.github/workflows/docker.yml

@@ -1,30 +0,0 @@
-name: Docker image build
-
-on:
-  push:
-    paths-ignore:
-      - '**.md'
-
-jobs:
-  build:
-    runs-on: ubuntu-22.04
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: linux/amd64
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build Docker Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: docker/Dockerfile
-          tags: phantun
-          platforms: linux/amd64

.github/workflows/release.yml

@@ -25,9 +25,13 @@ jobs:
           - arm-unknown-linux-musleabihf
           - aarch64-unknown-linux-gnu
           - aarch64-unknown-linux-musl
+          - mips-unknown-linux-gnu
+          #- mips-unknown-linux-musl # currently does not build due to libc::sock_txtime not found, need a newer release of libc
+          - mipsel-unknown-linux-gnu
+          #- mipsel-unknown-linux-musl
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
@@ -46,7 +50,7 @@ jobs:
           zip phantun_${{ matrix.target }}.zip phantun_client phantun_server
 
       - name: Upload Github Assets
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
         with:
           files: target/${{ matrix.target }}/release/*.zip
           prerelease: ${{ contains(github.ref, '-') }}

.github/workflows/rust.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
     - uses: actions-rs/toolchain@v1
       with:
         toolchain: stable

.gitignore

@@ -1 +1,2 @@
 /target
+Cargo.lock

Cargo.toml

@@ -1,7 +1,5 @@
 [workspace]
 
-resolver = "2"
-
 members = [
     "fake-tcp",
     "phantun",

LICENSE-APACHE

@@ -186,7 +186,7 @@ APPENDIX: How to apply the Apache License to your work.
    same "printed page" as the copyright notice for easier
    identification within third-party archives.
 
-Copyright 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright 2021-2022 Datong Sun (dndx@idndx.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

LICENSE-MIT

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright (c) 2021-2022 Datong Sun (dndx@idndx.com)
 
 Permission is hereby granted, free of charge, to any
 person obtaining a copy of this software and associated

README.md

@@ -2,7 +2,7 @@
 
 A lightweight and fast UDP to TCP obfuscator.
 
-![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/dndx/phantun/rust.yml)
+![GitHub Workflow Status](https://img.shields.io/github/workflow/status/dndx/phantun/Rust?style=flat-square)
 ![docs.rs](https://img.shields.io/docsrs/fake-tcp)
 
 Table of Contents
@@ -35,7 +35,7 @@ Table of Contents
 
 # Latest release
 
-[v0.7.0](https://github.com/dndx/phantun/releases/tag/v0.7.0)
+[v0.4.2](https://github.com/dndx/phantun/releases/tag/v0.4.2)
 
 # Overview
 
@@ -262,7 +262,7 @@ is the following (using IPv4 below as an example):
 Note that Phantun does not add any additional header other than IP and TCP headers in order to pass through
 stateful packet inspection!
 
-Phantun's additional overhead: `12 bytes`. In other words, when using Phantun, the usable payload for
+Phantun's additional overhead: `12 bytes`. I other words, when using Phantun, the usable payload for
 UDP packet is reduced by 12 bytes. This is the minimum overhead possible when doing such kind
 of obfuscation.
 
@@ -329,8 +329,6 @@ Test command: `iperf3 -c <IP> -p <PORT> -R -u -l 1400 -b 1000m -t 30 -P 5`
 | Phantun (5 streams)                                                             | 5.00 Gbits/sec | 2.38 Gbits/sec | 95% (all cores utilized)                            |
 | udp2raw (`cipher-mode=none` `auth-mode=none` `disable-anti-replay`) (5 streams) | 5.00 Gbits/sec | 770 Mbits/sec  | 50% (2 cores at 100%)                               |
 
-Writeup on some of the techniques used in Phantun to achieve this performance result: [Writing Highly Efficient UDP Server in Rust](https://idndx.com/writing-highly-efficient-udp-server-in-rust/).
-
 [Back to TOC](#table-of-contents)
 
 # Future plans
@@ -368,7 +366,7 @@ Here is a quick overview of comparison between those two to help you choose:
 
 # License
 
-Copyright 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright 2021-2022 Datong Sun (dndx@idndx.com)
 
