bug fix

README.md

@@ -1,12 +1,12 @@
 # Udp2raw-tunnel
 ![image0](images/image0.PNG)
 
-An encrpyted, anti-replay, multiplexing UDP tunnel which tunnels UDP traffic with fake TCP or ICMP header using raw socket. Also acts as a connection stablizer.
+An Encrpyted,Anti-Replay,Multiplexed UDP Tunnel which can help you Bypass UDP Block or QoS by tunneling UDP traffic through Fake-TCP or ICMP by using raw socket.It aslo acts as a Connection Stablizer.
 
 [简体中文](/doc/README.zh-cn.md)
 # Features 
-### Send / Receive UDP Packet with fake headers
-Fake headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported, in this mode you can just use the encrpyting,anti-replay and connection-stablize feature.
+### Send / Receive UDP Packet with fake-tcp/icmp headers
+Fake-tcp/icmp headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. Raw packets with UDP headers are also supported.In UDP header mode,it behaves just like a normal UDP tunnel,and you can just make use of the other features.
 
 ### Simulate TCP Handshake
 Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sackOk, TS, TS_ack, wscale are also simulated. Real-time delivery guaranteed, no TCP over TCP problem when using OpenVPN.
@@ -18,7 +18,7 @@ Simulates the 3-way handshake, along with seq and ack_seq. TCP options MSS, sack
 * Authenticate mutually, no more MITM attacks.
 
 ### Failure Dectection & Stablization (Connection Recovery)
-Conection failures are detected by heartbeats. If timed-out, the client will automatically change the port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. 
+Conection failures are detected by heartbeats. If timed-out,client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild. 
 
 For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if the network cable is re-plugged or the WiFi access point is changed**.
 
@@ -27,7 +27,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a
 
 * **Multiple Clients** One server can have multiple clients.
 
-* **NAT Support** All of the 3 modes work in NAT-ed environments.
+* **NAT Support** All of the 3 modes work in NAT environments.
 
 * **OpenVZ Support** Tested on BandwagonHost.
 
@@ -47,7 +47,7 @@ For example, if you use UDP2RAW + OpenVPN, OpenVPN won't lose connection after a
 ### Prerequisites
 A Linux host (including desktop Linux, OpenWRT router, or Raspberry PI) with root access.
 
-If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and NAT mode are supported).
+If you want to use it on MICRO$OFT Windows, you can use VMware or Hyper-V (both bridged mode and <del>NAT mode</del> are supported).
 
