reduce diff with no-mp version

2025-02-07 23:59:36 +08:00 · 2018-08-28 16:20:11 -05:00 · 2018-08-28 16:20:11 -05:00 · a130936947
commit a130936947
parent 57af53afa8
3 changed files with 255 additions and 88 deletions
--- a/common.cpp
+++ b/common.cpp
@ -899,6 +899,7 @@ void myexit(int a)
 {
    if(enable_log_color)
   	printf("%s\n",RESET);
    /*
    if(keep_thread_running)
    {
 		if(pthread_cancel(keep_thread))
@ -911,6 +912,7 @@ void myexit(int a)
 		}
    }
 	clear_iptables_rule();
 	*/
 	exit(a);
 }
--- a/misc.cpp
+++ b/misc.cpp
@ -29,11 +29,20 @@ int ttl_value=64;
 fd_manager_t fd_manager;
 char remote_address[max_addr_len]="";
 //char remote_address[max_address_len]="";
 char local_ip[100]="0.0.0.0", remote_ip[100]="255.255.255.255",source_ip[100]="0.0.0.0";//local_ip is for -l option,remote_ip for -r option,source for --source-ip
 u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
 int local_port = -1, remote_port=-1,source_port=0;//similiar to local_ip  remote_ip,buf for port.source_port=0 indicates --source-port is not enabled
 address_t local_addr,remote_addr,source_addr;
 my_ip_t bind_addr;
 //int source_port=-1;
 int bind_addr_used=0;
 int force_source_ip=0; //if --source-ip is enabled
 int force_source_port=0;
 my_id_t const_id=0;//an id used for connection recovery,its generated randomly,it never change since its generated
@ -62,12 +71,6 @@ char fifo_file[1000]="";
 int clear_iptables=0;
 int wait_xtables_lock=0;
 string iptables_command0="iptables ";
 string iptables_command="";
 string iptables_pattern="";
 int iptables_rule_added=0;
 int iptables_rule_keeped=0;
 int iptables_rule_keep_index=0;
 program_mode_t program_mode=unset_mode;//0 unset; 1client 2server
 raw_mode_t raw_mode=mode_faketcp;
@ -135,8 +138,8 @@ void print_help()
 	printf("common options,these options must be same on both side:\n");
 	printf("    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp\n");
 	printf("    -k,--key              <string>        password to gen symetric key,default:\"secret key\"\n");
-	printf("    --cipher-mode         <string>        avaliable values:aes128cbc(default),xor,none\n");
+	printf("    --cipher-mode         <string>        avaliable values:aes128cfb,aes128cbc(default),xor,none\n");
-	printf("    --auth-mode           <string>        avaliable values:md5(default),crc32,simple,none\n");
+	printf("    --auth-mode           <string>        avaliable values:hmac_sha1,md5(default),crc32,simple,none\n");
 	printf("    -a,--auto-rule                        auto add (and delete) iptables rule\n");
 	printf("    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and\n");
 	printf("                                          add it manually.overrides -a\n");
@ -485,6 +488,23 @@ void process_arg(int argc, char *argv[])  //process all options
 			}
 			else if(strcmp(long_options[option_index].name,"raw-mode")==0)
 			{
 				/*
 				for(i=0;i<mode_end;i++)
 				{
 					if(strcmp(optarg,raw_mode_tostring[i])==0)
 					{
 						//printf("%d i\n",i);
 						//printf("%s",raw_mode_tostring[i]);
 						raw_mode=(raw_mode_t)i;
 						break;
 					}
 				}
 				if(i==mode_end)
 				{
 					mylog(log_fatal,"no such raw_mode %s\n",optarg);
 					myexit(-1);
 				}
 				 */
 				if(strcmp(optarg,"easyfaketcp")==0||strcmp(optarg,"easy_faketcp")==0||strcmp(optarg,"easy-faketcp")==0)
 				{
 					raw_mode=mode_faketcp;
@ -550,9 +570,10 @@ void process_arg(int argc, char *argv[])  //process all options
 			}
 			else if(strcmp(long_options[option_index].name,"lower-level")==0)
 			{
 				//process_lower_level_arg();
 				mylog(log_fatal,"--lower-level not supported in this version\n");
 				myexit(-1);
