github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-09-21 14:44:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:e696bd115604db4345480e741b53f7b9ca2dbad2
Branches Tags
github:unified github:revert-455-unified github:master github:modify github:mp github:core_fix
github:20230206.0 github:20200818.0 github:20200727.0 github:20200715.0 github:20190716.test.0 github:20181113.0 github:20180830.2 github:20180830.1 github:20180830.0 github:20180728.1 github:20180728.0 github:20180225.0 github:20180225.1 github:20180220.1 github:20180220.0 github:20180111.1 github:20180111.0 github:20171125.0 github:20171123.1 github:20171111.0 github:20171108.0 github:20171103.0 github:20171024.0 github:20170918.0 github:20170917.0 github:20170911.0 github:20170910.0 github:20170906.0 github:20170826.0 github:20170821.0 github:20170818.1 github:20170818.0 github:20170815.0 github:20170813.1 github:20170813.0 github:20170811.0 github:20170809.0 github:20170808.0 github:20170805.1 github:20170805
..
compare: github:mp
Branches Tags
github:unified github:revert-455-unified github:master github:modify github:mp github:core_fix
github:20230206.0 github:20200818.0 github:20200727.0 github:20200715.0 github:20190716.test.0 github:20181113.0 github:20180830.2 github:20180830.1 github:20180830.0 github:20180728.1 github:20180728.0 github:20180225.0 github:20180225.1 github:20180220.1 github:20180220.0 github:20180111.1 github:20180111.0 github:20171125.0 github:20171123.1 github:20171111.0 github:20171108.0 github:20171103.0 github:20171024.0 github:20170918.0 github:20170917.0 github:20170911.0 github:20170910.0 github:20170906.0 github:20170826.0 github:20170821.0 github:20170818.1 github:20170818.0 github:20170815.0 github:20170813.1 github:20170813.0 github:20170811.0 github:20170809.0 github:20170808.0 github:20170805.1 github:20170805