 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
 [https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)> or the MIT license

docker/.dockerignore

@@ -1,2 +0,0 @@
-README.md
-docker-compose.yml

docker/Dockerfile

@@ -1,33 +0,0 @@
-#
-# Dockerfile for phantun
-#
-
-#
-# Build stage
-#
-FROM rust:latest AS builder
-
-COPY . /phantun
-
-RUN cd phantun \
-  && cargo build --release \
-  && strip target/release/server target/release/client \
-  && install target/release/server /usr/local/bin/phantun-server \
-  && install target/release/client /usr/local/bin/phantun-client \
-  && cd - \
-  && rm -r phantun
-
-#
-# Runtime stage
-#
-FROM debian:latest
-
-COPY --from=builder /usr/local/bin/phantun-server /usr/local/bin/
-COPY --from=builder /usr/local/bin/phantun-client /usr/local/bin/
-COPY docker/phantun.sh /usr/local/bin/
-
-ENV USE_IPTABLES_NFT_BACKEND=0
-ENV RUST_LOG=INFO
-
-ENTRYPOINT ["phantun.sh"]
-CMD ["phantun-server", "--help"]

docker/README.md

@@ -1,11 +0,0 @@
-# phantun (docker)
-
-## Build
-
-```sh
-docker build -t phantun -f docker/Dockerfile .
-```
-
-## Usage
-
-It is recommended to use docker-compose, see [docker-compose.yml](docker-compose.yml) for details.

docker/docker-compose.yml

@@ -1,26 +0,0 @@
-version: '3.9'
-
-services:
-  phantun-server:
-    image: phantun
-    container_name: phantun-server
-    restart: unless-stopped
-    network_mode: host
-    privileged: true
-    environment:
-      USE_IPTABLES_NFT_BACKEND: 0
-      RUST_LOG: INFO
-    command: >
-      phantun-server --local 1985 --remote 127.0.0.1:1984 --ipv4-only
-
-  phantun-client:
-    image: phantun
-    container_name: phantun-client
-    restart: unless-stopped
-    network_mode: host
-    privileged: true
-    environment:
-      USE_IPTABLES_NFT_BACKEND: 0
-      RUST_LOG: INFO
-    command: >
-      phantun-client --local 127.0.0.1:1984 --remote 11.22.33.44:1985 --ipv4-only