-				//process_lower_level_arg();
+
 				//lower_level=1;
 				//strcpy(lower_level_arg,optarg);
 			}
@ -588,6 +609,12 @@ void process_arg(int argc, char *argv[])  //process all options
 				debug_flag=1;
 				//enable_log_color=0;
 			}
 			else if(strcmp(long_options[option_index].name,"dev")==0)
 			{
 				sscanf(optarg,"%s",dev);
 				//enable_log_color=0;
 				mylog(log_info,"dev=[%s]\n",dev);
 			}
 			else if(strcmp(long_options[option_index].name,"debug-resend")==0)
 			{
 				//debug_resend=1;
@ -656,7 +683,7 @@ void process_arg(int argc, char *argv[])  //process all options
 				mylog(log_info,"random_drop =%d \n",random_drop);
 			}
 			else if(strcmp(long_options[option_index].name,"fifo")==0)
-			{	
+			{
 				mylog(log_fatal,"--fifo not supported in this version\n");
 				myexit(-1);
 				sscanf(optarg,"%s",fifo_file);
@ -709,11 +736,6 @@ void process_arg(int argc, char *argv[])  //process all options
 				enable_dns_resolve=1;
 				mylog(log_info,"dns-resolve enabled\n");
 			}
 			else if(strcmp(long_options[option_index].name,"dev")==0)
 			{
 				sscanf(optarg,"%s",dev);
 				mylog(log_info,"dev=[%s]\n",dev);
 			}
 			else if(strcmp(long_options[option_index].name,"pcap-send")==0)
 			{
 				send_with_pcap=1;
@ -858,6 +880,7 @@ void pre_process_arg(int argc, char *argv[])//mainly for load conf file
 	process_arg(new_argc,new_argv_char);
 }
 /*
 void *run_keep(void *none)  //called in a new thread for --keep-rule option
 {
@ -877,62 +900,153 @@ void *run_keep(void *none)  //called in a new thread for --keep-rule option
 }
 void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-lock
 {
-	if(generate_iptables_rule)
+	assert(raw_ip_version==AF_INET||raw_ip_version==AF_INET6);
 	if(raw_ip_version==AF_INET)
 	{
-		if(raw_mode==mode_faketcp && use_tcp_dummy_socket==1)
+		iptables_command0="iptables ";
-		{
+	}
-			mylog(log_fatal, "failed,-g doesnt work with easy-faketcp mode\n");
+	else
-			myexit(-1);
+		iptables_command0="ip6tables ";
-		}
+	if(!wait_xtables_lock)
-		if(raw_mode==mode_udp)
+	{
-		{
+		iptables_command=iptables_command0;
-			mylog(log_warn, "It not necessary to use iptables/firewall rule in udp mode\n");
+	}
-		}
+	else
-		log_bare(log_warn,"for linux, use:\n");
+	{
-		if(raw_mode==mode_faketcp)
+		iptables_command=iptables_command0+"-w ";
 			printf("iptables -I INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_ip,remote_port);
 		if(raw_mode==mode_udp)
 			printf("iptables -I INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_ip,remote_port);
 		if(raw_mode==mode_icmp)
 			printf("iptables -I INPUT -s %s/32 -p icmp -j DROP\n",remote_ip);
 		printf("\n");
 		log_bare(log_warn,"for mac/bsd use:\n");
 		if(raw_mode==mode_faketcp)
 			printf("echo 'block drop proto tcp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
 		if(raw_mode==mode_udp)
 			printf("echo 'block drop proto udp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
 		if(raw_mode==mode_icmp)
 			printf("echo 'block drop proto icmp from %s to any' > ./1.conf\n",remote_ip);
 		printf("pfctl -f ./1.conf\n");
 		printf("pfctl -e\n");
 		printf("\n");
 		log_bare(log_warn,"for windows vista and above use:\n");
 		if(raw_mode==mode_faketcp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 		}
 		if(raw_mode==mode_udp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 		}
 		if(raw_mode==mode_icmp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=in remoteip=%s/32 action=block\n",remote_ip);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=out remoteip=%s/32 action=block\n",remote_ip);
 		}
 		myexit(0);
 	}
-}
+	if(clear_iptables)
 	{
 		char *output;
 		//int ret =system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh");