125 Commits
e696bd1156 ... mp

Author SHA1 Message Date
wangyu
6c1446036b huge_buf_len and huge_data_len fix for mp 2020-07-15 04:35:09 -04:00
wangyu
4e5b3f2baa sync 79bb28 2020-07-15 04:11:38 -04:00
wangyu
ae8356504c do not drop truncated packet for pcap when fix_gro enabled 2020-07-15 03:01:20 -04:00
wangyu
f7f6c6bbe6 update 2020-07-15 01:57:51 -04:00
wangyu
4530606246 aes128cfb_0 2020-07-15 01:38:24 -04:00
wangyu
1b8125003d update 2020-07-14 14:48:03 -04:00
wangyu
769affb1aa change gro scheme 2020-07-14 14:30:54 -04:00
wangyu
bbd49ca82c fix last commit 2020-07-14 12:30:20 -04:00
wangyu
ca4a5d3417 modify scheme of cfb 2020-07-14 11:41:21 -04:00
wangyu
1031f9d760 add wepoll target 2020-07-14 10:08:51 -04:00
wangyu
1c7c9e8a7f merge up to 5cc304 2020-07-14 08:36:46 -04:00
wangyu
87a362109d rm sha1.cpp 2020-07-14 08:26:03 -04:00
wangyu
6681f3a4e6 merge up to f68c6e2 2020-07-14 08:01:48 -04:00
wangyu
fe9e73decc merge ee787e0 2020-07-14 07:21:03 -04:00
U-DESKTOP-T772REH\wangyu
6074dc3a50 get_current_time_us() never goes back now 2019-04-07 18:21:30 +08:00
U-DESKTOP-T772REH\wangyu
07ad00f54d fixed get_sock_error() format on windows 2018-11-13 20:29:37 +08:00
wangyu-
7544fbe9d7 fix \n in log 2018-11-13 05:58:22 -06:00
wangyu-
5ff768b165 changed a few log levels 2018-11-13 05:48:25 -06:00
wangyu-
bb7fe5c0d4 fix typo in code 2018-11-13 03:14:44 -06:00
wangyu-
9c8316e957 fix bug in random port bind 2018-11-13 02:35:42 -06:00
wangyu-
b59b13ab9d update help page 2018-11-13 02:11:48 -06:00
wangyu-
a3bd8b8030 Merge pull request #12 from hughgr/patch-1 
update text instruction
 2018-11-13 16:09:53 +08:00
wangyu-
003f31bfef new option --no-pcap-mutex 2018-11-13 02:08:32 -06:00
wangyu-
7980103bd5 a lot of trival changes 2018-11-13 01:33:46 -06:00
wangyu-
7df9c7f38b update pcap wrapper 2018-11-13 00:05:24 -06:00
wangyu-
d24c96a400 use pcap_breakloop() 2018-11-13 00:03:35 -06:00
wangyu-
001c42be56 protect pcap functions with mutex 2018-11-12 22:56:21 -06:00
老舍
98eba2f2bd update text instruction 2018-11-02 15:46:45 +08:00
wangyu-
175a28d7f4 fixed incorrect text in misc.cpp 2018-10-21 14:13:36 +08:00
U-DESKTOP-T772REH\wangyu
d6c31f00ac turn down log level 2018-09-05 23:53:13 +08:00
U-DESKTOP-T772REH\wangyu
ccdaf886d2 bug fix 2018-09-05 18:46:36 +08:00
wangyu-
3a1050fa26 trival 2018-08-31 12:52:49 -05:00
wangyu-
4bfbe976f1 add warning 2018-08-31 12:47:26 -05:00
root
4e3305bd80 fixed a core 2018-08-31 12:21:46 -05:00
wangyu
349bcf17f1 fix mac compile 2018-08-29 18:08:42 -07:00
wangyu-
ca22a3cf3b reduce diff 2018-08-29 20:03:04 -05:00
U-DESKTOP-T772REH\wangyu
a9bb76d6e8 fix compile on windows again 2018-08-30 08:51:49 +08:00
wangyu-
4e4a77ce16 fix windows compile 2018-08-29 19:37:16 -05:00
wangyu-
ff39a562a6 fix compile 2018-08-29 19:30:26 -05:00
wangyu-
1679c324b3 fixed dev detection and -g 2018-08-29 19:16:42 -05:00
wangyu-
e0aaa65347 reduce diff 2018-08-29 17:07:50 -05:00
wangyu-
61fd35244d added fixthis 2018-08-29 16:10:39 -05:00
wangyu-
314e982570 fix ipv6 of libnet 2018-08-29 15:55:54 -05:00
wangyu-
00776c3423 added ipv6 support,reduce diff with non-mp version 2018-08-29 15:42:45 -05:00
wangyu-
077d1023a7 split main.cpp into main.cpp and client.cpp 2018-08-29 02:10:46 -05:00
