github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-01-19 06:19:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

prepare work for auto add iptables rule

Browse Source
This commit is contained in:
wangyu 2017-08-04 11:51:39 +08:00 committed by wangyu
parent 1fba601d9c
commit 5cf4cc7cb2
4 changed files with 105 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
common.cpp
View File

@ -13,7 +13,7 @@ raw_mode_t raw_mode=mode_faketcp;
unordered_map<int, const char*> raw_mode_tostring = {{mode_faketcp, "faketcp"}, {mode_udp, "udp"}, {mode_icmp, "icmp"}};
int socket_buf_size=1024*1024;
static int random_number_fd=-1;
char iptables_rule[200];
uint64_t get_current_time()
{
@ -46,7 +46,15 @@ char * my_ntoa(uint32_t ip)
}
int add_iptables_rule(char *)
{
return 0;
}
int remove_iptables_rule(char *)
{
return 0;
}
void init_random_number_fd()
@ -57,7 +65,7 @@ void init_random_number_fd()
if(random_number_fd==-1)
{
mylog(log_fatal,"error open /dev/urandom\n");
exit(-1);
myexit(-1);
}
setnonblocking(random_number_fd);
}
@ -68,7 +76,7 @@ uint64_t get_true_random_number_64()
if(size!=sizeof(ret))
{
mylog(log_fatal,"get random number failed\n",size);
exit(-1);
myexit(-1);
}
return ret;
@ -80,7 +88,7 @@ uint32_t get_true_random_number()
if(size!=sizeof(ret))
{
mylog(log_fatal,"get random number failed\n",size);
exit(-1);
myexit(-1);
}
return ret;
}
@ -119,13 +127,13 @@ void setnonblocking(int sock) {
if (opts < 0) {
mylog(log_fatal,"fcntl(sock,GETFL)\n");
//perror("fcntl(sock,GETFL)");
exit(1);
myexit(1);
}
opts = opts | O_NONBLOCK;
if (fcntl(sock, F_SETFL, opts) < 0) {
mylog(log_fatal,"fcntl(sock,SETFL,opts)\n");
//perror("fcntl(sock,SETFL,opts)");
exit(1);
myexit(1);
}
}
@ -161,21 +169,26 @@ int set_buf_size(int fd)
if(setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &socket_buf_size, sizeof(socket_buf_size))<0)
{
mylog(log_fatal,"SO_SNDBUFFORCE fail\n");
exit(1);
myexit(1);
}
if(setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &socket_buf_size, sizeof(socket_buf_size))<0)
{
mylog(log_fatal,"SO_RCVBUFFORCE fail\n");
exit(1);
myexit(1);
}
return 0;
}
void myexit(int a)
{
if(enable_log_color)
printf(RESET);
exit(a);
}
void INThandler(int sig)
{
if(enable_log_color)
printf(RESET);
exit(0);
myexit(0);
}
int numbers_to_char(id_t id1,id_t id2,id_t id3,char * &data,int &len)

1
common.h
View File

@ -127,5 +127,6 @@ void INThandler(int sig);
int numbers_to_char(id_t id1,id_t id2,id_t id3,char * &data,int &len);
int char_to_numbers(const char * data,int len,id_t &id1,id_t &id2,id_t &id3);
void myexit(int a);
#endif /* COMMON_H_ */