docker/phantun.sh

@@ -1,209 +0,0 @@
-#!/bin/sh
-
-# alias ​​settings must be global, and must be defined before the function being called with the alias
-if [ "$USE_IPTABLES_NFT_BACKEND" = 1 ]; then
-  alias iptables=iptables-nft
-  alias iptables-save=iptables-nft-save
-  alias ip6tables=ip6tables-nft
-  alias ip6tables-save=ip6tables-nft-save
-fi
-
-info() {
-  local green='\e[0;32m'
-  local clear='\e[0m'
-  local time=$(date '+%Y-%m-%d %T')
-  printf "${green}[${time}] [INFO]: ${clear}%s\n" "$*"
-}
-
-warn() {
-  local yellow='\e[1;33m'
-  local clear='\e[0m'
-  local time=$(date '+%Y-%m-%d %T')
-  printf "${yellow}[${time}] [WARN]: ${clear}%s\n" "$*" >&2
-}
-
-error() {
-  local red='\e[0;31m'
-  local clear='\e[0m'
-  local time=$(date '+%Y-%m-%d %T')
-  printf "${red}[${time}] [ERROR]: ${clear}%s\n" "$*" >&2
-}
-
-_get_default_iface() {
-  ip -4 route show default | awk -F 'dev' '{print $2}' | awk '{print $1}'
-}
-
-_get_default6_iface() {
-  ip -6 route show default | awk -F 'dev' '{print $2}' | awk '{print $1}'
-}
-
-_get_addr_by_iface() {
-  ip -4 addr show dev "$1" | grep -w "inet" | awk '{print $2}' | awk -F '/' '{print $1}' | head -1
-}
-
-_get_addr6_by_iface() {
-  ip -6 addr show dev "$1" | grep -w "inet6" | awk '{print $2}' | awk -F '/' '{print $1}' | head -1
-}
-
-_check_rule_by_comment() {
-  iptables-save | grep -q "$1"
-}
-
-_check_rule6_by_comment() {
-  ip6tables-save | grep -q "$1"
-}
-
-_is_server_mode() {
-  [ "$1" = "phantun-server" ]
-}
-
-_is_ipv4_only() {
-  case "$@" in
-    *-4*|*--ipv4-only*)
-      return 0
-      ;;
-    *\ -4*|*\ --ipv4-only*)
-      return 0
-      ;;
-  esac
-  return 1
-}
-
-_get_tun_from_args() {
-  local tun=$(echo "$@" | awk -F '--tun' '{print $2}' | awk '{print $1}')
-  echo ${tun:=tun0}
-}
-
-_get_peer_from_args() {
-  local peer=$(echo "$@" | awk -F '--tun-peer' '{print $2}' | awk '{print $1}')
-  _is_server_mode "$1" && echo ${peer:=192.168.201.2} || echo ${peer:=192.168.200.2}
-}
-
-_get_peer6_from_args() {
-  local peer=$(echo "$@" | awk -F '--tun-peer6' '{print $2}' | awk '{print $1}')
-  _is_server_mode "$1" && echo ${peer:=fcc9::2} || echo ${peer:=fcc8::2}
-}
-
-_get_port_from_args() {
-  local value=$(echo "$@" | awk -F '-l|--local' '{print $2}' | awk '{print $1}')
-  _is_server_mode "$1" && echo $value || echo $value | awk -F ':' '{print $2}'
-}
-
-_iptables() {
-  iptables -w 10 "$@"
-}
-
-_ip6tables() {
-  ip6tables -w 10 "$@"
-}
-
-apply_sysctl() {
-  info "apply sysctl: $(sysctl -w net.ipv4.ip_forward=1)"
-  ! _is_ipv4_only "$@" || return
-  info "apply sysctl: $(sysctl -w net.ipv6.conf.all.forwarding=1)"
-}
-
-apply_iptables() {
-  local interface=$(_get_default_iface)
-  local address=$(_get_addr_by_iface "${interface}")
-  local tun=$(_get_tun_from_args "$@")
-  local peer=$(_get_peer_from_args "$@")
-  local port=$(_get_port_from_args "$@")
-  local comment="phantun_${tun}_${port}"
-
-  if _check_rule_by_comment "${comment}"; then
-    warn "iptables rules already exist, maybe needs to check."
-  else
-    _iptables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}" || error "iptables filter rule add failed."
-    _iptables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}" || error "iptables filter rule add failed."
-    if _is_server_mode "$1"; then
-      info "iptables DNAT rule added: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
-      _iptables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
-        -m comment --comment "${comment}" || error "iptables DNAT rule add failed."
-    else
-      info "iptables SNAT rule added: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
-      _iptables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
-        -m comment --comment "${comment}" || error "iptables SNAT rule add failed."
-    fi
-  fi
-}
-
-apply_ip6tables() {
-  ! _is_ipv4_only "$@" || return
-
-  local interface=$(_get_default6_iface)
-  local address=$(_get_addr6_by_iface "${interface}")
-  local tun=$(_get_tun_from_args "$@")
-  local peer=$(_get_peer6_from_args "$@")
-  local port=$(_get_port_from_args "$@")
-  local comment="phantun_${tun}_${port}"
-
-  if _check_rule6_by_comment "${comment}"; then
-    warn "ip6tables rules already exist, maybe needs to check."
-  else
-    _ip6tables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}" || error "ip6tables filter rule add failed."
-    _ip6tables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}" || error "ip6tables filter rule add failed."
-    if _is_server_mode "$1"; then
-      info "ip6tables DNAT rule added: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
-      _ip6tables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
-        -m comment --comment "${comment}" || error "ip6tables DNAT rule add failed."
-    else
-      info "ip6tables SNAT rule added: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
-      _ip6tables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
-        -m comment --comment "${comment}" || error "ip6tables SNAT rule add failed."
-    fi
-  fi
-}
-
-stop_process() {
-  kill $(pidof phantun-server phantun-client)
-  info "terminate phantun process."
-}
-
-revoke_iptables() {
-  local tun=$(_get_tun_from_args "$@")
-  local port=$(_get_port_from_args "$@")
-  local comment="phantun_${tun}_${port}"
-
-  iptables-save -t filter | grep "${comment}" | while read rule; do
-    _iptables -t filter ${rule/-A/-D} || error "iptables filter rule remove failed."
-  done
-  iptables-save -t nat | grep "${comment}" | while read rule; do
-    _iptables -t nat ${rule/-A/-D} || error "iptables nat rule remove failed."
-  done
-  info "iptables rule: [${comment}] removed."
-}
-
-revoke_ip6tables() {
-  ! _is_ipv4_only "$@" || return
-
-  local tun=$(_get_tun_from_args "$@")
-  local port=$(_get_port_from_args "$@")
-  local comment="phantun_${tun}_${port}"
-
-  ip6tables-save -t filter | grep "${comment}" | while read rule; do
-    _ip6tables -t filter ${rule/-A/-D} || error "ip6tables filter rule remove failed."
-  done
-  ip6tables-save -t nat | grep "${comment}" | while read rule; do
-    _ip6tables -t nat ${rule/-A/-D} || error "ip6tables nat rule remove failed."
-  done
-  info "ip6tables rule: [${comment}] removed."
-}
-
-graceful_stop() {
-  warn "caught SIGTERM or SIGINT signal, graceful stopping..."
-  stop_process
-  revoke_iptables "$@"
-  revoke_ip6tables "$@"
-}
-
-start_phantun() {
-  trap 'graceful_stop "$@"' SIGTERM SIGINT
-  apply_sysctl "$@"
-  apply_iptables "$@"
-  apply_ip6tables "$@"
-  "$@" &
-  wait
-}
-
-start_phantun "$@"