wangyu-
2072cfed8d reduce diff with non-mp version 2018-08-29 01:19:15 -05:00
wangyu-
2fc52806fd reduce diff with non-mp version, its only compiles, function is broken 2018-08-28 17:06:04 -05:00
wangyu-
5f29a46aae reduce diff with non-mp version 2018-08-28 16:42:40 -05:00
wangyu-
a130936947 reduce diff with no-mp version 2018-08-28 16:20:11 -05:00
wangyu-
57af53afa8 deleted unused codes,reduce diff with non-mp version 2018-08-28 15:51:53 -05:00
U-DESKTOP-T772REH\wangyu
ae9db0eecf syn update of linux version. for aes128cfb and hmac_sha1 2018-07-24 19:05:21 +08:00
wangyu-
626926e25c changed a typo 2018-07-21 20:51:13 +08:00
U-DESKTOP-T772REH\wangyu
d639adfbbe fix log format 2018-07-05 16:44:51 +08:00
U-DESKTOP-T772REH\wangyu
f1e18d4583 support npcap non-compatiable mode 2018-07-01 11:13:50 +08:00
root
f7166bfde3 fix a core in dev detection 2018-06-30 18:10:59 +00:00
root
7f848553f5 support linux cooked mode 2018-06-29 17:54:31 +00:00
wangyu-
7c1b34d5df trival 2018-06-24 08:30:00 -05:00
wangyu-
44d670d113 sync updates from linux version 2018-06-24 08:27:25 -05:00
wangyu-
d0bd53f087 move images 2018-06-23 17:26:25 -05:00
U-DESKTOP-T772REH\wangyu
2944e73410 supress compile warning 2018-06-24 06:19:38 +08:00
wangyu-
fe64630b30 add missing files 2018-06-23 17:13:26 -05:00
wangyu-
62453eaa39 sync update from linux version 2018-06-23 17:12:04 -05:00
U-DESKTOP-T772REH\wangyu
d43b9ae98c add .gitattributes 2018-06-23 15:55:37 +08:00
U-DESKTOP-T772REH\wangyu
0201d9efe1 trival 2018-06-23 12:34:12 +08:00
U-DESKTOP-T772REH\wangyu
be20e2250d improve makefile 2018-06-23 12:32:20 +08:00
wangyu-
551dc034da fix compile error 2018-06-22 23:14:40 -05:00
U-DESKTOP-T772REH\wangyu
4ce3661b01 change assert to log fatal 2018-06-23 12:08:28 +08:00
wangyu-
0a53d256b6 Update README.md 2018-06-21 18:25:17 +08:00
U-DESKTOP-T772REH\wangyu
955093d26e Merge branch 'portable' of https://github.com/wangyu-/udp2raw-tunnel into portable 2018-06-20 21:07:02 +08:00
U-DESKTOP-T772REH\wangyu
46314022b9 add a log 2018-06-20 21:06:31 +08:00
wangyu
01a793e218 fix print format 2018-06-20 03:45:36 -07:00
U-DESKTOP-T772REH\wangyu
5aafe04f6d --enable-color, fix a segment fault 2018-06-20 00:41:13 +08:00
U-DESKTOP-T772REH\wangyu
17910bb9f4 trival 2018-06-19 17:19:56 +08:00
U-DESKTOP-T772REH\wangyu
d5024a619c fix -g option 2018-06-19 15:40:55 +08:00
U-DESKTOP-T772REH\wangyu
086cba4b1d trival 2018-06-19 14:04:57 +08:00
U-DESKTOP-T772REH\wangyu
db7b43001a simplify pcap_wrapper code 2018-06-19 11:40:22 +08:00
U-DESKTOP-T772REH\wangyu
e110f759eb fix invalid filter expression 2018-06-19 02:21:31 +08:00
U-DESKTOP-T772REH\wangyu
d85bb78139 fix broken random device on mingw 2018-06-19 00:48:09 +08:00
U-DESKTOP-T772REH\wangyu
a1dae3b22e mingw works 2018-06-19 00:36:53 +08:00
U-DESKTOP-T772REH\wangyu
dfcc799876 debug code 2018-06-19 00:15:58 +08:00
U-DESKTOP-T772REH\wangyu
8a5ae7727a delete useless extern c 2018-06-18 22:44:37 +08:00
U-DESKTOP-T772REH\wangyu
56727f76b6 fix cygwin compile 2018-06-18 22:32:43 +08:00
U-DESKTOP-T772REH\wangyu
f75eb798dc mingw compiles but not work yet 2018-06-18 21:50:57 +08:00
U-DESKTOP-T772REH\wangyu