 		int ret =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-A/"+iptables_command+"-D/p'|sh",output);
 		int ret2 =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-N/"+iptables_command+"-X/p'|sh",output);
 		//system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh");
 		//system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore");
 		mylog(log_info,"tried to clear all iptables rule created previously,return value %d %d\n",ret,ret2);
 		myexit(-1);
 	}
 	if(auto_add_iptables_rule&&generate_iptables_rule)
 	{
 		mylog(log_warn," -g overrides -a\n");
 		auto_add_iptables_rule=0;
 		//myexit(-1);
 	}
 	if(generate_iptables_rule_add&&generate_iptables_rule)
 	{
 		mylog(log_warn," --gen-add overrides -g\n");
 		generate_iptables_rule=0;
 		//myexit(-1);
 	}
 	if(keep_rule&&auto_add_iptables_rule==0)
 	{
 		auto_add_iptables_rule=1;
 		mylog(log_warn," --keep_rule implys -a\n");
 		generate_iptables_rule=0;
 		//myexit(-1);
 	}
 	char tmp_pattern[200];
 	string pattern="";
 	if(program_mode==client_mode)
 	{
 		tmp_pattern[0]=0;
 		if(raw_mode==mode_faketcp)
 		{
 			sprintf(tmp_pattern,"-s %s -p tcp -m tcp --sport %d",remote_addr.get_ip(),remote_addr.get_port());
 		}
 		if(raw_mode==mode_udp)
 		{
 			sprintf(tmp_pattern,"-s %s -p udp -m udp --sport %d",remote_addr.get_ip(),remote_addr.get_port());
 		}
 		if(raw_mode==mode_icmp)
 		{
 			if(raw_ip_version==AF_INET)
 				sprintf(tmp_pattern,"-s %s -p icmp --icmp-type 0",remote_addr.get_ip());
 			else
 				sprintf(tmp_pattern,"-s %s -p icmpv6 --icmpv6-type 129",remote_addr.get_ip());
 		}
 		pattern+=tmp_pattern;
 	}
 	if(program_mode==server_mode)
 	{
 		tmp_pattern[0]=0;
 		if(raw_ip_version==AF_INET)
 		{
 			if(local_addr.inner.ipv4.sin_addr.s_addr!=0)
 			{
 				sprintf(tmp_pattern,"-d %s ",local_addr.get_ip());
 			}
 		}
 		else
 		{
 			char zero_arr[16]={0};
 			if(memcmp(&local_addr.inner.ipv6.sin6_addr,zero_arr,16)!=0)
 			{
 				sprintf(tmp_pattern,"-d %s ",local_addr.get_ip());
 			}
 		}
 		pattern+=tmp_pattern;
 		tmp_pattern[0]=0;
 		if(raw_mode==mode_faketcp)
 		{
 			sprintf(tmp_pattern,"-p tcp -m tcp --dport %d",local_addr.get_port());
 		}
 		if(raw_mode==mode_udp)
 		{
 			sprintf(tmp_pattern,"-p udp -m udp --dport %d",local_addr.get_port());
 		}
 		if(raw_mode==mode_icmp)
 		{
 			if(raw_ip_version==AF_INET)
 				sprintf(tmp_pattern,"-p icmp --icmp-type 8");
 			else
 				sprintf(tmp_pattern,"-p icmpv6 --icmpv6-type 128");
 		}
 		pattern+=tmp_pattern;
 	}
 	if(generate_iptables_rule)
 	{
 		string rule=iptables_command+"-I INPUT ";
 		rule+=pattern;
 		rule+=" -j DROP";
 		printf("generated iptables rule:\n");
 		printf("%s\n",rule.c_str());
 		myexit(0);
 	}
 	if(generate_iptables_rule_add)
 	{
 		iptables_gen_add(pattern.c_str(),const_id);
 		myexit(0);
 	}
 	if(auto_add_iptables_rule)
 	{
 		iptables_rule_init(pattern.c_str(),const_id,keep_rule);
 		if(keep_rule)
 		{
 			if(pthread_create(&keep_thread, NULL, run_keep, 0)) {
 				mylog(log_fatal, "Error creating thread\n");
 				myexit(-1);
 			}
 			keep_thread_running=1;
 		}
 	}
 	else
 	{
 		mylog(log_warn," -a has not been set, make sure you have added the needed iptables rules manually\n");
 	}
 }
 */
 int unit_test()
 {
 	printf("running unit test\n");
@ -991,7 +1105,6 @@ int unit_test()
 	return 0;
 }
 /*
 int set_timer(int epollfd,int &timer_fd)//put a timer_fd into epoll,general function,used both in client and server
 {
@ -1021,9 +1134,9 @@ int set_timer(int epollfd,int &timer_fd)//put a timer_fd into epoll,general func
 		myexit(-1);
 	}
 	return 0;
-}*/
+}
 /*
 int set_timer_server(int epollfd,int &timer_fd,fd64_t &fd64)//only for server
