github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-01-19 14:29:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

changed iptables -A to -I, auth_mode: simple

Browse Source
This commit is contained in:
wangyu 2017-08-04 21:46:49 +08:00
parent acece0b329
commit 956bc5ab06
5 changed files with 84 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common.cpp
View File

@ -52,7 +52,7 @@ char * my_ntoa(u32_t ip)
int add_iptables_rule(char * s) int add_iptables_rule(char * s)
{ {
strcpy(iptables_rule,s); strcpy(iptables_rule,s);
char buf[300]="iptables -A "; char buf[300]="iptables -I ";
strcat(buf,s); strcat(buf,s);
if(system(buf)==0) if(system(buf)==0)
{ {

48
encrypt.cpp
View File

@ -13,11 +13,11 @@
static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog use zero iv,you should make sure first block of data contains a random/nonce data static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog use zero iv,you should make sure first block of data contains a random/nonce data
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_sum,"sum"}}; unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"}};
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}}; unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}};
auth_mode_t auth_mode=auth_sum; auth_mode_t auth_mode=auth_crc32;
cipher_mode_t cipher_mode=cipher_xor; cipher_mode_t cipher_mode=cipher_aes128cbc;
/* /*
@ -45,7 +45,7 @@ unsigned int crc32h(unsigned char *message,int len) {
return ~crc; return ~crc;
} }
/*
void sum(const unsigned char *data,int len,unsigned char* res) { void sum(const unsigned char *data,int len,unsigned char* res) {
memset(res,0,sizeof(int)); memset(res,0,sizeof(int));
for(int i=0,j=0;i<len;i++,j++) for(int i=0,j=0;i<len;i++,j++)
@ -55,6 +55,24 @@ unsigned int crc32h(unsigned char *message,int len) {
} }
return ; return ;
}*/
void simple_hash(unsigned char *str,int len,unsigned char* res) //djb2+ sdb
{
u32_t hash = 5381;
u32_t hash2 = 0;
int c;
int i=0;
while(c = *str++,i++!=len)
{
hash = ((hash << 5) + hash) + c; /* hash * 33 + c */
hash2 = c + (hash2 << 6) + (hash2 << 16) - hash2;
}
hash=htonl(hash);
hash2=htonl(hash2);
memcpy(res,&hash,sizeof(hash));
memcpy(res+sizeof(hash),&hash2,sizeof(hash2));
} }
int auth_md5_cal(const char *data,char * output,int &len) int auth_md5_cal(const char *data,char * output,int &len)
@ -75,21 +93,21 @@ int auth_crc32_cal(const char *data,char * output,int &len)
return 0; return 0;
} }
int auth_sum_cal(const char *data,char * output,int &len) int auth_simple_cal(const char *data,char * output,int &len)
{ {
//char res[4]; //char res[4];
memcpy(output,data,len);//TODO inefficient code memcpy(output,data,len);//TODO inefficient code
sum((unsigned char *)output,len,(unsigned char *)(output+len)); simple_hash((unsigned char *)output,len,(unsigned char *)(output+len));
len+=4; len+=8;
return 0; return 0;
} }
int auth_sum_verify(const char *data,int &len) int auth_simple_verify(const char *data,int &len)
{ {
if(len<4) return -1; if(len<8) return -1;
unsigned char res[4]; unsigned char res[8];
len-=4; len-=8;
sum((unsigned char *)data,len,res); simple_hash((unsigned char *)data,len,res);
if(memcmp(res,data+len,sizeof(int))!=0) if(memcmp(res,data+len,8)!=0)
return -1; return -1;
return 0; return 0;
} }
@ -236,7 +254,7 @@ int auth_cal(const char *data,char * output,int &len)
{ {
case auth_crc32:return auth_crc32_cal(data, output, len); case auth_crc32:return auth_crc32_cal(data, output, len);
case auth_md5:return auth_md5_cal(data, output, len); case auth_md5:return auth_md5_cal(data, output, len);
case auth_sum:return auth_sum_cal(data, output, len); case auth_simple:return auth_simple_cal(data, output, len);
case auth_none:return auth_none_cal(data, output, len); case auth_none:return auth_none_cal(data, output, len);
default: return auth_md5_cal(data,output,len);//default default: return auth_md5_cal(data,output,len);//default
} }
@ -249,7 +267,7 @@ int auth_verify(const char *data,int &len)
{ {
case auth_crc32:return auth_crc32_verify(data, len); case auth_crc32:return auth_crc32_verify(data, len);
case auth_md5:return auth_md5_verify(data, len); case auth_md5:return auth_md5_verify(data, len);
case auth_sum:return auth_sum_verify(data, len); case auth_simple:return auth_simple_verify(data, len);
case auth_none:return auth_none_verify(data, len); case auth_none:return auth_none_verify(data, len);
default: return auth_md5_verify(data,len);//default default: return auth_md5_verify(data,len);//default
} }

