fix bug in random port bind

Merge pull request #221 from felixonmars/patch-1
Fix a typo in README
2025-09-17 04:34:27 +08:00 · 2018-11-13 02:37:45 -06:00 · 2018-11-13 16:31:03 +08:00 · 2018-11-10 17:13:38 +08:00 · 2018-09-30 09:52:45 +08:00 · 2018-09-06 10:35:23 -05:00
6 changed files with 35 additions and 30 deletions
--- a/README.md
+++ b/README.md
@@ -29,9 +29,9 @@ ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT b
 UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encrytion, anti-replay, or connection stalization).

 ### Simulated TCP with Real-time/Out-of-Order Delivery
-In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates following TCP options: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`.Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congrestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
+In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates following TCP options: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`.Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.

-### Encrpytion, Anti-Replay
+### Encryption, Anti-Replay
 * Encrypt your traffic with AES-128-CBC.
 * Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32).
 * Defense replay attack with an anti-replay window, smiliar to IPSec and OpenVPN. 
--- a/client.cpp
+++ b/client.cpp
@@ -513,7 +513,8 @@ int client_on_udp_recv(conn_info_t &conn_info)
 	socklen_t udp_new_addr_len = sizeof(address_t::storage_t);
 	if ((recv_len = recvfrom(udp_fd, buf, max_data_len+1, 0,
 			(struct sockaddr *) &udp_new_addr_in, &udp_new_addr_len)) == -1) {
-		mylog(log_warn,"recv_from error,%s\n",get_sock_error());
+		mylog(log_debug,"recv_from error,%s\n",get_sock_error());
+		return -1;
 		//myexit(1);
 	};

--- a/connection.cpp
+++ b/connection.cpp
@@ -418,6 +418,7 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		//printf("recv_raw_fail in recv bare\n");
 		return -1;
 	}
+	mylog(log_trace,"data len=%d\n",len);
 	if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
 	{
 		mylog(log_debug,"unexpect packet type recv_info.syn=%d recv_info.ack=%d \n",recv_info.syn,recv_info.ack);
--- a/encrypt.cpp
+++ b/encrypt.cpp
@@ -294,46 +294,33 @@ int de_padding(const char *data ,int &data_len,int padding_num)
 int cipher_aes128cbc_encrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
+
+	char buf[buf_len];
+	memcpy(buf,data,len);//TODO inefficient code
+
+	if(padding(buf,len,16)<0) return -1;
+
 	if(aes_key_optimize)
 	{
 		if(first_time==0) key=0;
 		else first_time=0;
 	}

-	char buf[buf_len];
-	memcpy(buf,data,len);//TODO inefficient code
-
-
-	/*
-	int ori_len=len;
-	len+=2;//length
-	if(len%16!=0)
-	{
-		len= (len/16)*16+16;
-	}
-	//if(len>max_data_len) return -1;
-
-	buf[len-2]= (unsigned char)( (uint16_t(ori_len))>>8);
-	buf[len-1]=(unsigned char)( ((uint16_t(ori_len))<<8)>>8) ;*/
-	if(padding(buf,len,16)<0) return -1;
-
 	AES_CBC_encrypt_buffer((unsigned char *)output,(unsigned char *)buf,len,(unsigned char *)key,(unsigned char *)zero_iv);
 	return 0;
 }
 int cipher_aes128cfb_encrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
+
+	char buf[buf_len];
+	memcpy(buf,data,len);//TODO inefficient code
 	if(aes_key_optimize)
 	{
 		if(first_time==0) key=0;
 		else first_time=0;
 	}