 {
 	int ret;
@ -1085,7 +1198,7 @@ int handle_lower_level(raw_info_t &raw_info)//fill lower_level info,when --lower
 	}
 	return 0;
 }
-*/
+
 string chain[2];
 string rule_keep[2];
@ -1164,19 +1277,6 @@ int iptables_rule_init(const char * s,u32_t const_id,int keep)
 int keep_iptables_rule()  //magic to work on a machine without grep/iptables --check/-m commment
 {
 	/*
 	if(iptables_rule_keeped==0) return  0;
 	uint64_t tmp_current_time=get_current_time();
 	if(tmp_current_time-keep_rule_last_time<=iptables_rule_keep_interval)
 	{
 		return 0;
 	}
 	else
 	{
 		keep_rule_last_time=tmp_current_time;
 	}*/
 	mylog(log_debug,"keep_iptables_rule begin %llu\n",get_current_time());
 	iptables_rule_keep_index+=1;
@ -1222,11 +1322,68 @@ int clear_iptables_rule()
 	return 0;
 }
 */
 void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-lock
 {
 	if(generate_iptables_rule)
 	{
 		if(raw_mode==mode_faketcp && use_tcp_dummy_socket==1)
 		{
 			mylog(log_fatal, "failed,-g doesnt work with easy-faketcp mode\n");
 			myexit(-1);
 		}
 		if(raw_mode==mode_udp)
 		{
 			mylog(log_warn, "It not necessary to use iptables/firewall rule in udp mode\n");
 		}
 		log_bare(log_warn,"for linux, use:\n");
 		if(raw_mode==mode_faketcp)
 			printf("iptables -I INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_ip,remote_port);
 		if(raw_mode==mode_udp)
 			printf("iptables -I INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_ip,remote_port);
 		if(raw_mode==mode_icmp)
 			printf("iptables -I INPUT -s %s/32 -p icmp -j DROP\n",remote_ip);
 		printf("\n");
 		log_bare(log_warn,"for mac/bsd use:\n");
 		if(raw_mode==mode_faketcp)
 			printf("echo 'block drop proto tcp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
 		if(raw_mode==mode_udp)
 			printf("echo 'block drop proto udp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
 		if(raw_mode==mode_icmp)
 			printf("echo 'block drop proto icmp from %s to any' > ./1.conf\n",remote_ip);
 		printf("pfctl -f ./1.conf\n");
 		printf("pfctl -e\n");
 		printf("\n");
 		log_bare(log_warn,"for windows vista and above use:\n");
 		if(raw_mode==mode_faketcp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 		}
 		if(raw_mode==mode_udp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
 		}
 		if(raw_mode==mode_icmp)
 		{
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=in remoteip=%s/32 action=block\n",remote_ip);
 			printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=out remoteip=%s/32 action=block\n",remote_ip);
 		}
 		myexit(0);
 	}
 }
 void  signal_handler(int sig)
 {
 	about_to_exit=1;
    // myexit(0);
 }
--- a/misc.h
+++ b/misc.h
@ -74,11 +74,20 @@ union current_state_t
 };
 extern char remote_address[max_addr_len];
 //extern char remote_address[max_address_len];
 extern char local_ip[100], remote_ip[100],source_ip[100];//local_ip is for -l option,remote_ip for -r option,source for --source-ip
 extern u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
 extern int local_port , remote_port,source_port;//similiar to local_ip  remote_ip,buf for port.source_port=0 indicates --source-port is not enabled
 extern address_t local_addr,remote_addr,source_addr;
 extern my_ip_t bind_addr;
 extern int bind_addr_used;
 extern int force_source_ip; //if --source-ip is enabled
 extern int force_source_port;
 extern int source_port;
 extern my_id_t const_id;//an id used for connection recovery,its generated randomly,it never change since its generated
@ -114,7 +123,6 @@ extern unordered_map<int, const char*> raw_mode_tostring ;
 extern int about_to_exit;
 extern int socket_buf_size;
 //extern int force_socket_buf;
 extern pthread_t keep_thread;
 extern int keep_thread_running;