 ### Installing
 Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
@@ -104,13 +104,13 @@ other options:
 ```
 
 ### IPTABLES rule
-This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the -g option to generate iptables rule and add it manually.
+This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually.
 
 ### `cipher-mode` and `auth-mode` 
-It is suggested to use AES-128-CBC + MD5 to obtain maximum security. If you want to run the program on a router, you can try XOR + simple, which can fool packet inspection by firewalls the most  of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
+It is suggested to use `aes128cbc` + `md5` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
 
 ### seq-mode
-The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience any problems, try to change the value. 
+The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value. 
 
 # Peformance Test
 #### Test method:
@@ -131,14 +131,14 @@ raw_mode: faketcp  cipher_mode: xor  auth_mode: simple
 
 ![image4](images/image4.PNG)
 
-(reverse speed is simliar and not uploaded)
+(reverse speed was simliar and not uploaded)
 
 ### Test2
 raw_mode: faketcp  cipher_mode: aes128cbc  auth_mode: md5
 
 ![image5](images/image5.PNG)
 
-(reverse speed is simliar and not uploaded)
+(reverse speed was simliar and not uploaded)
 
 # Application
 ### tunneling any traffic via raw traffic by using udp2raw +openvpn
@@ -160,19 +160,27 @@ finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up
 # How to build
 read [build_guide](/doc/build_guide.md)
 
+# Other
+### Easier installation on ArchLinux
+```
+yaourt -S udp2raw-tunnel # or
+pacaur -S udp2raw-tunnel
+```
+
 # Related work
 ### kcptun-raw
-this project was inspired by kcptun-raw,which modified kcptun to support tcp mode.
+udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
 
 https://github.com/Chion82/kcptun-raw
+### relayRawSocket
+kcptun-raw was inspired by relayRawSocket. A simple  udp to raw tunnel,wrote in python
+
+https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
 ### kcpraw
 another project of kcptun with tcp mode
 
 https://github.com/ccsexyz/kcpraw
-### relayRawSocket
-a simple  udp to raw tunnel without simluated 3-way handshake ,wrote in python
 
-https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
 ### icmptunnel
 Transparently tunnel your IP traffic through ICMP echo and reply packets.
 

common.h

@@ -59,7 +59,7 @@ typedef int i32_t;
 
 
 const int max_data_len=1600;
-const int buf_len=max_data_len+200;
+const int buf_len=max_data_len+400;
 const u32_t max_handshake_conn_num=10000;
 const u32_t max_ready_conn_num=1000;
 const u32_t anti_replay_window_size=1000;

doc/README.zh-cn.md

@@ -49,7 +49,7 @@ epoll纯异步，高并发，除了回收过期连接外，所有操作的时间
 # 简明操作说明
 
 ### 环境要求
-Linux主机，有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机（桥接模式和NAT模式经测试都可用）。
+Linux主机，有root权限。主机上最好安装了iptables命令(apt/yum很容易安装)。在windows和mac上可以开虚拟机（桥接模式和<del>NAT模式</del>经测试都可用）。
 
 ### 安装
 下载编译好的二进制文件，解压到任意目录。
@@ -157,17 +157,17 @@ raw_mode: faketcp  cipher_mode: aes128cbc  auth_mode: md5
 [编译教程](build_guide.zh-cn.md)
 # 相关repo
 ### kcptun-raw
-this project was inspired by kcptun-raw,which modified kcptun to support tcp mode.
+udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
 
 https://github.com/Chion82/kcptun-raw
+### relayRawSocket
+kcptun-raw was inspired by relayRawSocket. A simple  udp to raw tunnel,wrote in python
+
+https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
 ### kcpraw
 another project of kcptun with tcp mode
 
 https://github.com/ccsexyz/kcpraw
-### relayRawSocket
