From d1c88bbc0755d0f1d78f01ced0a617140f90a9dd Mon Sep 17 00:00:00 2001 From: wangyu- Date: Fri, 27 Oct 2017 04:58:20 -0500 Subject: [PATCH] implemented connection reject --- common.cpp | 4 +- common.h | 21 ++++++-- misc.cpp | 3 ++ misc.h | 2 + packet.cpp | 45 ++++++++++++---- packet.h | 1 - tun_dev.cpp | 152 +++++++++++++++++++++++++++++++++++++++++++++------- tunnel.cpp | 22 +++++--- 8 files changed, 207 insertions(+), 43 deletions(-) diff --git a/common.cpp b/common.cpp index a30823d..eccd4d8 100644 --- a/common.cpp +++ b/common.cpp @@ -15,7 +15,7 @@ int about_to_exit=0; raw_mode_t raw_mode=mode_faketcp; unordered_map raw_mode_tostring = {{mode_faketcp, "faketcp"}, {mode_udp, "udp"}, {mode_icmp, "icmp"}}; -int delay_capacity=0; + //static int random_number_fd=-1; char iptables_rule[200]=""; //int is_client = 0, is_server = 0; @@ -26,6 +26,8 @@ working_mode_t working_mode=tunnel_mode; int socket_buf_size=1024*1024; + + struct random_fd_t { int random_number_fd; diff --git a/common.h b/common.h index cb6d40d..b1314fd 100644 --- a/common.h +++ b/common.h @@ -121,9 +121,9 @@ extern unordered_map raw_mode_tostring ; enum working_mode_t {unset_working_mode=0,tunnel_mode,tun_dev_mode}; extern working_mode_t working_mode; -extern int delay_capacity; extern int socket_buf_size; + typedef u32_t id_t; typedef u64_t iv_t; @@ -134,8 +134,8 @@ typedef u64_t anti_replay_seq_t; typedef u64_t fd64_t; -enum dest_type{none=0,type_ip_port,type_fd64,type_ip_port_conv,type_fd64_conv/*,type_fd*/}; - +//enum dest_type{none=0,type_fd64_ip_port,type_fd64,type_fd64_ip_port_conv,type_fd64_conv/*,type_fd*/}; +enum dest_type{none=0,type_fd64_ip_port,type_fd64,type_fd,type_fd_ip_port/*,type_fd*/}; struct ip_port_t { @@ -146,11 +146,22 @@ struct ip_port_t char * to_s(); }; +struct fd64_ip_port_t +{ + fd64_t fd64; + ip_port_t ip_port; +}; +struct fd_ip_port_t +{ + int fd; + ip_port_t ip_port; +}; union inner_t { - ip_port_t ip_port; - //int fd; fd64_t fd64; + int fd; + fd64_ip_port_t fd64_ip_port; + fd_ip_port_t fd_ip_port; }; struct dest_t { diff --git a/misc.cpp b/misc.cpp index 103e384..f02c021 100644 --- a/misc.cpp +++ b/misc.cpp @@ -37,6 +37,9 @@ fd_manager_t fd_manager; int time_mono_test=0; +int delay_capacity=0; + + diff --git a/misc.h b/misc.h index b701dc6..240de1a 100644 --- a/misc.h +++ b/misc.h @@ -44,6 +44,8 @@ extern fd_manager_t fd_manager; extern int time_mono_test; +extern int delay_capacity; + diff --git a/packet.cpp b/packet.cpp index 7f41f3a..d6c0599 100644 --- a/packet.cpp +++ b/packet.cpp @@ -27,7 +27,7 @@ int random_drop=0; char key_string[1000]= ""; -int local_listen_fd=-1; +//int local_listen_fd=-1; void encrypt_0(char * input,int &len,char *key) @@ -162,10 +162,11 @@ int sendto_fd_ip_port (int fd,u32_t ip,int port,char * buf, int len,int flags) (struct sockaddr *) &tmp_sockaddr, sizeof(tmp_sockaddr)); } +/* int sendto_ip_port (u32_t ip,int port,char * buf, int len,int flags) { return sendto_fd_ip_port(local_listen_fd,ip,port,buf,len,flags); -} +}*/ int send_fd (int fd,char * buf, int len,int flags) { @@ -182,17 +183,22 @@ int my_send(const dest_t &dest,char *data,int len) } switch(dest.type) { - case type_ip_port: + case type_fd_ip_port: { - return sendto_ip_port(dest.inner.ip_port.ip,dest.inner.ip_port.port,data,len,0); + return