128
main.cpp
View File

@ -29,6 +29,7 @@ int timer_fd=-1;
int fail_time_counter=0;
int epoll_trigger_counter=0;
int debug_flag=0;
int auto_add_iptables_rule=0;
//int debug_resend=0;
char key_string[1000]= "secret key";
@ -334,7 +335,7 @@ struct conn_info_t
conn_info_t& operator=(const conn_info_t& b)
{
mylog(log_fatal,"not allowed\n");
exit(-1);
myexit(-1);
return *this;
}
~conn_info_t();
@ -693,7 +694,7 @@ void server_clear_function(uint64_t u64)
if (ret!=0)
{
mylog(log_fatal,"close fd %d failed !!!!\n",fd);
exit(-1); //this shouldnt happen
myexit(-1); //this shouldnt happen
}
//mylog(log_fatal,"size:%d !!!!\n",conn_manager.udp_fd_mp.size());
assert(conn_manager.udp_fd_mp.find(fd)!=conn_manager.udp_fd_mp.end());
@ -980,7 +981,7 @@ int client_bind_to_a_new_port()
}
}
mylog(log_fatal,"bind port fail\n");
exit(-1);
myexit(-1);
return -1;////for compiler check
}
@ -997,7 +998,7 @@ int set_timer(int epollfd,int &timer_fd)
if((timer_fd=timerfd_create(CLOCK_MONOTONIC,TFD_NONBLOCK)) < 0)
{
mylog(log_fatal,"timer_fd create error\n");
exit(1);
myexit(1);
}
its.it_interval.tv_sec=(timer_interval/1000);
its.it_interval.tv_nsec=(timer_interval%1000)*1000ll*1000ll;
@ -1011,7 +1012,7 @@ int set_timer(int epollfd,int &timer_fd)
ret=epoll_ctl(epollfd, EPOLL_CTL_ADD, timer_fd, &ev);
if (ret < 0) {
mylog(log_fatal,"epoll_ctl return %d\n", ret);
exit(-1);
myexit(-1);
}
return 0;
}
@ -1028,7 +1029,7 @@ int set_timer_server(int epollfd,int &timer_fd)
if((timer_fd=timerfd_create(CLOCK_MONOTONIC,TFD_NONBLOCK)) < 0)
{
mylog(log_fatal,"timer_fd create error\n");
exit(1);
myexit(1);
}
its.it_interval.tv_sec=(timer_interval/1000);
its.it_interval.tv_nsec=(timer_interval%1000)*1000ll*1000ll;
@ -1042,7 +1043,7 @@ int set_timer_server(int epollfd,int &timer_fd)
ret=epoll_ctl(epollfd, EPOLL_CTL_ADD, timer_fd, &ev);
if (ret < 0) {
mylog(log_fatal,"epoll_ctl return %d\n", ret);
exit(-1);
myexit(-1);
}
return 0;
}
@ -1064,7 +1065,7 @@ int client_on_timer(conn_info_t &conn_info) //for client
if(fail_time_counter>max_fail_time)
{
mylog(log_fatal,"max_fail_time exceed");
exit(-1);
myexit(-1);
}
conn_info.blob->anti_replay.re_init();
@ -1258,7 +1259,7 @@ int client_on_timer(conn_info_t &conn_info) //for client
else
{
mylog(log_fatal,"unknown state,this shouldnt happen.\n");
exit(-1);
myexit(-1);
}
return 0;
}
@ -1300,7 +1301,7 @@ int server_on_timer_multi(conn_info_t &conn_info)
else
{
mylog(log_fatal,"this shouldnt happen!\n");
exit(-1);
myexit(-1);
}
return 0;
@ -1479,7 +1480,7 @@ int client_on_raw_recv(conn_info_t &conn_info)
else
{
mylog(log_fatal,"unknown state,this shouldnt happen.\n");
exit(-1);
myexit(-1);
}
return 0;
}
@ -1875,12 +1876,12 @@ int server_on_raw_recv_pre_ready(conn_info_t &conn_info,uint32_t tmp_oppsite_con
if(!conn_manager.exist(ori_conn_info.raw_info.recv_info.src_ip,ori_conn_info.raw_info.recv_info.src_port))//TODO remove this
{
mylog(log_fatal,"[%s]this shouldnt happen\n",ip_port);
exit(-1);
myexit(-1);
}
if(!conn_manager.exist(conn_info.raw_info.recv_info.src_ip,conn_info.raw_info.recv_info.src_port))//TODO remove this
{
mylog(log_fatal,"[%s]this shouldnt happen2\n",ip_port);
exit(-1);
myexit(-1);
}
conn_info_t *&p_ori=conn_manager.find_insert_p(ori_conn_info.raw_info.recv_info.src_ip,ori_conn_info.raw_info.recv_info.src_port);
conn_info_t *&p=conn_manager.find_insert_p(conn_info.raw_info.recv_info.src_ip,conn_info.raw_info.recv_info.src_port);
@ -1907,7 +1908,7 @@ int server_on_raw_recv_pre_ready(conn_info_t &conn_info,uint32_t tmp_oppsite_con
else
{
mylog(log_fatal,"[%s]this should never happen\n",ip_port);
exit(-1);
myexit(-1);
}
return 0;
}
@ -1971,7 +1972,7 @@ int client_event_loop()
if(get_src_adress(source_address_uint32)!=0)
{
mylog(log_fatal,"the trick to auto get source ip failed,you should specific an ip by --source-ip\n");
exit(-1);
myexit(-1);
}
}
in_addr tmp;
@ -1983,7 +1984,7 @@ int client_event_loop()
if(try_to_list_and_bind(source_port)!=0)
{
mylog(log_fatal,"bind to source_port:%d fail\n ",source_port);
exit(-1);
myexit(-1);
}
send_info.src_port=source_port;
send_info.src_ip = source_address_uint32;
@ -2016,7 +2017,7 @@ int client_event_loop()
if (bind(udp_fd, (struct sockaddr*) &local_me, slen) == -1) {
mylog(log_fatal,"socket bind error\n");
//perror("socket bind error");
exit(1);