26b356866f Merge branch 'portable' of https://github.com/wangyu-/udp2raw-tunnel into portable 2018-06-17 19:54:03 +08:00
U-DESKTOP-T772REH\wangyu
570e7173d3 trival 2018-06-17 19:53:53 +08:00
wangyu-
0d6df51ebe remove useless headers 2018-06-17 06:50:24 -05:00
U-DESKTOP-T772REH\wangyu
c03e60be51 packet header print fix 2018-06-17 17:52:33 +08:00
wangyu-
e630f81c6e trival 2018-06-17 04:21:51 -05:00
wangyu-
8e7aec7b50 Merge branch 'portable' of https://github.com/wangyu-/udp2raw-tunnel into portable 2018-06-17 04:18:46 -05:00
wangyu-
f43598b423 auto detect device 2018-06-17 04:18:33 -05:00
Charlie Root
80bcf91712 fix freebsd compile 2018-06-16 17:09:16 +00:00
wangyu
d1f40f334d fix mac compile 2018-06-16 09:53:45 -07:00
wangyu-
62e78999de fix linux compile 2018-06-16 11:44:14 -05:00
U-DESKTOP-T772REH\wangyu
fc82fe45c7 add missing file for windows 2018-06-17 00:35:54 +08:00
U-DESKTOP-T772REH\wangyu
970cd8bac5 windows works 2018-06-17 00:35:31 +08:00
wangyu-
a75afc94bb trival 2018-06-16 05:53:44 -05:00
wangyu-
976e0495e5 allow to compile without libnet 2018-06-15 23:05:32 -05:00
wangyu-
33d96331fe implement dummy socket 2018-06-15 11:47:57 -05:00
wangyu-
ba6d5e8895 use tcp for detection 2018-06-15 10:06:34 -05:00
wangyu-
63950e2b22 new option pcap-send 2018-06-15 06:47:39 -05:00
wangyu-
4b8776c67a changed pcap_next_ex to pcap_loop 2018-06-15 02:48:52 -05:00
wangyu-
ddf6b40f3a Merge branch 'portable' of https://github.com/wangyu-/udp2raw-tunnel into portable 2018-06-15 02:25:26 -05:00
wangyu-
55f77463e7 fix pcap latency 2018-06-15 02:25:14 -05:00
Charlie Root
5926e9bd49 fix endian detection on freebsd 2018-06-15 06:07:14 +00:00
wangyu-
b9af389168 renamed id_t to avoid conflict on bsd 2018-06-15 00:50:47 -05:00
wangyu-
23df5160d1 avoid using libnet_clear_packet() 2018-06-15 00:04:41 -05:00
root
af3d7e6c23 add log 2018-06-15 04:53:23 +00:00
wangyu-
781f3d1b44 improve endian detection 2018-06-14 22:31:52 -05:00
root
eba3e2e8cd fix endian problem 2018-06-15 03:23:23 +00:00
root
11b49c72d5 fix an assertion 2018-06-15 03:03:33 +00:00
wangyu
2ab846a9ca endianness macro, fix mac warning 2018-06-14 08:46:37 -07:00
wangyu
0b44f74d9b Merge branch 'portable' of https://github.com/wangyu-/udp2raw-tunnel into portable 2018-06-14 07:55:55 -07:00
wangyu
2198e23026 remove non-portable code on mac 2018-06-14 07:55:50 -07:00
wangyu-
e5524d9edf fix iphdr tcphdr udphdr 2018-06-14 09:54:33 -05:00
wangyu-
5d4ea64d00 remove non-portable code 2018-06-14 09:25:02 -05:00
wangyu
00f37c0d2f remove non-portable headers 2018-06-14 06:46:43 -07:00
wangyu-
1a4c494978 filter expression works 2018-06-14 08:18:26 -05:00
wangyu-
fed5bdc700 libpcap roughly works 2018-06-14 08:01:03 -05:00
wangyu-
83e13ebc5f libnet roughly works 2018-06-12 10:08:41 -05:00
wangyu-
8a1d5b58b1 add libnet and libpcap 2018-06-09 09:04:00 -05:00
wangyu-
ae2fbd4b19 libev works 2018-06-07 06:24:31 -05:00
wangyu-
b5e61ed87d remove useless comments 2018-06-06 21:12:28 -05:00
wangyu-
b449efc6c8 add libev 2018-06-06 20:53:35 -05:00
wangyu-
499599417a removed --lower-level 2018-06-06 20:53:02 -05:00
wangyu-
f44003b801 removed server mode 2018-06-06 19:50:42 -05:00
38 changed files with 8284 additions and 8346 deletions
Expand all files Collapse all files