-a simple  udp to raw tunnel without simluated 3-way handshake ,wrote in python
-
-https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
 ### icmptunnel
 Transparently tunnel your IP traffic through ICMP echo and reply packets.
 

encrypt.h

@@ -29,10 +29,6 @@ enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_end};
 extern auth_mode_t auth_mode;
 extern cipher_mode_t cipher_mode;
 
-struct a
-{
-	char * buf[buf_len];
-};
 extern unordered_map<int, const char *> auth_mode_tostring;
 extern unordered_map<int, const char *> cipher_mode_tostring;
 

main.cpp

@@ -1155,7 +1155,7 @@ int client_on_timer(conn_info_t &conn_info) //for client
 		{
 			conn_info.state.client_current_state=client_idle;
 			conn_info.my_id=get_true_random_number_nz();
-			mylog(log_info,"state back to client_idle from  client_ready bc of recv-direction timeout\n");
+			mylog(log_info,"state back to client_idle from  client_ready bc of server-->client direction timeout\n");
 			return 0;
 		}
 
@@ -1168,7 +1168,7 @@ int client_on_timer(conn_info_t &conn_info) //for client
 		{
 			conn_info.state.client_current_state=client_idle;
 			conn_info.my_id=get_true_random_number_nz();
-			mylog(log_info,"state back to client_idle from  client_ready bc of send-direction timeout\n");
+			mylog(log_info,"state back to client_idle from  client_ready bc of client-->server direction timeout\n");
 		}
 
 		mylog(log_debug,"heartbeat sent <%x,%x>\n",conn_info.oppsite_id,conn_info.my_id);
@@ -1417,10 +1417,13 @@ int server_on_raw_recv_multi()
 	{
 		recv(raw_recv_fd, 0,0, 0  );//
 		//struct sockaddr saddr;
-		//socklen_t saddr_size;
+		//socklen_t saddr_size=sizeof(saddr);
 		///recvfrom(raw_recv_fd, 0,0, 0 ,&saddr , &saddr_size);//
 		mylog(log_trace,"peek_raw failed\n");
 		return -1;
+	}else
+	{
+		mylog(log_trace,"peek_raw success\n");
 	}
 	u32_t ip=peek_info.src_ip;uint16_t port=peek_info.src_port;
 
@@ -1544,9 +1547,11 @@ int server_on_raw_recv_multi()
 	if(conn_info.state.server_current_state==server_ready)
 	{
 		char type;
+		//mylog(log_info,"before recv_safer\n");
 		if (recv_safer(conn_info,type, data, data_len) != 0) {
 			return -1;
 		}
+		//mylog(log_info,"after recv_safer\n");
 		return server_on_raw_recv_ready(conn_info,ip_port,type,data,data_len);
 	}
 	return 0;
@@ -2034,8 +2039,9 @@ int client_event_loop()
 
 				int recv_len;
 				struct sockaddr_in udp_new_addr_in;
-				if ((recv_len = recvfrom(udp_fd, buf, buf_len, 0,
-						(struct sockaddr *) &udp_new_addr_in, &slen)) == -1) {
+				socklen_t udp_new_addr_len = sizeof(sockaddr_in);
+				if ((recv_len = recvfrom(udp_fd, buf, max_data_len, 0,
+						(struct sockaddr *) &udp_new_addr_in, &udp_new_addr_len)) == -1) {
 					mylog(log_error,"recv_from error,this shouldnt happen at client\n");
 					myexit(1);
 				};
@@ -2307,13 +2313,14 @@ int server_event_loop()
 
 				u32_t conv_id=conn_info.blob->conv_manager.find_conv_by_u64(fd);
 
-				int recv_len=recv(fd,buf,buf_len,0);
+				int recv_len=recv(fd,buf,max_data_len,0);
 
 				mylog(log_trace,"received a packet from udp_fd,len:%d\n",recv_len);
 
 				if(recv_len<0)
 				{
-					mylog(log_debug,"udp fd,recv_len<0 continue\n");
+					mylog(log_debug,"udp fd,recv_len<0 continue,%s\n",strerror(errno));
+
 					continue;
 				}
 

makefile

@@ -1,29 +1,39 @@
 cc_cross=/home/wangyu/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
-FLAGS=-Wall -Wextra -Wno-unused-variable -Wno-unused-parameter
-FLAGS2= -O3
+cc_local=g++
+cc_ar71xx=/home/wangyu/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
+cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ 
