fixed dev detection and -g

2025-02-07 23:59:36 +08:00 · 2018-08-29 19:16:42 -05:00 · 2018-08-29 19:16:42 -05:00 · 1679c324b3
commit 1679c324b3
parent e0aaa65347
2 changed files with 117 additions and 42 deletions
--- a/client.cpp
+++ b/client.cpp
@ -824,8 +824,12 @@ int client_event_loop()

 	}
 	*/
-
-#ifdef fixthis
+	address_t tmp_addr;
+	if(get_src_adress2(tmp_addr,remote_addr)!=0)
+	{
+		mylog(log_error,"get_src_adress() failed\n");
+		myexit(-1);
+	}
 	if(strcmp(dev,"")==0)
 	{
 		mylog(log_info,"--dev have not been set, trying to detect automatically, avaliable deives:\n");
@ -852,15 +856,41 @@ int client_event_loop()
 					log_bare(log_debug," [a->addr==NULL]");
 					continue;
 				}
-				if(a->addr->sa_family == remote_addr.get_type())
+				if(a->addr->sa_family == AF_INET||a->addr->sa_family == AF_INET6)
 				{
 					cnt++;
-					log_bare(log_warn," [%s]", inet_ntoa(((struct sockaddr_in*)a->addr)->sin_addr));

-					if(((struct sockaddr_in*)a->addr)->sin_addr.s_addr ==source_ip_uint32)
+					if(a->addr->sa_family ==AF_INET)
 					{
-						found++;
-						strcpy(dev,d->name);
+						char s[max_addr_len];
+						inet_ntop(AF_INET, &((struct sockaddr_in*)a->addr)->sin_addr, s,max_addr_len);
+						log_bare(log_warn," [%s]", s);
+
+						if(a->addr->sa_family==raw_ip_version)
+						{
+							if(((struct sockaddr_in*)a->addr)->sin_addr.s_addr ==tmp_addr.inner.ipv4.sin_addr.s_addr)
+							{
+								found++;
+								strcpy(dev,d->name);
+							}
+						}
+					}
+					else
+					{
+						assert(a->addr->sa_family ==AF_INET6);
+
+						char s[max_addr_len];
+						inet_ntop(AF_INET6, &((struct sockaddr_in6*)a->addr)->sin6_addr, s,max_addr_len);
+						log_bare(log_warn," [%s]", s);
+
+						if(a->addr->sa_family==raw_ip_version)
+						{
+							if(  memcmp( &((struct sockaddr_in6*)a->addr)->sin6_addr,&tmp_addr.inner.ipv6.sin6_addr,sizeof(struct in6_addr))==0 )
+							{
+								found++;
+								strcpy(dev,d->name);
+							}
+						}
 					}
 				}
 				else
@ -882,16 +912,16 @@ int client_event_loop()

 		if(found==0)
 		{
-			mylog(log_fatal,"no matched device found for ip: [%s]\n",my_ntoa(source_ip_uint32));
+			mylog(log_fatal,"no matched device found for ip: [%s]\n",tmp_addr.get_ip());
 			myexit(-1);
 		}
 		else if(found==1)
 		{
-			mylog(log_info,"using device:[%s], ip: [%s]\n",dev,my_ntoa(source_ip_uint32));
+			mylog(log_info,"using device:[%s], ip: [%s]\n",dev,tmp_addr.get_ip());
 		}
 		else
 		{
-			mylog(log_fatal,"more than one devices found for ip: [%s] , you need to use --dev manually\n",my_ntoa(source_ip_uint32));
+			mylog(log_fatal,"more than one devices found for ip: [%s] , you need to use --dev manually\n",tmp_addr.get_ip());
 			myexit(-1);
 		}
 	}
@ -899,7 +929,6 @@ int client_event_loop()
 	{
 		mylog(log_info,"--dev has been manually set, using device:[%s]\n",dev);
 	}
-#endif


 	send_info.src_port=0;
--- a/misc.cpp
+++ b/misc.cpp
@ -1351,7 +1351,6 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-loc