sendto_fd_ip_port(dest.inner.fd,dest.inner.fd_ip_port.ip_port.ip,dest.inner.fd_ip_port.ip_port.port,data,len,0); break; } - case type_ip_port_conv: + case type_fd64_ip_port: { - char *new_data; - int new_len; - put_conv(dest.conv,data,len,new_data,new_len); - return sendto_ip_port(dest.inner.ip_port.ip,dest.inner.ip_port.port,new_data,new_len,0); + if(!fd_manager.exist(dest.inner.fd64)) return -1; + int fd=fd_manager.to_fd(dest.inner.fd64); + + return sendto_fd_ip_port(fd,dest.inner.fd64_ip_port.ip_port.ip,dest.inner.fd64_ip_port.ip_port.port,data,len,0); + break; + } + case type_fd: + { + return send_fd(dest.inner.fd,data,len,0); break; } case type_fd64: @@ -200,9 +206,25 @@ int my_send(const dest_t &dest,char *data,int len) if(!fd_manager.exist(dest.inner.fd64)) return -1; int fd=fd_manager.to_fd(dest.inner.fd64); + return send_fd(fd,data,len,0); break; } + /* + case type_fd64_ip_port_conv: + { + if(!fd_manager.exist(dest.inner.fd64)) return -1; + int fd=fd_manager.to_fd(dest.inner.fd64); + + char *new_data; + int new_len; + + put_conv(dest.conv,data,len,new_data,new_len); + return sendto_fd_ip_port(fd,dest.inner.fd64_ip_port.ip_port.ip,dest.inner.fd64_ip_port.ip_port.port,new_data,new_len,0); + break; + }*/ + + /* case type_fd64_conv: { char *new_data; @@ -212,7 +234,7 @@ int my_send(const dest_t &dest,char *data,int len) if(!fd_manager.exist(dest.inner.fd64)) return -1; int fd=fd_manager.to_fd(dest.inner.fd64); return send_fd(fd,new_data,new_len,0); - } + }*/ /* case type_fd: { @@ -362,3 +384,6 @@ int get_conv(u32_t &conv,const char *input,int len_in,char *&output,int &len_out } return 0; } + + + diff --git a/packet.h b/packet.h index 35d1010..99fb288 100644 --- a/packet.h +++ b/packet.h @@ -21,7 +21,6 @@ extern u64_t dup_packet_recv_count; extern char key_string[1000]; extern int disable_replay_filter; extern int random_drop; -extern int local_listen_fd; extern int disable_obscure; extern int disable_xor; diff --git a/tun_dev.cpp b/tun_dev.cpp index b12fdcf..d2bbb30 100644 --- a/tun_dev.cpp +++ b/tun_dev.cpp @@ -9,6 +9,8 @@ #include "common.h" #include "log.h" #include "misc.h" + + int get_tun_fd(char * dev_name) { int tun_fd=open("/dev/net/tun",O_RDWR); @@ -74,11 +76,34 @@ int set_if(char *if_name,char * local_ip,char * remote_ip,int mtu) return 0; } +//enum tun_header_t {header_reserved=0,header_normal=1,header_new=2,header_reject=3}; +const char header_normal=1; +const char header_new_connect=2; +const char header_reject=3; + +int put_header(char header,char *& data,int &len) +{ + assert(len>=0); + data=data-1; + data[0]=header; + len+=1; + return 0; +} +int get_header(char &header,char *& data,int &len) +{ + assert(len>=0); + if(len<1) return -1; + header=data[0]; + data=data+1; + len-=1; + return 0; +} + int tun_dev_client_event_loop() { - char buf[buf_len+1]; - //char *data=buf+1; + char buf0[buf_len+100]; + char *data=buf0+100; int len; int i,j,k,ret; int epoll_fd,tun_fd; @@ -86,7 +111,6 @@ int tun_dev_client_event_loop() int remote_fd; fd64_t remote_fd64; - tun_fd=get_tun_fd("tun11"); assert(tun_fd>0); @@ -128,6 +152,9 @@ int tun_dev_client_event_loop() //dest.inner.ip_port=dest_ip_port; //dest.cook=1; + + int