,-130.363"/>
</g>
<!-- pkt_in -->
<g id="node8" class="node"><title>pkt_in</title>
<path fill="none" stroke="black" d="M297,-551C297,-551 431,-551 431,-551 437,-551 443,-557 443,-563 443,-563 443,-575 443,-575 443,-581 437,-587 431,-587 431,-587 297,-587 297,-587 291,-587 285,-581 285,-575 285,-575 285,-563 285,-563 285,-557 291,-551 297,-551"/>
<text text-anchor="middle" x="364" y="-565.3" font-family="Cantarell,sans-serif" font-size="14.00">DNS request 封包輸入</text>
</g>
<!-- pkt_in->nft_filter_prerouting -->
<g id="edge1" class="edge"><title>pkt_in->nft_filter_prerouting</title>
<path fill="none" stroke="black" d="M364,-550.884C364,-532.036 364,-501.469 364,-479.304"/>
<polygon fill="black" stroke="black" points="367.5,-479.186 364,-469.186 360.5,-479.186 367.5,-479.186"/>
<text text-anchor="start" x="364" y="-521.3" font-family="Cantarell,sans-serif" font-weight="bold" font-size="14.00" fill="red">1</text>
</g>
</g>
</svg>
|