4
.clang-format
View File

@@ -1,4 +0,0 @@
SortIncludes: false
BasedOnStyle: Google
ColumnLimit: 0
IndentWidth: 4

2
.gitattributes vendored
View File

@@ -1 +1 @@
lib/aes_acc/asm/* linguist-vendored
libev/* linguist-vendored

35
CMakeLists.txt
View File

@@ -1,35 +0,0 @@
#note: experimental
# currently only used for generating `compile_commands.json` for clangd.
# to build this project, it's suggested to use `makefile` instead
cmake_minimum_required(VERSION 3.7)
project(udp2raw)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
set(CMAKE_CXX_STANDARD 11)
set(SOURCE_FILES
main.cpp
lib/md5.cpp
lib/pbkdf2-sha1.cpp
lib/pbkdf2-sha256.cpp
encrypt.cpp
log.cpp
network.cpp
common.cpp
connection.cpp
misc.cpp
fd_manager.cpp
client.cpp
server.cpp
lib/aes_faster_c/aes.cpp
lib/aes_faster_c/wrapper.cpp
my_ev.cpp
)
set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -Wno-missing-field-initializers -O2 -g -fsanitize=address,undefined")
add_executable(udp2raw ${SOURCE_FILES})
target_link_libraries(udp2raw rt)
target_link_libraries(udp2raw pthread)
include_directories(SYSTEM "libev")
include_directories(".")

13
Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
FROM alpine:3.6 as builder
WORKDIR /
RUN apk add --no-cache git build-base linux-headers && \
git clone https://github.com/wangyu-/udp2raw-tunnel.git && \
cd udp2raw-tunnel && \
make dynamic
FROM alpine:3.6
RUN apk add --no-cache libstdc++ iptables
COPY --from=builder /udp2raw-tunnel/udp2raw_dynamic /bin/
ENTRYPOINT [ "/bin/udp2raw_dynamic" ]

7
ISSUE_TEMPLATE.md
View File

@@ -1 +1,6 @@
English Only.
For English speaking user
https://github.com/wangyu-/UDPspeeder/wiki/Issue-Guide
中文用户请看:
https://github.com/wangyu-/UDPspeeder/wiki/发Issue前请看
(否则Issue可能被忽略或被直接关掉)