fake-tcp/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "fake-tcp"
-version = "0.6.0"
+version = "0.4.0"
 edition = "2021"
 authors = ["Datong Sun <dndx@idndx.com>"]
 license = "MIT OR Apache-2.0"
@@ -16,10 +16,10 @@ benchmark = []
 
 [dependencies]
 bytes = "1"
-pnet = "0"
+pnet = "0.30"
-tokio = { version = "1", features = ["full"] }
+tokio = { version = "1.14", features = ["full"] }
-rand = { version = "0", features = ["small_rng"] }
+rand = { version = "0.8", features = ["small_rng"] }
-log = "0"
+log = "0.4"
-internet-checksum = "0"
+internet-checksum = "0.2"
-tokio-tun = "0"
+tokio-tun = "0.5"
-flume = "0"
+flume = "0.10"

fake-tcp/LICENSE-APACHE

@@ -186,7 +186,7 @@ APPENDIX: How to apply the Apache License to your work.
    same "printed page" as the copyright notice for easier
    identification within third-party archives.
 
-Copyright 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright 2021-2022 Datong Sun (dndx@idndx.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

fake-tcp/LICENSE-MIT

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright (c) 2021-2022 Datong Sun (dndx@idndx.com)
 
 Permission is hereby granted, free of charge, to any
 person obtaining a copy of this software and associated

fake-tcp/src/lib.rs

@@ -50,10 +50,8 @@ use rand::prelude::*;
 use std::collections::{HashMap, HashSet};
 use std::fmt;
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
-use std::sync::{
+use std::sync::atomic::{AtomicU32, Ordering};
-    atomic::{AtomicU32, Ordering},
+use std::sync::{Arc, RwLock};
-    Arc, RwLock,
-};
 use tokio::sync::broadcast;
 use tokio::sync::mpsc;
 use tokio::time;
@@ -148,7 +146,7 @@ impl Socket {
         )
     }
 
-    fn build_tcp_packet(&self, flags: u8, payload: Option<&[u8]>) -> Bytes {
+    fn build_tcp_packet(&self, flags: u16, payload: Option<&[u8]>) -> Bytes {
         let ack = self.ack.load(Ordering::Relaxed);
         self.last_ack.store(ack, Ordering::Relaxed);
 
