github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-02-08 08:09:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix -g option

Browse Source
This commit is contained in:
U-DESKTOP-T772REH\wangyu 2018-06-19 15:40:55 +08:00
parent 086cba4b1d
commit d5024a619c
1 changed files with 57 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
misc.cpp
View File

@ -444,7 +444,7 @@ void process_arg(int argc, char *argv[]) //process all options
case 'h': case 'h':
break; break;
case 'a': case 'a':
assert(0==1); assert(0==1&&"-a not implemented");
auto_add_iptables_rule=1; auto_add_iptables_rule=1;
break; break;
case 'g': case 'g':
@ -458,6 +458,7 @@ void process_arg(int argc, char *argv[]) //process all options
mylog(log_debug,"option_index: %d\n",option_index); mylog(log_debug,"option_index: %d\n",option_index);
if(strcmp(long_options[option_index].name,"clear")==0) if(strcmp(long_options[option_index].name,"clear")==0)
{ {
assert(0==1&&"--clear not implemented");
clear_iptables=1; clear_iptables=1;
} }
else if(strcmp(long_options[option_index].name,"source-ip")==0) else if(strcmp(long_options[option_index].name,"source-ip")==0)
@ -547,14 +548,17 @@ void process_arg(int argc, char *argv[]) //process all options
} }
else if(strcmp(long_options[option_index].name,"simple-rule")==0) else if(strcmp(long_options[option_index].name,"simple-rule")==0)
{ {
assert(0==1&&"--simple-rule not implemented");
simple_rule=1; simple_rule=1;
} }
else if(strcmp(long_options[option_index].name,"keep-rule")==0) else if(strcmp(long_options[option_index].name,"keep-rule")==0)
{ {
assert(0==1&&"--keep-rule not implemented");
keep_rule=1; keep_rule=1;
} }
else if(strcmp(long_options[option_index].name,"gen-add")==0) else if(strcmp(long_options[option_index].name,"gen-add")==0)
{ {
assert(0==1&&"--gen-add not implemented");
generate_iptables_rule_add=1; generate_iptables_rule_add=1;
} }
else if(strcmp(long_options[option_index].name,"disable-color")==0) else if(strcmp(long_options[option_index].name,"disable-color")==0)
@ -577,6 +581,7 @@ void process_arg(int argc, char *argv[]) //process all options
} }
else if(strcmp(long_options[option_index].name,"force-sock-buf")==0) else if(strcmp(long_options[option_index].name,"force-sock-buf")==0)
{ {
assert(0==1&&"--force-sock-buf not implemented");
force_socket_buf=1; force_socket_buf=1;
} }
else if(strcmp(long_options[option_index].name,"retry-on-error")==0) else if(strcmp(long_options[option_index].name,"retry-on-error")==0)
@ -633,6 +638,7 @@ void process_arg(int argc, char *argv[]) //process all options
} }
else if(strcmp(long_options[option_index].name,"fifo")==0) else if(strcmp(long_options[option_index].name,"fifo")==0)
{ {
assert(0==1&&"--fifo not implemented");
sscanf(optarg,"%s",fifo_file); sscanf(optarg,"%s",fifo_file);
mylog(log_info,"fifo_file =%s \n",fifo_file); mylog(log_info,"fifo_file =%s \n",fifo_file);
@ -851,144 +857,59 @@ void *run_keep(void *none) //called in a new thread for --keep-rule option
} }
void iptables_rule() // handles -a -g --gen-add --keep-rule --clear --wait-lock void iptables_rule() // handles -a -g --gen-add --keep-rule --clear --wait-lock
{ {
if(!wait_xtables_lock)
{
iptables_command=iptables_command0;
}
else
{
iptables_command=iptables_command0+"-w ";
}
if(clear_iptables)
{
char *output;
//int ret =system("iptables-save |grep udp2raw_dWRwMnJhdw|sed -n 's/^-A/iptables -D/p'|sh");
int ret =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-A/"+iptables_command+"-D/p'|sh",output);
int ret2 =run_command(iptables_command+"-S|sed -n '/udp2rawDwrW/p'|sed -n 's/^-N/"+iptables_command+"-X/p'|sh",output);
//system("iptables-save |grep udp2raw_dWRwMnJhdw|sed 's/^-A/iptables -D/'|sh");
//system("iptables-save|grep -v udp2raw_dWRwMnJhdw|iptables-restore");
mylog(log_info,"tried to clear all iptables rule created previously,return value %d %d\n",ret,ret2);
myexit(-1);
}
if(auto_add_iptables_rule&&generate_iptables_rule)