+FLAGS= -std=c++11 -Wall -Wextra -Wno-unused-variable -Wno-unused-parameter
+SOURCES=main.cpp lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp
+TAR=udp2raw_binaries.tar.gz udp2raw_amd64  udp2raw_x86  udp2raw_ar71xx udp2raw_bcm2708
+
 all:
-	sudo killall udp2raw||true
-	sleep 0.2
-	gcc main.cpp -o udp2raw  -static  -ggdb -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -lrt -std=c++11    ${FLAGS} ${FLAGS2}
-#	${ccmips} main.cpp -o udp2raw_ar71xx  -lrt -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -std=c++11 ${FLAGS} ${FLAGS2}
+	rm -f udp2raw
+	${cc_local}   -o udp2raw          -I. ${SOURCES} ${FLAGS} -lrt  -static -O3
 fast:
-	sudo killall udp2raw||true
-	sleep 0.2
-	g++ main.cpp -o udp2raw -ggdb -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -lrt -std=c++11    ${FLAGS} 
-
-
+	rm -f udp2raw
+	${cc_local}   -o udp2raw          -I. ${SOURCES} ${FLAGS} -lrt
 debug:
-	g++ main.cpp -o udp2raw -static  -ggdb -I. -Ilib lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -lrt -std=c++11    ${FLAGS} -Wformat-nonliteral -D MY_DEBUG
+	rm -f udp2raw
+	${cc_local}   -o udp2raw          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG 
+
+ar71xx: 
+	${cc_ar71xx}  -o udp2raw_ar71xx   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+bcm2708:
+	${cc_bcm2708} -o udp2raw_bcm2708  -I. ${SOURCES} ${FLAGS} -lrt -static -O3
+amd64:
+	${cc_local}   -o udp2raw_amd64    -I. ${SOURCES} ${FLAGS} -lrt -static -O3
+x86:
+	${cc_local}   -o udp2raw_x86      -I. ${SOURCES} ${FLAGS} -lrt -m32 -static -O3
+
 cross:
-	${cc_cross} main.cpp -o udp2raw_ar71xx  -lrt -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -std=c++11 ${FLAGS} ${FLAGS2}
+	${cc_cross}   -o udp2raw_cross    -I. ${SOURCES} ${FLAGS} -lrt -static -lgcc_eh -O3   
+
 cross2:
-	${cc_cross} main.cpp -o udp2raw_ar71xx  -lrt -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -std=c++11 ${FLAGS} -static -lgcc_eh -O3
-cross3:
-	${cc_cross} main.cpp -o udp2raw_ar71xx  -lrt -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -std=c++11 ${FLAGS} -static -lgcc_eh
+	${cc_cross}   -o udp2raw_cross    -I. ${SOURCES} ${FLAGS} -lrt -O3
 
-release:
-	g++ main.cpp -o udp2raw_amd64  -static  -ggdb -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -lrt -std=c++11    ${FLAGS} ${FLAGS2}
-	g++ main.cpp -o udp2raw_x86  -static -ggdb -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -lrt -std=c++11    ${FLAGS} ${FLAGS2} -m32
-	${cc_cross} main.cpp -o udp2raw_ar71xx  -lrt -I. lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp -std=c++11 ${FLAGS} -static -lgcc_eh -O3
-	tar -zcvf udp2raw_binaries.tar.gz udp2raw_amd64  udp2raw_x86  udp2raw_ar71xx
+release: amd64 x86 ar71xx bcm2708
+	tar -zcvf ${TAR}
+
+clean:	
+	rm -f ${TAR}
 	

network.cpp

@@ -24,6 +24,8 @@ int lower_level=0;
 int ifindex=-1;
 char if_name[100]="";
 
+unsigned short g_ip_id_counter=0;
+
 unsigned char oppsite_hw_addr[6]=
     {0xff,0xff,0xff,0xff,0xff,0xff};
 //{0x00,0x23,0x45,0x67,0x89,0xb9};
@@ -162,6 +164,7 @@ packet_info_t::packet_info_t()
 int init_raw_socket()
 {
 
+	g_ip_id_counter=get_true_random_number()%65535;
 	if(lower_level==0)
 	{
 		raw_send_fd = socket(AF_INET , SOCK_RAW , IPPROTO_TCP);
@@ -306,7 +309,6 @@ int init_ifindex(char * if_name)
 	return 0;
 }
 
-
 int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)
 {
 	const packet_info_t &send_info=raw_info.send_info;
@@ -316,19 +318,18 @@ int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)
 	struct iphdr *iph = (struct iphdr *) send_raw_ip_buf;
     memset(iph,0,sizeof(iphdr));
 
-    static unsigned short ip_id=1;