@@ -402,8 +400,8 @@ impl Stack {
     /// Connects to the remote end. `None` returned means
     /// the connection attempt failed.
     pub async fn connect(&mut self, addr: SocketAddr) -> Option<Socket> {
-        let mut rng = SmallRng::from_os_rng();
+        let mut rng = SmallRng::from_entropy();
-        for local_port in rng.random_range(32768..=60999)..=60999 {
+        let local_port: u16 = rng.gen_range(1024..65535);
         let local_addr = SocketAddr::new(
             if addr.is_ipv4() {
                 IpAddr::V4(self.local_ip)
@@ -413,20 +411,7 @@ impl Stack {
             local_port,
         );
         let tuple = AddrTuple::new(local_addr, addr);
-            let mut sock;
+        let (mut sock, incoming) = Socket::new(
-
-            {
-                let mut tuples = self.shared.tuples.write().unwrap();
-                if tuples.contains_key(&tuple) {
-                    trace!(
-                        "Fake TCP connection to {}, local port number {} already in use, trying another one",
-                        addr, local_port
-                    );
-                    continue;
-                }
-
-                let incoming;
-                (sock, incoming) = Socket::new(
             self.shared.clone(),
             self.shared.tun.choose(&mut rng).unwrap().clone(),
             local_addr,
@@ -435,17 +420,12 @@ impl Stack {
             State::Idle,
         );
 
-                assert!(tuples.insert(tuple, incoming).is_none());
+        {
+            let mut tuples = self.shared.tuples.write().unwrap();
+            assert!(tuples.insert(tuple, incoming.clone()).is_none());
         }
 
-            return sock.connect().await.map(|_| sock);
+        sock.connect().await.map(|_| sock)
-        }
-
-        error!(
-            "Fake TCP connection to {} failed, emphemeral port number exhausted",
-            addr
-        );
-        None
     }
 
     async fn reader_task(
@@ -456,7 +436,8 @@ impl Stack {
         let mut tuples: HashMap<AddrTuple, flume::Sender<Bytes>> = HashMap::new();
 
         loop {
-            let mut buf = BytesMut::zeroed(MAX_PACKET_LEN);
+            let mut buf = BytesMut::with_capacity(MAX_PACKET_LEN);
+            buf.resize(MAX_PACKET_LEN, 0);
 
             tokio::select! {
                 size = tun.recv(&mut buf) => {

fake-tcp/src/packet.rs

@@ -15,7 +15,7 @@ pub enum IPPacket<'p> {
     V6(ipv6::Ipv6Packet<'p>),
 }
 
-impl IPPacket<'_> {
+impl<'a> IPPacket<'a> {
     pub fn get_source(&self) -> IpAddr {
         match self {
             IPPacket::V4(p) => IpAddr::V4(p.get_source()),
@@ -36,7 +36,7 @@ pub fn build_tcp_packet(
     remote_addr: SocketAddr,
     seq: u32,
     ack: u32,
-    flags: u8,
+    flags: u16,
     payload: Option<&[u8]>,
 ) -> Bytes {
     let ip_header_len = match local_addr {
@@ -47,7 +47,8 @@ pub fn build_tcp_packet(
     let tcp_header_len = TCP_HEADER_LEN + if wscale { 4 } else { 0 }; // nop + wscale
     let tcp_total_len = tcp_header_len + payload.map_or(0, |payload| payload.len());
     let total_len = ip_header_len + tcp_total_len;
-    let mut buf = BytesMut::zeroed(total_len);
+    let mut buf = BytesMut::with_capacity(total_len);
+    buf.resize(total_len, 0);
 
     let mut ip_buf = buf.split_to(ip_header_len);
     let mut tcp_buf = buf.split_to(tcp_total_len);

phantun/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "phantun"
-version = "0.7.0"
+version = "0.5.0"
 edition = "2021"
 authors = ["Datong Sun <dndx@idndx.com>"]
 license = "MIT OR Apache-2.0"
@@ -11,14 +11,14 @@ Transforms UDP stream into (fake) TCP streams that can go through
 Layer 3 & Layer 4 (NAPT) firewalls/NATs.
 """
 [dependencies]
-clap = { version = "4", features = ["cargo"] }
+clap = { version = "3.0", features = ["cargo"] }
-socket2 = { version = "0", features = ["all"] }
+socket2 = { version = "0.4", features = ["all"] }
-fake-tcp = { path = "../fake-tcp", version = "0" }
+fake-tcp = { path = "../fake-tcp", version = "0.4" }
-tokio = { version = "1", features = ["full"] }
+tokio = { version = "1.14", features = ["full"] }
-tokio-util = "0"
+tokio-util = "0.7"
-log = "0"
+log = "0.4"
-pretty_env_logger = "0"
+pretty_env_logger = "0.4"
-tokio-tun = "0"
+tokio-tun = "0.5"
-num_cpus = "1"
+num_cpus = "1.13"
-neli = "0"
+neli = "0.6"
-nix = { version = "0", features = ["net"] }
+nix = "0.24"