myexit(1);
}
setnonblocking(udp_fd);
epollfd = epoll_create1(0);
@ -2025,7 +2026,7 @@ int client_event_loop()
struct epoll_event ev, events[max_events];
if (epollfd < 0) {
mylog(log_fatal,"epoll return %d\n", epollfd);
exit(-1);
myexit(-1);
}
ev.events = EPOLLIN;
@ -2033,7 +2034,7 @@ int client_event_loop()
ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, udp_fd, &ev);
if (ret!=0) {
mylog(log_fatal,"add udp_listen_fd error\n");
exit(-1);
myexit(-1);
}
ev.events = EPOLLIN;
ev.data.u64 = raw_recv_fd;
@ -2041,7 +2042,7 @@ int client_event_loop()
ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, raw_recv_fd, &ev);
if (ret!= 0) {
mylog(log_fatal,"add raw_fd error\n");
exit(-1);
myexit(-1);
}
////add_timer for fake_tcp_keep_connection_client
@ -2061,7 +2062,7 @@ int client_event_loop()
int nfds = epoll_wait(epollfd, events, max_events, 180 * 1000);
if (nfds < 0) { //allow zero
mylog(log_fatal,"epoll_wait return %d\n", nfds);
exit(-1);
myexit(-1);
}
int idx;
for (idx = 0; idx < nfds; ++idx) {
@ -2087,7 +2088,7 @@ int client_event_loop()
if ((recv_len = recvfrom(udp_fd, buf, buf_len, 0,
(struct sockaddr *) &udp_new_addr_in, &slen)) == -1) {
mylog(log_error,"recv_from error,this shouldnt happen at client\n");
exit(1);
myexit(1);
};
mylog(log_trace,"Received packet from %s:%d,len: %d\n", inet_ntoa(udp_new_addr_in.sin_addr),
@ -2152,7 +2153,7 @@ int client_event_loop()
else
{
mylog(log_fatal,"unknown fd,this should never happen\n");
exit(-1);
myexit(-1);
}
}
}
@ -2187,7 +2188,7 @@ int server_event_loop()
if (bind(bind_fd, (struct sockaddr*)&temp_bind_addr, sizeof(temp_bind_addr)) !=0)
{
mylog(log_fatal,"bind fail\n");
exit(-1);
myexit(-1);
}
if(raw_mode==mode_faketcp)
@ -2196,7 +2197,7 @@ int server_event_loop()
if(listen(bind_fd, SOMAXCONN) != 0 )
{
mylog(log_fatal,"listen fail\n");
exit(-1);
myexit(-1);
}
}
@ -2211,7 +2212,7 @@ int server_event_loop()
struct epoll_event ev, events[max_events];
if (epollfd < 0) {
mylog(log_fatal,"epoll return %d\n", epollfd);
exit(-1);
myexit(-1);
}
ev.events = EPOLLIN;
@ -2220,7 +2221,7 @@ int server_event_loop()
ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, raw_recv_fd, &ev);
if (ret!= 0) {
mylog(log_fatal,"add raw_fd error\n");
exit(-1);
myexit(-1);
}
int timer_fd;
@ -2235,7 +2236,7 @@ int server_event_loop()
int nfds = epoll_wait(epollfd, events, max_events, 180 * 1000);
if (nfds < 0) { //allow zero
mylog(log_fatal,"epoll_wait return %d\n", nfds);
exit(-1);
myexit(-1);
}
int idx;
for (idx = 0; idx < nfds; ++idx)
@ -2288,12 +2289,12 @@ int server_event_loop()
if(!conn_manager.exist(ip,port))//TODO remove this for peformance
{
mylog(log_fatal,"ip port no longer exits 1!!!this shouldnt happen\n");
exit(-1);
myexit(-1);
}
if (p_conn_info->state.server_current_state != server_ready) //TODO remove this for peformance
{
mylog(log_fatal,"p_conn_info->state.server_current_state!=server_ready!!!this shouldnt happen\n");
exit(-1);
myexit(-1);
}
//conn_info_t &conn_info=conn_manager.find(ip,port);
server_on_timer_multi(*p_conn_info);
@ -2325,13 +2326,13 @@ int server_event_loop()
if(!conn_manager.exist(ip,port))//TODO remove this for peformance
{
mylog(log_fatal,"ip port no longer exits 2!!!this shouldnt happen\n", nfds);
exit(-1);
myexit(-1);
}
if(p_conn_info->state.server_current_state!=server_ready)//TODO remove this for peformance
{
mylog(log_fatal,"p_conn_info->state.server_current_state!=server_ready!!!this shouldnt happen\n", nfds);
exit(-1);
myexit(-1);
}
conn_info_t &conn_info=*p_conn_info;
@ -2373,7 +2374,7 @@ int server_event_loop()
else
{
mylog(log_fatal,"unknown fd,this should never happen\n");
exit(-1);
myexit(-1);
}
}
@ -2452,7 +2453,7 @@ void process_arg(int argc, char *argv[])
if(strcmp(argv[i],"-h")==0||strcmp(argv[i],"--help")==0)
{
print_help();
exit(0);
myexit(0);
}
}
for (i = 0; i < argc; i++)
@ -2468,7 +2469,7 @@ void process_arg(int argc, char *argv[])
else
{
log_bare(log_fatal,"invalid log_level\n");
exit(-1);
myexit(-1);
}
}
}
@ -2488,11 +2489,11 @@ void process_arg(int argc, char *argv[])
if (argc == 1)
{
print_help();
exit(-1);
myexit(-1);
}
int no_l = 1, no_r = 1;
while ((opt = getopt_long(argc, argv, "l:r:sch",long_options,&option_index)) != -1) {
while ((opt = getopt_long(argc, argv, "l:r:scha",long_options,&option_index)) != -1) {