got_feed_back=0; + while(1)//////////////////////// { @@ -151,24 +178,57 @@ int tun_dev_client_event_loop() { if(events[idx].data.u64==(u64_t)tun_fd) { - len=read(tun_fd,buf,max_data_len); + len=read(tun_fd,data,max_data_len); assert(len>=0); mylog(log_trace,"Received packet from tun,len: %d\n",len); - delay_manager.add(0,dest,buf,len);; + if(got_feed_back==0) + put_header(header_new_connect,data,len); + else + put_header(header_normal,data,len); + + delay_manager.add(0,dest,data,len);; } else if(events[idx].data.u64==(u64_t)remote_fd64) { fd64_t fd64=events[idx].data.u64; int fd=fd_manager.to_fd(fd64); - len=recv(fd,buf,max_data_len,0); + len=recv(fd,data,max_data_len,0); + + if(len<0) + { + mylog(log_warn,"recv return %d,errno=%s\n",len,strerror(errno)); + continue; + } + + char header=0; + if(get_header(header,data,len)!=0) + { + mylog(log_warn,"get_header failed\n"); + continue; + } + if(header==header_reject) + { + mylog(log_fatal,"server switched to handle another client,exit\n"); + myexit(-1); + continue; + } + else if(header==header_normal) + { + got_feed_back=1; + } + else + { + mylog(log_warn,"invalid header\n"); + continue; + } mylog(log_trace,"Received packet from udp,len: %d\n",len); assert(len>=0); - assert(write(tun_fd,buf,len)>0); + assert(write(tun_fd,data,len)>=0); } } delay_manager.check(); @@ -180,16 +240,20 @@ int tun_dev_client_event_loop() int tun_dev_server_event_loop() { - char buf[buf_len+1]; - char *data=buf+1; + char buf0[buf_len+100]; + char *data=buf0+100; int len; int i,j,k,ret; int epoll_fd,tun_fd; + int local_listen_fd; + //fd64_t local_listen_fd64; + tun_fd=get_tun_fd("tun11"); assert(tun_fd>0); assert(new_listen_socket(local_listen_fd,local_ip_uint32,local_port)==0); + // local_listen_fd64=fd_manager.create(local_listen_fd); assert(set_if("tun11","10.0.0.1","10.0.0.2",1000)==0); @@ -222,9 +286,11 @@ int tun_dev_server_event_loop() //ip_port_t dest_ip_port; dest_t dest; - dest.type=type_ip_port; - dest.inner.ip_port.ip=0; - dest.inner.ip_port.port=0; + dest.type=type_fd_ip_port; + + dest.inner.fd_ip_port.fd=local_listen_fd; + dest.inner.fd_ip_port.ip_port.ip=0; + dest.inner.fd_ip_port.ip_port.port=0; //dest.conv=conv; //dest.inner.ip_port=dest_ip_port; //dest.cook=1; @@ -255,36 +321,84 @@ int tun_dev_server_event_loop() { struct sockaddr_in udp_new_addr_in={0}; socklen_t udp_new_addr_len = sizeof(sockaddr_in); - if ((len = recvfrom(local_listen_fd, buf, max_data_len, 0, + if ((len = recvfrom(local_listen_fd, data, max_data_len, 0, (struct sockaddr *) &udp_new_addr_in, &udp_new_addr_len)) == -1) { mylog(log_error,"recv_from error,this shouldnt happen,err=%s,but we can try to continue\n",strerror(errno)); continue; //myexit(1); }; + char header=0; + if(get_header(header,data,len)!=0) + { + mylog(log_warn,"get_header failed\n"); + continue; + } + + if((dest.inner.fd_ip_port.ip_port.ip==udp_new_addr_in.sin_addr.s_addr) && (dest.inner.fd_ip_port.ip_port.port=ntohs(udp_new_addr_in.sin_port))) + { + if(header!=header_new_connect&& header!