phantun/LICENSE-APACHE

@@ -186,7 +186,7 @@ APPENDIX: How to apply the Apache License to your work.
    same "printed page" as the copyright notice for easier
    identification within third-party archives.
 
-Copyright 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright 2021-2022 Datong Sun (dndx@idndx.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

phantun/LICENSE-MIT

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2024 Datong Sun (dndx@idndx.com)
+Copyright (c) 2021-2022 Datong Sun (dndx@idndx.com)
 
 Permission is hereby granted, free of charge, to any
 person obtaining a copy of this software and associated

phantun/src/bin/client.rs

@@ -1,4 +1,4 @@
-use clap::{crate_version, Arg, ArgAction, Command};
+use clap::{crate_version, Arg, Command};
 use fake_tcp::packet::MAX_PACKET_LEN;
 use fake_tcp::{Socket, Stack};
 use log::{debug, error, info};
@@ -29,6 +29,7 @@ async fn main() -> io::Result<()> {
                 .required(true)
                 .value_name("IP:PORT")
                 .help("Sets the IP and port where Phantun Client listens for incoming UDP datagrams, IPv6 address need to be specified as: \"[IPv6]:PORT\"")
+                .takes_value(true),
         )
         .arg(
             Arg::new("remote")
@@ -37,6 +38,7 @@ async fn main() -> io::Result<()> {
                 .required(true)
                 .value_name("IP or HOST NAME:PORT")
                 .help("Sets the address or host name and port where Phantun Client connects to Phantun Server, IPv6 address need to be specified as: \"[IPv6]:PORT\"")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun")
@@ -45,6 +47,7 @@ async fn main() -> io::Result<()> {
                 .value_name("tunX")
                 .help("Sets the Tun interface name, if absent, pick the next available name")
                 .default_value("")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_local")
@@ -53,6 +56,7 @@ async fn main() -> io::Result<()> {
                 .value_name("IP")
                 .help("Sets the Tun interface IPv4 local address (O/S's end)")
                 .default_value("192.168.200.1")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_peer")
@@ -63,6 +67,7 @@ async fn main() -> io::Result<()> {
                        You will need to setup SNAT/MASQUERADE rules on your Internet facing interface \
                        in order for Phantun Client to connect to Phantun Server")
                 .default_value("192.168.200.2")
+                .takes_value(true),
         )
         .arg(
             Arg::new("ipv4_only")
@@ -70,8 +75,8 @@ async fn main() -> io::Result<()> {
                 .short('4')
                 .required(false)
                 .help("Only use IPv4 address when connecting to remote")
-                .action(ArgAction::SetTrue)
+                .takes_value(false)
-                .conflicts_with_all(["tun_local6", "tun_peer6"]),
+                .conflicts_with_all(&["tun_local6", "tun_peer6"]),
         )
         .arg(
             Arg::new("tun_local6")
@@ -80,6 +85,7 @@ async fn main() -> io::Result<()> {
                 .value_name("IP")
                 .help("Sets the Tun interface IPv6 local address (O/S's end)")
                 .default_value("fcc8::1")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_peer6")
@@ -90,6 +96,7 @@ async fn main() -> io::Result<()> {
                        You will need to setup SNAT/MASQUERADE rules on your Internet facing interface \
                        in order for Phantun Client to connect to Phantun Server")
                 .default_value("fcc8::2")
+                .takes_value(true),
         )
         .arg(
             Arg::new("handshake_packet")
@@ -100,18 +107,19 @@ async fn main() -> io::Result<()> {
                       first data packet to the server.\n\
                       Note: ensure this file's size does not exceed the MTU of the outgoing interface. \
                       The content is always sent out in a single packet and will not be further segmented")
+                .takes_value(true),
         )
         .get_matches();
 
     let local_addr: SocketAddr = matches
-        .get_one::<String>("local")
+        .value_of("local")
         .unwrap()
         .parse()
         .expect("bad local address");
 