//string opt_key;
//opt_key+=opt;
switch (opt) {
@ -2522,7 +2523,7 @@ void process_arg(int argc, char *argv[])
else
{
mylog(log_fatal,"-s /-c has already been set,-s option conflict\n");
exit(-1);
myexit(-1);
}
break;
case 'c':
@ -2533,12 +2534,14 @@ void process_arg(int argc, char *argv[])
else
{
mylog(log_fatal,"-s /-c has already been set,-c option conflict\n");
exit(-1);
myexit(-1);
}
break;
case 'h':
break;
case 'a':
//auto_add_iptables_rule=1;
break;
case 'k':
mylog(log_debug,"parsing key option\n");
sscanf(optarg,"%s",key_string);
@ -2572,7 +2575,7 @@ void process_arg(int argc, char *argv[])
if(i==mode_end)
{
mylog(log_fatal,"no such raw_mode %s\n",optarg);
exit(-1);
myexit(-1);
}
}
else if(strcmp(long_options[option_index].name,"auth-mode")==0)
@ -2588,7 +2591,7 @@ void process_arg(int argc, char *argv[])
if(i==auth_end)
{
mylog(log_fatal,"no such auth_mode %s\n",optarg);
exit(-1);
myexit(-1);
}
}
else if(strcmp(long_options[option_index].name,"cipher-mode")==0)
@ -2604,7 +2607,7 @@ void process_arg(int argc, char *argv[])
if(i==cipher_end)
{
mylog(log_fatal,"no such cipher_mode %s\n",optarg);
exit(-1);
myexit(-1);
}
}
else if(strcmp(long_options[option_index].name,"log-level")==0)
@ -2643,7 +2646,7 @@ void process_arg(int argc, char *argv[])
else
{
mylog(log_fatal,"sock-buf value must be between 1 and 10240 (kbyte) \n");
exit(-1);
myexit(-1);
}
}
else if(strcmp(long_options[option_index].name,"seq-mode")==0)
@ -2655,7 +2658,7 @@ void process_arg(int argc, char *argv[])
else
{
mylog(log_fatal,"seq_mode value must be 0,1,or 2 \n");
exit(-1);
myexit(-1);
}
}
else
@ -2665,7 +2668,7 @@ void process_arg(int argc, char *argv[])
break;
default:
mylog(log_fatal,"unknown option ,code:<%x>\n", optopt);
exit(-1);
myexit(-1);
}
}
@ -2678,7 +2681,7 @@ void process_arg(int argc, char *argv[])
if (no_l || no_r||program_mode==0)
{
print_help();
exit(-1);
myexit(-1);
}
mylog(log_info,"important variables: ", argc);
@ -2703,43 +2706,60 @@ void process_arg(int argc, char *argv[])
}
void iptables_warn()
{
char iptables[200];
if(program_mode==client_mode)
{
if(raw_mode==mode_faketcp)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_address,remote_port);
sprintf(iptables,"INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_address,remote_port);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_address,remote_port);
}
if(raw_mode==mode_udp)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_address,remote_port);
sprintf(iptables,"INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_address,remote_port);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_address,remote_port);
}
if(raw_mode==mode_icmp)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p icmp -j DROP\n",remote_address);
sprintf(iptables,"INPUT -s %s/32 -p icmp -j DROP\n",remote_address);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -s %s/32 -p icmp -j DROP\n",remote_address);
}
}
if(program_mode==server_mode)
{
if(raw_mode==mode_faketcp)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -p tcp -m tcp --dport %d -j DROP\n",local_port);
sprintf(iptables,"INPUT -p tcp -m tcp --dport %d -j DROP\n",local_port);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -p tcp -m tcp --dport %d -j DROP\n",local_port);
}
if(raw_mode==mode_udp)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -p udp -m udp --udp %d -j DROP\n",local_port);
sprintf(iptables,"INPUT -p udp -m udp --udp %d -j DROP\n",local_port);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -p udp -m udp --udp %d -j DROP\n",local_port);
}
if(raw_mode==mode_icmp)
{
if(local_address_uint32==0)
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -p icmp -j DROP\n");
sprintf(iptables,"INPUT -p icmp -j DROP\n");
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -p icmp -j DROP\n");
}
else
{
mylog(log_warn,"make sure you have run once: iptables -A INPUT -d %s/32 -p icmp -j DROP\n",local_address);
sprintf(iptables,"INPUT -d %s/32 -p icmp -j DROP\n",local_address);
//mylog(log_warn,"make sure you have run once: iptables -A INPUT -d %s/32 -p icmp -j DROP\n",local_address);
}
}
}
if(auto_add_iptables_rule)
{
//not implemented
}
else
{
mylog(log_warn,"make sure you have run once: iptables -A %s\n",iptables);
}
}
int main(int argc, char *argv[])
{