226
README.md
View File

@@ -1,227 +1,11 @@
# Udp2raw-tunnel
A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment).
When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported.
# udp2raw-multiplatform
![image0](images/image0.PNG)
or
multi-platform(cross-platform) version of [udp2raw](https://github.com/wangyu-/udp2raw-tunnel), which supports Windows/Mac/BSD natively.
![image_vpn](images/udp2rawopenvpn.PNG)
udp2raw的跨平台版协议兼容[linux版的udpraw](https://github.com/wangyu-/udp2raw-tunnel)可以直接运行在Windows、Mac、BSD上。
[udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki)
Check [Wiki](https://github.com/wangyu-/udp2raw-multiplatform/wiki) for details.
[简体中文](/doc/README.zh-cn.md)
# Support Platforms
Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root account or cap_net_raw capability.
For Windows and MacOS users, use the udp2raw in [this repo](https://github.com/wangyu-/udp2raw-multiplatform).
# Features
### Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers
ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel.
UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stabilization).
### Simulated TCP with Real-time/Out-of-Order Delivery
In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
### Encryption, Anti-Replay
* Encrypt your traffic with AES-128-CBC.
* Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32).
* Defense replay attack with anti-replay window.
[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption)
### Failure Dectection & Stabilization (Connection Recovery)
Conection failures are detected by heartbeats. If timed-out, client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild.
For example, if you use udp2raw + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if network cable is re-plugged or WiFi access point is changed**.
### Other Features
* **Multiplexing** One client can handle multiple UDP connections, all of which share the same raw connection.
* **Multiple Clients** One server can have multiple clients.
* **NAT Support** All of the 3 modes work in NAT environments.
* **OpenVZ Support** Tested on BandwagonHost VPS.
* **Easy to Build** No dependencies.To cross-compile udp2raw,all you need to do is just to download a toolchain,modify makefile to point at the toolchain,run `make cross` then everything is done.(Note:Pre-compiled binaries for Desktop,RaspberryPi,Android,some Openwrt Routers are already included in [Releases](https://github.com/wangyu-/udp2raw-tunnel/releases))
### Keywords
`Bypass UDP QoS` `Bypass UDP Blocking` `Bypass OpenVPN TCP over TCP problem` `OpenVPN over ICMP` `UDP to ICMP tunnel` `UDP to TCP tunnel` `UDP over ICMP` `UDP over TCP`
# Getting Started
### Installing
Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
### Running
Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your server ip is 44.55.66.77, you have a service listening on udp port 7777.
```bash
# Run at server side:
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -a
# Run at client side
./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp -a
```
(The above commands need to be run as root. For better security, with some extra steps, you can run udp2raw as non-root. Check [this link](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) for more info )
###### Server Output:
![](images/output_server.PNG)
###### Client Output:
![](images/output_client.PNG)
Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.
### Note
To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki/Android-Guide)
`-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relies on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.
# Advanced Topic
### Usage
```
udp2raw-tunnel
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
repository: https://github.com/wangyu-/udp2raw-tunnel
usage:
run as client : ./this_program -c -l local_listen_ip:local_port -r server_address:server_port [options]
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
common options,these options must be same on both side:
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
-k,--key <string> password to gen symetric key,default:"secret key"
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
-a,--auto-rule auto add (and delete) iptables rule
-g,--gen-rule generate iptables rule then exit,so that you can copy and
add it manually.overrides -a
--disable-anti-replay disable anti-replay,not suggested
client options:
--source-ip <ip> force source-ip for raw socket
--source-port <port> force source-port for raw socket,tcp/udp only
this option disables port changing while re-connecting