-    let ipv4_only = matches.get_flag("ipv4_only");
+    let ipv4_only = matches.is_present("ipv4_only");
 
-    let remote_addr = tokio::net::lookup_host(matches.get_one::<String>("remote").unwrap())
+    let remote_addr = tokio::net::lookup_host(matches.value_of("remote").unwrap())
         .await
         .expect("bad remote address or host")
         .find(|addr| !ipv4_only || addr.is_ipv4())
@@ -119,32 +127,32 @@ async fn main() -> io::Result<()> {
     info!("Remote address is: {}", remote_addr);
 
     let tun_local: Ipv4Addr = matches
-        .get_one::<String>("tun_local")
+        .value_of("tun_local")
         .unwrap()
         .parse()
         .expect("bad local address for Tun interface");
     let tun_peer: Ipv4Addr = matches
-        .get_one::<String>("tun_peer")
+        .value_of("tun_peer")
         .unwrap()
         .parse()
         .expect("bad peer address for Tun interface");
 
-    let (tun_local6, tun_peer6) = if matches.get_flag("ipv4_only") {
+    let (tun_local6, tun_peer6) = if ipv4_only {
         (None, None)
     } else {
         (
             matches
-                .get_one::<String>("tun_local6")
+                .value_of("tun_local6")
                 .map(|v| v.parse().expect("bad local address for Tun interface")),
             matches
-                .get_one::<String>("tun_peer6")
+                .value_of("tun_peer6")
                 .map(|v| v.parse().expect("bad peer address for Tun interface")),
         )
     };
 
-    let tun_name = matches.get_one::<String>("tun").unwrap();
+    let tun_name = matches.value_of("tun").unwrap();
     let handshake_packet: Option<Vec<u8>> = matches
-        .get_one::<String>("handshake_packet")
+        .value_of("handshake_packet")
         .map(fs::read)
         .transpose()?;
 
@@ -153,11 +161,12 @@ async fn main() -> io::Result<()> {
 
     let tun = TunBuilder::new()
         .name(tun_name) // if name is empty, then it is set by kernel.
+        .tap(false) // false (default): TUN, true: TAP.
+        .packet_info(false) // false: IFF_NO_PI, default is true.
         .up() // or set it up manually using `sudo ip link set <tun-name> up`.
         .address(tun_local)
         .destination(tun_peer)
-        .queues(num_cpus)
+        .try_build_mq(num_cpus)
-        .build()
         .unwrap();
 