2
encrypt.h
View File

@ -20,7 +20,7 @@ int my_decrypt_pesudo_header(uint8_t *data,uint8_t *output,int &len,uint8_t * ke
unsigned short csum(const unsigned short *ptr,int nbytes) ; unsigned short csum(const unsigned short *ptr,int nbytes) ;
enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_sum,auth_end}; enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_end};
enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_end}; enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_end};

50
main.cpp
View File

@ -2251,7 +2251,7 @@ void print_help()
printf(" --raw-mode <string> avaliable values:faketcp,udp,icmp\n"); printf(" --raw-mode <string> avaliable values:faketcp,udp,icmp\n");
printf(" -k,--key <string> password to gen symetric key\n"); printf(" -k,--key <string> password to gen symetric key\n");
printf(" --auth-mode <string> avaliable values:aes128cbc(default),xor,none\n"); printf(" --auth-mode <string> avaliable values:aes128cbc(default),xor,none\n");
printf(" --cipher-mode <string> avaliable values:md5(default),crc32,sum,none\n"); printf(" --cipher-mode <string> avaliable values:md5(default),crc32,simple,none\n");
printf(" -a,--auto-add auto add (and delete) iptables rule\n"); printf(" -a,--auto-add auto add (and delete) iptables rule\n");
printf(" --disable-anti-replay disable anti-replay,not suggested"); printf(" --disable-anti-replay disable anti-replay,not suggested");
@ -2304,6 +2304,7 @@ void process_arg(int argc, char *argv[])
{"disable-anti-replay", no_argument, 0, 1}, {"disable-anti-replay", no_argument, 0, 1},
{"auto-add", no_argument, 0, 'a'}, {"auto-add", no_argument, 0, 'a'},
{"debug", no_argument, 0, 1}, {"debug", no_argument, 0, 1},
{"clear", no_argument, 0, 1},
{"sock-buf", required_argument, 0, 1}, {"sock-buf", required_argument, 0, 1},
{"seq-mode", required_argument, 0, 1}, {"seq-mode", required_argument, 0, 1},
{NULL, 0, 0, 0} {NULL, 0, 0, 0}
@ -2363,18 +2364,29 @@ void process_arg(int argc, char *argv[])
no_l = 0; no_l = 0;
if (strchr(optarg, ':') != 0) { if (strchr(optarg, ':') != 0) {
sscanf(optarg, "%[^:]:%d", local_address, &local_port); sscanf(optarg, "%[^:]:%d", local_address, &local_port);
if(local_port==22)
{
mylog(log_fatal,"port 22 not allowed\n");
myexit(-1);
}
} else { } else {
strcpy(local_address, "127.0.0.1"); mylog(log_fatal,"invalid parameter for -l ,%s,should be ip:port\n",optarg);
sscanf(optarg, "%d", &local_port); myexit(-1);
} }
break; break;
case 'r': case 'r':
no_r = 0; no_r = 0;
if (strchr(optarg, ':') != 0) { if (strchr(optarg, ':') != 0) {
sscanf(optarg, "%[^:]:%d", remote_address, &remote_port); sscanf(optarg, "%[^:]:%d", remote_address, &remote_port);
if(remote_port==22)
{
mylog(log_fatal,"port 22 not allowed\n");
myexit(-1);
}
} else { } else {
strcpy(remote_address, "127.0.0.1"); mylog(log_fatal,"invalid parameter for -r ,%s,should be ip:port\n",optarg);
sscanf(optarg, "%d", &remote_port); myexit(-1);
} }
break; break;
case 's': case 's':
@ -2410,7 +2422,15 @@ void process_arg(int argc, char *argv[])
break; break;
case 1: case 1:
mylog(log_debug,"option_index: %d\n",option_index); mylog(log_debug,"option_index: %d\n",option_index);
if(strcmp(long_options[option_index].name,"source-ip")==0) if(strcmp(long_options[option_index].name,"clear")==0)
{
system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh");
//system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh");
//system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore");
mylog(log_info,"tried to clear all iptables rule created previously");
myexit(-1);
}
else if(strcmp(long_options[option_index].name,"source-ip")==0)
{ {
mylog(log_debug,"parsing long option :source-ip\n"); mylog(log_debug,"parsing long option :source-ip\n");
sscanf(optarg, "%s", source_address); sscanf(optarg, "%s", source_address);
@ -2620,16 +2640,28 @@ void iptables_warn()
} }
if(auto_add_iptables_rule) if(auto_add_iptables_rule)
{ {
strcat(rule," -m comment --comment udp2raw_added_"); strcat(rule," -m comment --comment udp2raw_dWRwMnJhdw_");
char const_id_str[100]; char const_id_str[100];
sprintf(const_id_str,"%x",const_id); sprintf(const_id_str,"%x_",const_id);
strcat(rule,const_id_str); strcat(rule,const_id_str);
time_t timer;
char buffer[26];
struct tm* tm_info;
time(&timer);
tm_info = localtime(&timer);
strftime(buffer, 26, "%Y-%m-%d-%H:%M:%S", tm_info);
strcat(rule,buffer);
add_iptables_rule(rule); add_iptables_rule(rule);
} }
else else
{ {
mylog(log_warn,"make sure you have run once: iptables -A %s\n",rule); mylog(log_warn,"make sure you have run once: iptables -I %s\n",rule);
} }
} }
int main(int argc, char *argv[]) int main(int argc, char *argv[])

