Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel

Update openvpn_guide.md

README.md

@@ -6,20 +6,6 @@ A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by usin
 It can tunnel any traffic when used together with a UDP-based VPN(such as OpenVPN).Check [this link](https://github.com/wangyu-/udp2raw-tunnel#tunneling-any-traffic-via-raw-traffic-by-using-udp2raw-openvpn) for more info.
 
 [简体中文](/doc/README.zh-cn.md)
-# Frequently Asked Questions
-### Q: What is the advantage of using udp2raw FakeTCP mode,why not use a TCP-based VPN(such as OpenVPN TCP mode)?
-Answer: **TCP doesnt allow real-time/out-of-order delivery**. **If you use OpenVPN TCP mode to turn UDP traffic into TCP,there will be latency issue**:the loss of a single packet blocks all following packet until re-transmission is done. This will cause unacceptable delay for gaming and voice chatting.
-
-**TCP also has re-transmission and congestion control which cant be disabled.** UDP programs usualy want to control packet sending rate by themselves. If you use OpenVPN TCP mode this cant be done because of the congestion control of underlying TCP protocol. Further more,with the re-transmission of underlying TCP,**if you send too many udp packets via an OpenVPN TCP connection,the connection will become completely unusable for a while**(It will eventually recover as most of the re-transmission is done,but it wont be very soon).
-
-Those issues exist for almost all TCP-based VPNs.
-
-For udp2raw there is no underlying TCP protocol,udp2raw just add TCP headers to UDP packets directly by using raw socket. It supports real-time/out-of-order delivery,there is no re-transmission and congestion control. **Udp2raw doesnt have all above issues**.
-
-### Q: Is udp2raw designed for replacing VPN?
-Answer: No. Udp2raw is designed for bypassing UDP restrictions. It doesnt have all of the features a VPN has(such as transparently redirect all traffic).
-
-Instead of replacing VPN,udp2raw can be used with any UDP-based VPN together to grant UDP-based VPN the ablity of bypassing UDP restrictions,while not having the performance issue involved by a TCP-based VPN. Check [this link](https://github.com/wangyu-/udp2raw-tunnel#tunneling-any-traffic-via-raw-traffic-by-using-udp2raw-openvpn) for more info.
 
 # Support Platforms
 Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root access.
@@ -60,6 +46,22 @@ For example, if you use udp2raw + OpenVPN, OpenVPN won't lose connection after a
 ### Keywords
 `Bypass UDP QoS` `Bypass UDP Blocking` `Bypass OpenVPN TCP over TCP problem` `OpenVPN over ICMP` `UDP to ICMP tunnel` `UDP to TCP tunnel` `UDP over ICMP` `UDP over TCP`
 
+# Frequently Asked Questions
+### Q: What is the advantage of using udp2raw FakeTCP mode,why not use a TCP-based VPN(such as OpenVPN TCP mode)?
+Answer: **TCP doesnt allow real-time/out-of-order delivery**. **If you use OpenVPN TCP mode to turn UDP traffic into TCP,there will be latency issue**:the loss of a single packet blocks all following packet until re-transmission is done. This will cause unacceptable delay for gaming and voice chatting.
+
+**TCP also has re-transmission and congestion control which cant be disabled.** UDP programs usualy want to control packet sending rate by themselves. If you use OpenVPN TCP mode this cant be done because of the congestion control of underlying TCP protocol. Further more,with the re-transmission of underlying TCP,**if you send too many udp packets via an OpenVPN TCP connection,the connection will become completely unusable for a while**(It will eventually recover as most of the re-transmission is done,but it wont be very soon).
+
+Those issues exist for almost all TCP-based VPNs.
+
+For udp2raw there is no underlying TCP protocol,udp2raw just add TCP headers to UDP packets directly by using raw socket. It supports real-time/out-of-order delivery,there is no re-transmission and congestion control. **Udp2raw doesnt have all above issues**.
+
+### Q: Is udp2raw designed for replacing VPN?
+Answer: No. Udp2raw is designed for bypassing UDP restrictions. It doesnt have all of the features a VPN has(such as transparently redirect all traffic).
+
+Instead of replacing VPN,udp2raw can be used with any UDP-based VPN together to grant UDP-based VPN the ablity of bypassing UDP restrictions,while not having the performance issue involved by a TCP-based VPN. Check [this link](https://github.com/wangyu-/udp2raw-tunnel#tunneling-any-traffic-via-raw-traffic-by-using-udp2raw-openvpn) for more info.
+
+
 # Getting Started
 ### Installing
 Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
@@ -92,7 +94,7 @@ You can run udp2raw with a non-root account(for better security).Take a look at
 ### Usage
 ```
 udp2raw-tunnel
-version: Aug 26 2017 08:30:48
+git version:adbe7d110f    build date:Sep  6 2017 05:37:45
 repository: https://github.com/wangyu-/udp2raw-tunnel
 
 usage:
@@ -122,10 +124,14 @@ other options:
     --disable-bpf                         disable the kernel space filter,most time its not necessary
                                           unless you suspect there is a bug
     --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
-    --seqmode             <number>        seq increase mode for faketcp:
-                                          0:dont increase
-                                          1:increase every packet(default)
-                                          2:increase randomly, about every 3 packets
+    --force-sock-buf                      bypass system limitation while setting sock-buf
+    --seq-mode            <number>        seq increase mode for faketcp:
+                                          0:static header,do not increase seq and ack_seq
+                                          1:increase seq for every packet,simply ack last seq
+                                          2:increase seq randomly, about every 3 packets,simply ack last seq
+                                          3:simulate an almost real seq/ack procedure(default)
+                                          4:similiar to 3,but do not consider TCP Option Window_Scale,
+                                          maybe useful when firewall doesnt support TCP Option 
     --lower-level         <string>        send packets at OSI level 2, format:'if_name#dest_mac_adress'
                                           ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
                                           the parameter automatically,specify it manually if 'auto' failed

cmake/CMakeLists.txt

@@ -17,3 +17,4 @@ set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -W
 #set(CMAKE_LINK_LIBRARY_FLAG "-lrt")
 add_executable(udp2raw_cmake ${SOURCE_FILES})
 target_link_libraries(udp2raw_cmake rt)
+target_link_libraries(udp2raw_cmake pthread)

doc/README.zh-cn.md

@@ -93,7 +93,7 @@ udp2raw可以用非root账号运行，这样更安全。具体方法见：[#26](
 ### 命令选项
 ```
 udp2raw-tunnel
-version: Aug 26 2017 08:30:48
+git version:adbe7d110f    build date:Sep  6 2017 05:37:45
 repository: https://github.com/wangyu-/udp2raw-tunnel
 