=header_normal) + { + mylog(log_warn,"invalid header\n"); + continue; + } + } + else + { + if(header==header_new_connect) + { + mylog(log_info,"new connection from %s:%d \n", inet_ntoa(udp_new_addr_in.sin_addr), + ntohs(udp_new_addr_in.sin_port)); + dest.inner.fd_ip_port.ip_port.ip=udp_new_addr_in.sin_addr.s_addr; + dest.inner.fd_ip_port.ip_port.port=ntohs(udp_new_addr_in.sin_port); + } + else + { + mylog(log_info,"rejected connection from %s:%d\n", inet_ntoa(udp_new_addr_in.sin_addr),ntohs(udp_new_addr_in.sin_port)); + + + len=1; + data[0]=header_reject; + + dest_t tmp_dest; + tmp_dest.type=type_fd_ip_port; + + tmp_dest.inner.fd_ip_port.fd=local_listen_fd; + tmp_dest.inner.fd_ip_port.ip_port.ip=udp_new_addr_in.sin_addr.s_addr; + tmp_dest.inner.fd_ip_port.ip_port.port=ntohs(udp_new_addr_in.sin_port); + + delay_manager.add(0,tmp_dest,data,len);; + continue; + } + } + - dest.inner.ip_port.ip=udp_new_addr_in.sin_addr.s_addr; - dest.inner.ip_port.port=ntohs(udp_new_addr_in.sin_port); mylog(log_trace,"Received packet from %s:%d,len: %d\n", inet_ntoa(udp_new_addr_in.sin_addr), ntohs(udp_new_addr_in.sin_port),len); - assert(write(tun_fd,buf,len)>0); + ret=write(tun_fd,data,len); + if( ret<0 ) + { + mylog(log_warn,"write to tun failed len=%d ret=%d\n errno=%s\n",len,ret,strerror(errno)); + } } else if(events[idx].data.u64==(u64_t)tun_fd) { - len=read(tun_fd,buf,max_data_len); + len=read(tun_fd,data,max_data_len); assert(len>=0); mylog(log_trace,"Received packet from tun,len: %d\n",len); - if(dest.inner.ip_port.to_u64()==0) + if(dest.inner.fd64_ip_port.ip_port.to_u64()==0) { mylog(log_warn,"there is no client yet\n"); continue; } - delay_manager.add(0,dest,buf,len);; + put_header(header_normal,data,len); + + delay_manager.add(0,dest,data,len);; } diff --git a/tunnel.cpp b/tunnel.cpp index 517d130..d90d17f 100644 --- a/tunnel.cpp +++ b/tunnel.cpp @@ -22,7 +22,11 @@ int tunnel_client_event_loop() //conn_info.conv_manager.reserve(); //conn_info.fec_encode_manager.re_init(fec_data_num,fec_redundant_num,fec_mtu,fec_pending_num,fec_pending_time,fec_type); + + int local_listen_fd; + //fd64_t local_listen_fd64; new_listen_socket(local_listen_fd,local_ip_uint32,local_port); + //local_listen_fd64=fd_manager.create(local_listen_fd); epoll_fd = epoll_create1(0); assert(epoll_fd>0); @@ -316,8 +320,9 @@ int tunnel_client_event_loop() u64_t u64=conn_info.conv_manager.find_u64_by_conv(conv); dest_t dest; - dest.inner.ip_port.from_u64(u64); - dest.type=type_ip_port; + dest.inner.fd_ip_port.fd=local_listen_fd; + dest.inner.fd_ip_port.ip_port.from_u64(u64); + dest.type=type_fd_ip_port; //dest.conv=conv; delay_send(out_delay[i],dest,new_data,new_len); @@ -344,8 +349,10 @@ int tunnel_server_event_loop() int remote_fd; // conn_info_t conn_info; - - new_listen_socket(local_listen_fd,local_ip_uint32,local_port); + int local_listen_fd; +// fd64_t local_listen_fd64; + new_listen_socket(local_listen_fd,local_ip_uint32,local_port); + // local_listen_fd64=fd_manager.create(local_listen_fd); epoll_fd = epoll_create1(0); assert(epoll_fd>0); @@ -607,10 +614,11 @@ int tunnel_server_event_loop() //conn_info.update_active_time(); //cant put it here int out_n=-2;char **out_arr;int *out_len;my_time_t *out_delay; + dest_t dest; - dest.type=type_ip_port; - //dest.conv=conv; - dest.inner.ip_port=ip_port; + dest.inner.fd_ip_port.fd=local_listen_fd; + dest.inner.fd_ip_port.ip_port=ip_port; + dest.type=type_fd_ip_port; dest.cook=1; if(fd64==conn_info.fec_encode_manager.get_timer_fd64())