other options:
--conf-file <string> read options from a configuration file instead of command line.
check example.conf in repo for format
--fifo <string> use a fifo(named pipe) for sending commands to the running program,
check readme.md in repository for supported commands.
--log-level <number> 0:never 1:fatal 2:error 3:warn
4:info (default) 5:debug 6:trace
--log-position enable file name,function name,line number in log
--disable-color disable log color
--disable-bpf disable the kernel space filter,most time its not necessary
unless you suspect there is a bug
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
--force-sock-buf bypass system limitation while setting sock-buf
--seq-mode <number> seq increase mode for faketcp:
0:static header,do not increase seq and ack_seq
1:increase seq for every packet,simply ack last seq
2:increase seq randomly, about every 3 packets,simply ack last seq
3:simulate an almost real seq/ack procedure(default)
4:similiar to 3,but do not consider TCP Option Window_Scale,
maybe useful when firewall doesnt support TCP Option
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
the parameter automatically,specify it manually if 'auto' failed
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
--keep-rule monitor iptables and auto re-add if necessary.implys -a
--clear clear any iptables rules added by this program.overrides everything
-h,--help print this help message
```
### Iptables rules,`-a` and `-g`
This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually.
### `--cipher-mode` and `--auth-mode`
It is suggested to use `aes128cbc` + `hmac_sha1` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
### `--seq-mode`
The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value.
### `--lower-level`
`--lower-level` allows you to send packet at OSI level 2(link level),so that you can bypass any local iptables rules. If you have a complicated iptables rules which conflicts with udp2raw and you cant(or too lazy to) edit the iptables rules,`--lower-level` can be very useful. Try `--lower-level auto` to auto detect the parameters,you can specify it manually if `auto` fails.
Manual format `if_name#dest_mac_adress`,ie:`eth0#00:23:45:67:89:b9`.
### `--keep-rule`
Monitor iptables and auto re-add iptables rules(for blocking kernel tcp processing) if necessary.Especially useful when iptables rules may be cleared by other programs(for example,if you are using openwrt,everytime you changed and commited a setting,iptables rule may be cleared and re-constructed).
### `--conf-file`
You can also load options from a configuration file in order to keep secrets away from `ps` command.
For example, rewrite the options for the above `server` example (in Getting Started section) into configuration file:
`server.conf`
```
-s
# You can add comments like this
# Comments MUST occupy an entire line
# Or they will not work as expected
# Listen address
-l 0.0.0.0:4096
# Remote address
-r 127.0.0.1:7777
-a
-k passwd
--raw-mode faketcp
```
Pay attention to the `-k` parameter: In command line mode the quotes around the password will be removed by shell. In configuration files we do not remove quotes.
Then start the server with
```bash
./udp2raw_amd64 --conf-file server.conf
```
### `--fifo`
Use a fifo(named pipe) for sending commands to the running program. For example `--fifo fifo.file`.
At client side,you can use `echo reconnect >fifo.file` to force client to reconnect.Currently no command has been implemented for server.
# Peformance Test
#### Test method:
iperf3 TCP via OpenVPN + udp2raw
(iperf3 UDP mode is not used because of a bug mentioned in this issue: https://github.com/esnet/iperf/issues/296 . Instead, we package the TCP traffic into UDP by OpenVPN to test the performance. Read [Application](https://github.com/wangyu-/udp2raw-tunnel#application) for details.
#### iperf3 command:
```
iperf3 -c 10.222.2.1 -P40
iperf3 -c 10.222.2.1 -P40 -R
```
#### Environments
* **Client** Vultr $2.5/monthly plan (single core 2.4GHz cpu, 512MB RAM, Tokyo, Japan)
* **Server** BandwagonHost $3.99/annually plan (single core 2.0GHz cpu, 128MB RAM, Los Angeles, USA)
### Test1
raw_mode: faketcp cipher_mode: xor  auth_mode: simple
![image4](images/image4.PNG)
(reverse speed was simliar and not uploaded)
### Test2
raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5
![image5](images/image5.PNG)
(reverse speed was simliar and not uploaded)
# wiki
Check wiki for more info:
https://github.com/wangyu-/udp2raw-tunnel/wiki
更多信息,见 [Wiki](https://github.com/wangyu-/udp2raw-multiplatform/wiki)