 usage:
@@ -123,10 +123,14 @@ other options:
     --disable-bpf                         disable the kernel space filter,most time its not necessary
                                           unless you suspect there is a bug
     --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
-    --seqmode             <number>        seq increase mode for faketcp:
-                                          0:dont increase
-                                          1:increase every packet(default)
-                                          2:increase randomly, about every 3 packets
+    --force-sock-buf                      bypass system limitation while setting sock-buf
+    --seq-mode            <number>        seq increase mode for faketcp:
+                                          0:static header,do not increase seq and ack_seq
+                                          1:increase seq for every packet,simply ack last seq
+                                          2:increase seq randomly, about every 3 packets,simply ack last seq
+                                          3:simulate an almost real seq/ack procedure(default)
+                                          4:similiar to 3,but do not consider TCP Option Window_Scale,
+                                          maybe useful when firewall doesnt support TCP Option 
     --lower-level         <string>        send packets at OSI level 2, format:'if_name#dest_mac_adress'
                                           ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
                                           the parameter automatically,specify it manually if 'auto' failed

doc/openvpn_guide.md

@@ -11,7 +11,7 @@
 #### run at client side
 assume server ip is 45.66.77.88
 ```
-./udp2raw_amd64 -s -l0.0.0.0:3333 -r 45.66.77.88:8855 -k "passwd" --raw-mode faketcp -a
+./udp2raw_amd64 -c -l0.0.0.0:3333 -r 45.66.77.88:8855 -k "passwd" --raw-mode faketcp -a
 ```
 
 #### hint

log.h

@@ -3,7 +3,7 @@
 #define UDP2RAW_LOG_MYLOG_H_
 
 
-#include<common.h>
+#include "common.h"
 
 using namespace std;
 

main.cpp

@@ -650,7 +650,7 @@ int send_bare(raw_info_t &raw_info,const char* data,int len)//send function with
 	send_raw0(raw_info,send_data_buf2,new_len);
 	return 0;
 }
-int parse_bare(const char *input,int input_len,char* & data,int & len) // a sub function used in recv_bare
+int reserved_parse_bare(const char *input,int input_len,char* & data,int & len) // a sub function used in recv_bare
 {
 	static char recv_data_buf[buf_len];
 