12
network.cpp
View File

@ -1051,13 +1051,10 @@ int recv_raw_tcp(raw_info_t &raw_info,char * &payload,int &payloadlen)
} }
else else
{ {
mylog(log_info,"tcph->doff= %u\n",tcph->doff); //mylog(log_info,"tcph->doff= %u\n",tcph->doff);
}
if(tcph->rst==1)
{
mylog(log_error,"rst==1\n");
} }
recv_info.ack=tcph->ack; recv_info.ack=tcph->ack;
recv_info.syn=tcph->syn; recv_info.syn=tcph->syn;
recv_info.rst=tcph->rst; recv_info.rst=tcph->rst;
@ -1068,6 +1065,11 @@ int recv_raw_tcp(raw_info_t &raw_info,char * &payload,int &payloadlen)
recv_info.ack_seq=ntohl(tcph->ack_seq); recv_info.ack_seq=ntohl(tcph->ack_seq);
recv_info.psh=tcph->psh; recv_info.psh=tcph->psh;
if(tcph->rst==1)
{
mylog(log_error,"[%s,%d]rst==1\n",my_ntoa(recv_info.src_ip),recv_info.src_port);
}
/* if(recv_info.has_ts) /* if(recv_info.has_ts)
{ {
send_info.ts_ack=recv_info.ts; //////////////////////////////////////////////modify send_info.ts_ack=recv_info.ts; //////////////////////////////////////////////modify