-	char buf[buf_len];
-	memcpy(buf,data,len);//TODO inefficient code
-
-	//if(padding(buf,len,16)<0) return -1;
-
 	AES_CFB_encrypt_buffer((unsigned char *)output,(unsigned char *)buf,len,(unsigned char *)key,(unsigned char *)zero_iv);
 	return 0;
 }
@@ -363,13 +350,12 @@ int cipher_none_encrypt(const char *data,char *output,int &len,char * key)
 int cipher_aes128cbc_decrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
+	if(len%16 !=0) {mylog(log_debug,"len%%16!=0\n");return -1;}
 	if(aes_key_optimize)
 	{
 		if(first_time==0) key=0;
 		else first_time=0;
 	}
-	if(len%16 !=0) {mylog(log_debug,"len%%16!=0\n");return -1;}
-	//if(len<0) {mylog(log_debug,"len <0\n");return -1;}
 	AES_CBC_decrypt_buffer((unsigned char *)output,(unsigned char *)data,len,(unsigned char *)key,(unsigned char *)zero_iv);
 	if(de_padding(output,len,16)<0) return -1;
 	return 0;
@@ -382,8 +368,6 @@ int cipher_aes128cfb_decrypt(const char *data,char *output,int &len,char * key)
 		if(first_time==0) key=0;
 		else first_time=0;
 	}
-	//if(len%16 !=0) {mylog(log_debug,"len%%16!=0\n");return -1;}
-	//if(len<0) {mylog(log_debug,"len <0\n");return -1;}
 	AES_CFB_decrypt_buffer((unsigned char *)output,(unsigned char *)data,len,(unsigned char *)key,(unsigned char *)zero_iv);
 	//if(de_padding(output,len,16)<0) return -1;
 	return 0;
--- a/misc.cpp
+++ b/misc.cpp
@@ -769,6 +769,16 @@ void process_arg(int argc, char *argv[])  //process all options
 		raw_ip_version=local_addr.get_type();
 	}

+	 if(auto_add_iptables_rule&& use_tcp_dummy_socket)
+	 {
+		mylog(log_error,"-a,--auto-rule is not supposed to be used with easyfaketcp mode, you are likely making a mistake, but we can try to continue\n"); 
+	 }
+
+	 if(keep_rule&& use_tcp_dummy_socket)
+	 {
+		mylog(log_error,"--keep-rule is not supposed to be used with easyfaketcp mode, you are likely making a mistake, but we can try to continue\n"); 
+	 }
+
 	 mylog(log_info,"important variables: ");

 	 log_bare(log_info,"log_level=%d:%s ",log_level,log_text[log_level]);
@@ -790,6 +800,7 @@ void process_arg(int argc, char *argv[])  //process all options
 	 log_bare(log_info,"socket_buf_size=%d ",socket_buf_size);

 	 log_bare(log_info,"\n");
+
 }

 void pre_process_arg(int argc, char *argv[])//mainly for load conf file
--- a/network.cpp
+++ b/network.cpp
@@ -1562,6 +1562,7 @@ int recv_raw_icmp(raw_info_t &raw_info, char *&payload, int &payloadlen)
 		mylog(log_debug,"recv_raw_ip error\n");
 		return -1;
 	}
+	mylog(log_trace,"ip_payloadlen=%d\n",ip_payloadlen);
 	if(raw_ip_version==AF_INET)
 	{
 		if(recv_info.protocol!=IPPROTO_ICMP)
@@ -1580,6 +1581,13 @@ int recv_raw_icmp(raw_info_t &raw_info, char *&payload, int &payloadlen)
 		}
 	}

+	if(ip_payloadlen<int( sizeof(my_icmphdr) ))
+	{
+		mylog(log_debug,"too short to hold icmp header\n");
+		return -1;
+	}
+
+

 	my_icmphdr *icmph=(struct my_icmphdr *) (ip_payload);

@@ -2535,9 +2543,9 @@ int client_bind_to_a_new_port(int &fd,u32_t local_ip_uint32)//find a free port a
 int client_bind_to_a_new_port2(int &fd,const address_t& address)//find a free port and bind to it.
 {
 	address_t tmp=address;
-	int raw_send_port=10000+get_true_random_number()%(65535-10000);
 	for(int i=0;i<1000;i++)//try 1000 times at max,this should be enough
 	{
+		int raw_send_port=10000+get_true_random_number()%(65535-10000);
 		tmp.set_port(raw_send_port);
 		if (try_to_list_and_bind2(fd,tmp)==0)
 		{
Author	SHA1	Message	Date
wangyu-	0137dba1fd	fix bug in random port bind	2018-11-13 02:37:45 -06:00
wangyu-	b6f76827b0	Merge pull request #221 from felixonmars/patch-1 Fix a typo in README	2018-11-13 16:31:03 +08:00
Felix Yan	66eb002528	Fix a typo in README	2018-11-10 17:13:38 +08:00
wangyu-	b1f0498472	fix typo	2018-09-30 09:52:45 +08:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	e5584c73be	turn down log level	2018-09-06 10:35:23 -05:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	c855a14ae8	bug fix	2018-09-06 10:35:23 -05:00
wangyu-	d77271540f	trival	2018-08-31 12:51:27 -05:00
wangyu-	6b8852f269	add warning	2018-08-31 12:45:30 -05:00
root	f0e36d7d7c	fixed a core	2018-08-31 17:10:46 +00:00