 	if(generate_iptables_rule)
 	{
-#ifdef fixthis
 		if(raw_mode==mode_faketcp && use_tcp_dummy_socket==1)
 		{
 			mylog(log_fatal, "failed,-g doesnt work with easy-faketcp mode\n");
@ -1361,46 +1360,93 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-loc
 		{
 			mylog(log_warn, "It not necessary to use iptables/firewall rule in udp mode\n");
 		}
-		log_bare(log_warn,"for linux, use:\n");
-		if(raw_mode==mode_faketcp)
-			printf("iptables -I INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_ip,remote_port);
-		if(raw_mode==mode_udp)
-			printf("iptables -I INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_ip,remote_port);
-		if(raw_mode==mode_icmp)
-			printf("iptables -I INPUT -s %s/32 -p icmp -j DROP\n",remote_ip);
-		printf("\n");
+		log_bare(log_warn,"for linux, ipv 4, use:\n");
+		if(raw_ip_version==AF_INET)
+		{
+			if(raw_mode==mode_faketcp)
+				printf("iptables -I INPUT -s %s -p tcp -m tcp --sport %d -j DROP\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_udp)
+				printf("iptables -I INPUT -s %s -p udp -m udp --sport %d -j DROP\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_icmp)
+				printf("iptables -I INPUT -s %s -p icmp --icmp-type 0 -j DROP\n",remote_addr.get_ip());
+			printf("\n");
+		}
+		else
+		{
+			assert(raw_ip_version==AF_INET6);
+			if(raw_mode==mode_faketcp)
+				printf("ip6tables -I INPUT -s %s -p tcp -m tcp --sport %d -j DROP\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_udp)
+				printf("ip6tables -I INPUT -s %s -p udp -m udp --sport %d -j DROP\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_icmp)
+				printf("ip6tables -I INPUT -s %s -p -p icmpv6 --icmpv6-type 129 -j DROP\n",remote_addr.get_ip());
+			printf("\n");
+		}

 		log_bare(log_warn,"for mac/bsd use:\n");
-		if(raw_mode==mode_faketcp)
-			printf("echo 'block drop proto tcp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
-		if(raw_mode==mode_udp)
-			printf("echo 'block drop proto udp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
-		if(raw_mode==mode_icmp)
-			printf("echo 'block drop proto icmp from %s to any' > ./1.conf\n",remote_ip);
+		if(raw_ip_version==AF_INET)
+		{
+			if(raw_mode==mode_faketcp)
+				printf("echo 'block drop inet proto tcp from %s port %d to any' > ./1.conf\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_udp)
+				printf("echo 'block drop inet proto udp from %s port %d to any' > ./1.conf\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_icmp)
+				printf("echo 'block drop inet proto icmp from %s to any' > ./1.conf\n",remote_addr.get_ip());
+		}
+		else
+		{
+			assert(raw_ip_version==AF_INET6);
+			if(raw_mode==mode_faketcp)
+				printf("echo 'block drop inet6 proto tcp from %s port %d to any' > ./1.conf\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_udp)
+				printf("echo 'block drop inet6 proto udp from %s port %d to any' > ./1.conf\n",remote_addr.get_ip(),remote_addr.get_port());
+			if(raw_mode==mode_icmp)
+				printf("echo 'block drop inet6 proto icmp6 from %s to any' > ./1.conf\n",remote_addr.get_ip());
+		}
 		printf("pfctl -f ./1.conf\n");
 		printf("pfctl -e\n");
 		printf("\n");

 		log_bare(log_warn,"for windows vista and above use:\n");
-
-		if(raw_mode==mode_faketcp)
+		if(raw_ip_version==AF_INET)
 		{
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
-		}
-		if(raw_mode==mode_udp)
-		{
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
-		}
-
-		if(raw_mode==mode_icmp)
-		{
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=in remoteip=%s/32 action=block\n",remote_ip);
-			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=out remoteip=%s/32 action=block\n",remote_ip);
+			if(raw_mode==mode_faketcp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+			}
+			if(raw_mode==mode_udp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+			}

+			if(raw_mode==mode_icmp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=in remoteip=%s action=block\n",remote_addr.get_ip());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=out remoteip=%s action=block\n",remote_addr.get_ip());
+			}
+		}
+		else
+		{
+			assert(raw_ip_version==AF_INET6);
+			if(raw_mode==mode_faketcp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+			}
+			if(raw_mode==mode_udp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s remoteport=%d action=block\n",remote_addr.get_ip(),remote_addr.get_port());
+			}
+
+			if(raw_mode==mode_icmp)
+			{
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV6 dir=in remoteip=%s action=block\n",remote_addr.get_ip());
+				printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV6 dir=out remoteip=%s action=block\n",remote_addr.get_ip());
+			}
 		}
-#endif

 		myexit(0);