{
mylog(log_warn," -g overrides -a\n");
auto_add_iptables_rule=0;
//myexit(-1);
}
if(generate_iptables_rule_add&&generate_iptables_rule)
{
mylog(log_warn," --gen-add overrides -g\n");
generate_iptables_rule=0;
//myexit(-1);
}
if(keep_rule&&auto_add_iptables_rule==0)
{
auto_add_iptables_rule=1;
mylog(log_warn," --keep_rule implys -a\n");
generate_iptables_rule=0;
//myexit(-1);
}
char tmp_pattern[200];
string pattern="";
if(program_mode==client_mode)
{
if(raw_mode==mode_faketcp)
{
sprintf(tmp_pattern,"-s %s/32 -p tcp -m tcp --sport %d",remote_ip,remote_port);
}
if(raw_mode==mode_udp)
{
sprintf(tmp_pattern,"-s %s/32 -p udp -m udp --sport %d",remote_ip,remote_port);
}
if(raw_mode==mode_icmp)
{
sprintf(tmp_pattern,"-s %s/32 -p icmp",remote_ip);
}
pattern=tmp_pattern;
}
if(program_mode==server_mode)
{
if(raw_mode==mode_faketcp)
{
sprintf(tmp_pattern,"-p tcp -m tcp --dport %d",local_port);
}
if(raw_mode==mode_udp)
{
sprintf(tmp_pattern,"-p udp -m udp --dport %d",local_port);
}
if(raw_mode==mode_icmp)
{
if(local_ip_uint32==0)
{
sprintf(tmp_pattern,"-p icmp");
}
else
{
sprintf(tmp_pattern,"-d %s/32 -p icmp",local_ip);
}
}
pattern=tmp_pattern;
}
/*
if(!simple_rule)
{
pattern += " -m comment --comment udp2rawDwrW_";
char const_id_str[100];
sprintf(const_id_str, "%x_", const_id);
pattern += const_id_str;
time_t timer;
char buffer[26];
struct tm* tm_info;
time(&timer);
tm_info = localtime(&timer);
strftime(buffer, 26, "%Y-%m-%d-%H:%M:%S", tm_info);
pattern += buffer;
}*/
if(auto_add_iptables_rule)
{
iptables_rule_init(pattern.c_str(),const_id,keep_rule);
if(keep_rule)
{
if(pthread_create(&keep_thread, NULL, run_keep, 0)) {
mylog(log_fatal, "Error creating thread\n");
myexit(-1);
}
keep_thread_running=1;
}
}
if(generate_iptables_rule) if(generate_iptables_rule)
{ {
string rule=iptables_command+"-I INPUT "; if(raw_mode==mode_faketcp && use_tcp_dummy_socket==1)
rule+=pattern; {
rule+=" -j DROP"; mylog(log_fatal, "failed,-g doesnt work with easy-faketcp mode\n");
myexit(-1);
}
if(raw_mode==mode_udp)
{
mylog(log_warn, "It not necessary to use iptables/firewall rule in udp mode\n");
}
log_bare(log_warn,"for linux, use:\n");
if(raw_mode==mode_faketcp)
printf("iptables -I INPUT -s %s/32 -p tcp -m tcp --sport %d -j DROP\n",remote_ip,remote_port);
if(raw_mode==mode_udp)
printf("iptables -I INPUT -s %s/32 -p udp -m udp --sport %d -j DROP\n",remote_ip,remote_port);
if(raw_mode==mode_icmp)
printf("iptables -I INPUT -s %s/32 -p icmp -j DROP\n",remote_ip);
printf("\n");
printf("generated iptables rule:\n"); log_bare(log_warn,"for mac/bsd use:\n");
printf("%s\n",rule.c_str()); if(raw_mode==mode_faketcp)
myexit(0); printf("echo 'block drop proto tcp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
} if(raw_mode==mode_udp)
if(generate_iptables_rule_add) printf("echo 'block drop proto udp from %s port %d to any' > ./1.conf\n",remote_ip,remote_port);
{ if(raw_mode==mode_icmp)
iptables_gen_add(pattern.c_str(),const_id); printf("echo 'block drop proto icmp from %s to any' > ./1.conf\n",remote_ip);
myexit(0); printf("pfctl -f ./1.conf\n");
} printf("pfctl -e\n");
printf("\n");
log_bare(log_warn,"for windows vista and above use:\n");
if(raw_mode==mode_faketcp)
{
printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
printf("netsh advfirewall firewall add rule name=udp2raw protocol=TCP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
}
if(raw_mode==mode_udp)
{
printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=in remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
printf("netsh advfirewall firewall add rule name=udp2raw protocol=UDP dir=out remoteip=%s/32 remoteport=%d action=block\n",remote_ip,remote_port);
}
if(raw_mode==mode_icmp)
{
printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=in remoteip=%s/32 action=block\n",remote_ip);
printf("netsh advfirewall firewall add rule name=udp2raw protocol=ICMPV4 dir=out remoteip=%s/32 action=block\n",remote_ip);
}
myexit(0);
}
} }