@@ -695,7 +695,7 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		mylog(log_debug,"unexpect packet type recv_info.syn=%d recv_info.ack=%d \n",recv_info.syn,recv_info.ack);
 		return -1;
 	}
-	return parse_bare(data,len,data,len);
+	return reserved_parse_bare(data,len,data,len);
 }
 
 int send_handshake(raw_info_t &raw_info,id_t id1,id_t id2,id_t id3)// a warp for send_bare for sending handshake(this is not tcp handshake) easily
@@ -1562,6 +1562,10 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 				return 0;
 			}
 		}
+		else
+		{
+			recv(raw_recv_fd, 0,0,0);
+		}
 		return 0;
 	}
 	if(!conn_manager.exist(ip,port))
@@ -1648,7 +1652,7 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 		{
 			return -1;
 		}
-		server_on_raw_recv_handshake1(conn_info,ip_port,data,data_len);
+		return server_on_raw_recv_handshake1(conn_info,ip_port,data,data_len);
 	}
 	if(conn_info.state.server_current_state==server_ready)
 	{
@@ -1660,7 +1664,15 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 		//mylog(log_info,"after recv_safer\n");
 		return server_on_raw_recv_ready(conn_info,ip_port,type,data,data_len);
 	}
-	return 0;
+
+	if(conn_info.state.server_current_state==server_idle)
+	{
+		recv(raw_recv_fd, 0,0, 0  );//
+		return 0;
+	}
+	mylog(log_fatal,"we should never run to here\n");
+	myexit(-1);
+	return -1;
 }
 
 /*
@@ -2621,7 +2633,7 @@ void print_help()
 //	printf("\n");
 	printf("    --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024\n");
 	printf("    --force-sock-buf                      bypass system limitation while setting sock-buf\n");
-	printf("    --seqmode             <number>        seq increase mode for faketcp:\n");
+	printf("    --seq-mode            <number>        seq increase mode for faketcp:\n");
 	printf("                                          0:static header,do not increase seq and ack_seq\n");
 	printf("                                          1:increase seq for every packet,simply ack last seq\n");
 	printf("                                          2:increase seq randomly, about every 3 packets,simply ack last seq\n");
@@ -3337,7 +3349,7 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule
 	}
 	if(generate_iptables_rule)
 	{
-		string rule="iptables -I ";
+		string rule="iptables -I INPUT ";
 		rule+=pattern;
 		rule+=" -j DROP";
 

makefile

@@ -1,6 +1,8 @@
 cc_cross=/home/wangyu/Desktop/arm-2014.05/bin/arm-none-linux-gnueabi-g++
 cc_local=g++
-cc_mips34kc=/toolchains/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
+#cc_mips34kc=/toolchains/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
+cc_mips24kc_be=/toolchains/lede-sdk-17.01.2-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl-1.1.16/bin/mips-openwrt-linux-musl-g++
+cc_mips24kc_le=/toolchains/lede-sdk-17.01.2-ramips-mt7621_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl-1.1.16/bin/mipsel-openwrt-linux-musl-g++
 #cc_arm= /toolchains/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabi/bin/arm-linux-gnueabi-g++ -march=armv6 -marm 
 cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++
 #cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ 
@@ -10,7 +12,7 @@ SOURCES=main.cpp lib/aes.c lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp
 SOURCES_AES_ACC=$(filter-out lib/aes.c,$(SOURCES)) $(wildcard lib/aes_acc/aes*.c)
 
 NAME=udp2raw
-TARGETS=amd64 mips34kc arm amd64_hw_aes arm_asm_aes mips34kc_asm_aes x86 x86_asm_aes
+TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
 TAR=${NAME}_binaries.tar.gz `echo ${TARGETS}|sed -r 's/([^ ]+)/udp2raw_\1/g'`
 
 all:git_version
@@ -26,11 +28,15 @@ debug2: git_version
 	rm -f ${NAME}
 	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
 
-mips34kc: git_version
-	${cc_mips34kc}  -o ${NAME}_$@   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+mips24kc_be: git_version
+	${cc_mips24kc_be}  -o ${NAME}_$@   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+mips24kc_be_asm_aes: git_version
+	${cc_mips24kc_be}  -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips_be.S
 
-mips34kc_asm_aes: git_version
-	${cc_mips34kc}  -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips_be.S
+mips24kc_le: git_version
+	${cc_mips24kc_le}  -o ${NAME}_$@   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+mips24kc_le_asm_aes: git_version
+	${cc_mips24kc_le}  -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips.S
 
 #bcm2708:
 #	${cc_bcm2708} -o ${NAME}_bcm2708  -I. ${SOURCES} ${FLAGS} -lrt -static -O3

network.cpp

@@ -1687,12 +1687,12 @@ int after_send_raw0(raw_info_t &raw_info)
 				{
 					send_info.seq=raw_info.recv_info.ack_seq;
 				}
-				if(recv_info.ack_seq_counter>=3)
+				if(recv_info.ack_seq_counter>=3) //simulate tcp fast re-transmit
 				{
 					recv_info.ack_seq_counter=0;
 					send_info.seq=raw_info.recv_info.ack_seq;
 				}
-				if(larger_than_u32(raw_info.recv_info.ack_seq,send_info.seq))  //for further use,currently not useful.
+				if(larger_than_u32(raw_info.recv_info.ack_seq,send_info.seq))  //for further use,currently no effect.
 				{
 					send_info.seq=raw_info.recv_info.ack_seq;
 				}