12
network.cpp
View File

@ -162,13 +162,13 @@ int init_raw_socket()
if(raw_send_fd == -1) {
mylog(log_fatal,"Failed to create raw_send_fd\n");
//perror("Failed to create raw_send_fd");
exit(1);
myexit(1);
}
if(setsockopt(raw_send_fd, SOL_SOCKET, SO_SNDBUFFORCE, &socket_buf_size, sizeof(socket_buf_size))<0)
{
mylog(log_fatal,"SO_SNDBUFFORCE fail\n");
exit(1);
myexit(1);
}
//raw_fd = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
@ -177,13 +177,13 @@ int init_raw_socket()
if(raw_recv_fd == -1) {
mylog(log_fatal,"Failed to create raw_recv_fd\n");
//perror("");
exit(1);
myexit(1);
}
if(setsockopt(raw_recv_fd, SOL_SOCKET, SO_RCVBUFFORCE, &socket_buf_size, sizeof(socket_buf_size))<0)
{
mylog(log_fatal,"SO_RCVBUFFORCE fail\n");
exit(1);
myexit(1);
}
//IP_HDRINCL to tell the kernel that headers are included in the packet
@ -193,7 +193,7 @@ int init_raw_socket()
if (setsockopt (raw_send_fd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) {
mylog(log_fatal,"Error setting IP_HDRINCL %d\n",errno);
//perror("Error setting IP_HDRINCL");
exit(2);
myexit(2);
}
setnonblocking(raw_send_fd); //not really necessary
@ -243,7 +243,7 @@ void init_filter(int port)
{
mylog(log_fatal,"error set fiter\n");
//perror("filter");
exit(-1);
myexit(-1);
}
}
void remove_filter()