-
     iph->ihl = sizeof(iphdr)/4;  //we dont use ip options,so the length is just sizeof(iphdr)
     iph->version = 4;
     iph->tos = 0;
 
     if(lower_level)
     {
-    	iph->id=0;
-    	//iph->id = htons (ip_id++); //Id of this packet
+    	//iph->id=0;
+    	iph->id = htons (g_ip_id_counter++); //Id of this packet
     }
     else
-    	iph->id = 0; //Id of this packet  ,kernel will auto fill this if id is zero  ,or really?????// todo //seems like there is a problem
+    	iph->id = htons (g_ip_id_counter++); //Id of this packet
+    	//iph->id = 0; //Id of this packet  ,kernel will auto fill this if id is zero  ,or really?????// todo //seems like there is a problem
 
     iph->frag_off = htons(0x4000); //DF set,others are zero
    // iph->frag_off = htons(0x0000); //DF set,others are zero
@@ -390,12 +391,14 @@ int peek_raw(packet_info_t &peek_info)
 {	static char peek_raw_buf[buf_len];
 	char *ip_begin=peek_raw_buf+link_level_header_len;
 	struct sockaddr saddr;
-	socklen_t saddr_size;
-	int recv_len = recvfrom(raw_recv_fd, peek_raw_buf,buf_len, MSG_PEEK ,&saddr , &saddr_size);//change buf_len to something smaller,we only need header here
+	socklen_t saddr_size=sizeof(saddr);
+	int recv_len = recvfrom(raw_recv_fd, peek_raw_buf,max_data_len, MSG_PEEK ,&saddr , &saddr_size);//change max_data_len to something smaller,we only need header here
 	iphdr * iph = (struct iphdr *) (ip_begin);
 	//mylog(log_info,"recv_len %d\n",recv_len);
 	if(recv_len<int(sizeof(iphdr)))
 	{
+		mylog(log_trace,"failed here %d \n",recv_len,int(sizeof(iphdr)));
+		mylog(log_trace,"%s\n ",strerror(errno));
 		return -1;
 	}
 	peek_info.src_ip=iph->saddr;
@@ -407,10 +410,17 @@ int peek_raw(packet_info_t &peek_info)
     {
     	case mode_faketcp:
     	{
-    		if(iph->protocol!=IPPROTO_TCP) return -1;
+    		if(iph->protocol!=IPPROTO_TCP)
+    		{
+    			mylog(log_trace,"failed here");
+    			return -1;
+    		}
     		struct tcphdr *tcph=(tcphdr *)payload;
     		if(recv_len<int( iphdrlen+sizeof(tcphdr) ))
+    		{
+    			mylog(log_trace,"failed here");
     			return -1;
+    		}
     		peek_info.src_port=ntohs(tcph->source);
     		peek_info.syn=tcph->syn;
 			break;
@@ -446,11 +456,9 @@ int recv_raw_ip(raw_info_t &raw_info,char * &payload,int &payloadlen)
 
 	iphdr *  iph;
 	struct sockaddr saddr;
-	socklen_t saddr_size;
-	saddr_size = sizeof(saddr);
+	socklen_t saddr_size = sizeof(saddr);
 	int flag=0;
-
-	int recv_len = recvfrom(raw_recv_fd, recv_raw_ip_buf, buf_len, flag ,&saddr , &saddr_size);
+	int recv_len = recvfrom(raw_recv_fd, recv_raw_ip_buf, max_data_len, flag ,&saddr , &saddr_size);
 
 	if(recv_len<0)
 	{
@@ -481,6 +489,7 @@ int recv_raw_ip(raw_info_t &raw_info,char * &payload,int &payloadlen)
 
 	if(bind_address_uint32!=0 &&recv_info.dst_ip!=bind_address_uint32)
 	{
+		mylog(log_trace,"bind adress doenst match, dropped\n");
 		//printf(" bind adress doenst match, dropped\n");
 		return -1;
 	}
@@ -987,7 +996,7 @@ int recv_raw_udp(raw_info_t &raw_info, char *&payload, int &payloadlen)
 	}
 	udphdr *udph=(struct udphdr*)ip_payload;
 
-	if(ntohs(udph->len)!=ip_payloadlen)
+	if(int(ntohs(udph->len))!=ip_payloadlen)
 	{
 
 		mylog(log_debug,"udp length error %d %d \n",ntohs(udph->len),ip_payloadlen);
@@ -1183,7 +1192,7 @@ int recv_raw_tcp_deprecated(packet_info_t &info,char * &payload,int &payloadlen)
 
 	mylog(log_trace,"raw!\n");
 
-	size = recvfrom(raw_recv_fd, buf, buf_len, 0 ,&saddr , &saddr_size);
+	size = recvfrom(raw_recv_fd, buf, max_data_len, 0 ,&saddr , &saddr_size);
 
 	if(buf[12]!=8||buf[13]!=0)
 	{