     if remote_addr.is_ipv6() {

phantun/src/bin/server.rs

@@ -1,4 +1,4 @@
-use clap::{crate_version, Arg, ArgAction, Command};
+use clap::{crate_version, Arg, Command};
 use fake_tcp::packet::MAX_PACKET_LEN;
 use fake_tcp::Stack;
 use log::{debug, error, info};
@@ -29,6 +29,7 @@ async fn main() -> io::Result<()> {
                 .required(true)
                 .value_name("PORT")
                 .help("Sets the port where Phantun Server listens for incoming Phantun Client TCP connections")
+                .takes_value(true),
         )
         .arg(
             Arg::new("remote")
@@ -37,6 +38,7 @@ async fn main() -> io::Result<()> {
                 .required(true)
                 .value_name("IP or HOST NAME:PORT")
                 .help("Sets the address or host name and port where Phantun Server forwards UDP packets to, IPv6 address need to be specified as: \"[IPv6]:PORT\"")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun")
@@ -45,6 +47,7 @@ async fn main() -> io::Result<()> {
                 .value_name("tunX")
                 .help("Sets the Tun interface name, if absent, pick the next available name")
                 .default_value("")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_local")
@@ -53,6 +56,7 @@ async fn main() -> io::Result<()> {
                 .value_name("IP")
                 .help("Sets the Tun interface local address (O/S's end)")
                 .default_value("192.168.201.1")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_peer")
@@ -63,6 +67,7 @@ async fn main() -> io::Result<()> {
                        You will need to setup DNAT rules to this address in order for Phantun Server \
                        to accept TCP traffic from Phantun Client")
                 .default_value("192.168.201.2")
+                .takes_value(true),
         )
         .arg(
             Arg::new("ipv4_only")
@@ -70,8 +75,8 @@ async fn main() -> io::Result<()> {
                 .short('4')
                 .required(false)
                 .help("Do not assign IPv6 addresses to Tun interface")
-                .action(ArgAction::SetTrue)
+                .takes_value(false)
-                .conflicts_with_all(["tun_local6", "tun_peer6"]),
+                .conflicts_with_all(&["tun_local6", "tun_peer6"]),
         )
         .arg(
             Arg::new("tun_local6")
@@ -80,6 +85,7 @@ async fn main() -> io::Result<()> {
                 .value_name("IP")
                 .help("Sets the Tun interface IPv6 local address (O/S's end)")
                 .default_value("fcc9::1")
+                .takes_value(true),
         )
         .arg(
             Arg::new("tun_peer6")
@@ -90,6 +96,7 @@ async fn main() -> io::Result<()> {
                        You will need to setup SNAT/MASQUERADE rules on your Internet facing interface \
                        in order for Phantun Client to connect to Phantun Server")
                 .default_value("fcc9::2")
+                .takes_value(true),
         )
         .arg(
             Arg::new("handshake_packet")
@@ -100,50 +107,50 @@ async fn main() -> io::Result<()> {
                       first data packet to the client.\n\
                       Note: ensure this file's size does not exceed the MTU of the outgoing interface. \
                       The content is always sent out in a single packet and will not be further segmented")
+                .takes_value(true),
         )
         .get_matches();
 
     let local_port: u16 = matches
-        .get_one::<String>("local")
+        .value_of("local")
         .unwrap()
         .parse()
         .expect("bad local port");
 
-    let remote_addr = tokio::net::lookup_host(matches.get_one::<String>("remote").unwrap())
+    let remote_addr = tokio::net::lookup_host(matches.value_of("remote").unwrap())
         .await
         .expect("bad remote address or host")
         .next()
         .expect("unable to resolve remote host name");
-
     info!("Remote address is: {}", remote_addr);
 
     let tun_local: Ipv4Addr = matches
-        .get_one::<String>("tun_local")
+        .value_of("tun_local")
         .unwrap()
         .parse()
         .expect("bad local address for Tun interface");
     let tun_peer: Ipv4Addr = matches
-        .get_one::<String>("tun_peer")
+        .value_of("tun_peer")
         .unwrap()
         .parse()
         .expect("bad peer address for Tun interface");
 
-    let (tun_local6, tun_peer6) = if matches.get_flag("ipv4_only") {
+    let (tun_local6, tun_peer6) = if matches.is_present("ipv4_only") {
         (None, None)
     } else {
         (
             matches
-                .get_one::<String>("tun_local6")
+                .value_of("tun_local6")
                 .map(|v| v.parse().expect("bad local address for Tun interface")),
             matches
-                .get_one::<String>("tun_peer6")
+                .value_of("tun_peer6")
                 .map(|v| v.parse().expect("bad peer address for Tun interface")),
         )
     };
 
-    let tun_name = matches.get_one::<String>("tun").unwrap();
+    let tun_name = matches.value_of("tun").unwrap();
     let handshake_packet: Option<Vec<u8>> = matches
-        .get_one::<String>("handshake_packet")
+        .value_of("handshake_packet")
         .map(fs::read)
         .transpose()?;
 
@@ -152,11 +159,12 @@ async fn main() -> io::Result<()> {
 
     let tun = TunBuilder::new()
         .name(tun_name) // if name is empty, then it is set by kernel.
+        .tap(false) // false (default): TUN, true: TAP.
+        .packet_info(false) // false: IFF_NO_PI, default is true.
         .up() // or set it up manually using `sudo ip link set <tun-name> up`.
         .address(tun_local)
         .destination(tun_peer)
-        .queues(num_cpus)
+        .try_build_mq(num_cpus)
-        .build()
         .unwrap();
 
     if let (Some(tun_local6), Some(tun_peer6)) = (tun_local6, tun_peer6) {