493
client.cpp
View File

File diff suppressed because it is too large Load Diff

517
common.cpp
View File

File diff suppressed because it is too large Load Diff

201
common.h
View File

@@ -27,12 +27,6 @@
#include <assert.h>
#include <pthread.h>
#ifndef USE_LIBNET
#define NO_LIBNET
#endif
#if defined(UDP2RAW_MP)
const int is_udp2raw_mp = 1;
#if !defined(__CYGWIN__) && !defined(__MINGW32__)
#include <pcap.h>
#else
@@ -44,20 +38,6 @@ const int is_udp2raw_mp = 1;
#include <libnet.h>
#endif
#else
#define UDP2RAW_LINUX
const int is_udp2raw_mp = 0;
//#include <linux/if_ether.h>
#include <linux/filter.h>
#include <linux/if_packet.h>
#include <sys/epoll.h>
//#include <sys/wait.h> //signal
#include <netinet/if_ether.h>
#include <net/if.h>
#include <sys/timerfd.h>
#endif
#if !defined(NO_LIBEV_EMBED)
#include <my_ev.h>
#else
@@ -79,6 +59,7 @@ typedef int socklen_t;
#include <netinet/in.h>
#endif
#include<unordered_map>
#include <fstream>
#include <string>
@@ -98,6 +79,7 @@ using namespace std;
#define UDP2RAW_BIG_ENDIAN 1
#endif
#if defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \
defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \
defined(__LITTLE_ENDIAN__) || \
@@ -112,10 +94,12 @@ using namespace std;
#error "endian detection conflicts"
#endif
#if !defined(UDP2RAW_BIG_ENDIAN) && !defined(UDP2RAW_LITTLE_ENDIAN)
#error "endian detection failed"
#endif
#if defined(__MINGW32__)
int inet_pton(int af, const char *src, void *dst);
const char *inet_ntop(int af, const void *src, char *dst, socklen_t size);
@@ -127,17 +111,20 @@ int get_sock_errno();
#if defined(__MINGW32__)
typedef SOCKET my_fd_t;
inline int sock_close(my_fd_t fd) {
inline int sock_close(my_fd_t fd)
{
return closesocket(fd);
}
#else
typedef int my_fd_t;
inline int sock_close(my_fd_t fd) {
inline int sock_close(my_fd_t fd)
{
return close(fd);
}
#endif
typedef unsigned long long u64_t; //this works on most platform,avoid using the PRId64
typedef long long i64_t;
@@ -162,8 +149,6 @@ const int max_addr_len = 100;
extern int force_socket_buf;
extern int g_fix_gro;
/*
struct ip_port_t
{
u32_t ip;
@@ -171,7 +156,8 @@ struct ip_port_t
void from_u64(u64_t u64);
u64_t to_u64();
char * to_s();
};*/
};
typedef u64_t fd64_t;
@@ -180,8 +166,10 @@ u32_t sdbm(unsigned char *str, int len);
struct address_t //TODO scope id
{
struct hash_function {
u32_t operator()(const address_t &key) const {
struct hash_function
{
u32_t operator()(const address_t &key) const
{
return sdbm((unsigned char*)&key.inner,sizeof(key.inner));
}
};
@@ -193,13 +181,16 @@ struct address_t // TODO scope id
};
storage_t inner;
address_t() {
address_t()
{
clear();
}
void clear() {
void clear()
{
memset(&inner,0,sizeof(inner));
}
int from_ip_port(u32_t ip, int port) {
int from_ip_port(u32_t ip, int port)
{
clear();
inner.ipv4.sin_family=AF_INET;
inner.ipv4.sin_port=htons(port);
@@ -207,13 +198,17 @@ struct address_t // TODO scope id
return 0;
}
int from_ip_port_new(int type, void *ip, int port) {
int from_ip_port_new(int type, void * ip, int port)
{
clear();
if (type == AF_INET) {
if(type==AF_INET)
{
inner.ipv4.sin_family=AF_INET;
inner.ipv4.sin_port=htons(port);
inner.ipv4.sin_addr.s_addr=*((u32_t *)ip);
} else if (type == AF_INET6) {
}
else if(type==AF_INET6)
{
inner.ipv6.sin6_family=AF_INET6;
inner.ipv6.sin6_port=htons(port);
inner.ipv6.sin6_addr=*((in6_addr*)ip);
@@ -230,15 +225,18 @@ struct address_t // TODO scope id
char* get_str();
void to_str(char *);
inline u32_t get_type() {
inline u32_t get_type()
{
u32_t ret=((sockaddr*)&inner)->sa_family;
assert(ret==AF_INET||ret==AF_INET6);
return ret;
}
inline u32_t get_len() {
inline u32_t get_len()
{
u32_t type=get_type();
switch (type) {
switch(type)
{
case AF_INET:
return sizeof(sockaddr_in);
case AF_INET6:
@@ -249,9 +247,11 @@ struct address_t // TODO scope id
return -1;
}
inline u32_t get_port() {
inline u32_t get_port()
{
u32_t type=get_type();
switch (type) {
switch(type)
{
case AF_INET:
return ntohs(inner.ipv4.sin_port);
case AF_INET6:
@@ -262,9 +262,11 @@ struct address_t // TODO scope id
return -1;
}
inline void set_port(int port) {
inline void set_port(int port)
{
u32_t type=get_type();
switch (type) {
switch(type)
{
case AF_INET:
inner.ipv4.sin_port=htons(port);
break;
@@ -277,7 +279,8 @@ struct address_t // TODO scope id
return ;
}
bool operator==(const address_t &b) const {
bool operator == (const address_t &b) const
{
//return this->data==b.data;
return memcmp(&this->inner,&b.inner,sizeof(this->inner))==0;
}
@@ -289,13 +292,16 @@ struct address_t // TODO scope id
namespace std {
template <>
struct hash<address_t> {
std::size_t operator()(const address_t &key) const {
struct hash<address_t>
{
std::size_t operator()(const address_t& key) const
{
//return address_t::hash_function(k);
return sdbm((unsigned char*)&key.inner,sizeof(key.inner));
}
};
} // namespace std
}
union my_ip_t //just a simple version of address_t,stores ip only
{
@@ -309,15 +315,21 @@ union my_ip_t // just a simple version of address_t,stores ip only
char * get_str2() const;
int from_address_t(address_t a);
};
struct not_copy_able_t {
not_copy_able_t() {
struct not_copy_able_t
{
not_copy_able_t()
{
}
not_copy_able_t(const not_copy_able_t &other) {
not_copy_able_t(const not_copy_able_t &other)
{
assert(0==1);
}
const not_copy_able_t &operator=(const not_copy_able_t &other) {
const not_copy_able_t & operator=(const not_copy_able_t &other)
{
assert(0==1);
return other;
}
@@ -331,51 +343,51 @@ const int buf_len = max_data_len + 400;
//const int max_address_len=512;
#ifdef UDP2RAW_MP
const int queue_len=200;
struct queue_t {
struct queue_t
{
char data[queue_len][huge_buf_len];
int data_len[queue_len];
int head=0;
int tail=0;
void clear() {
void clear()
{
head=tail=0;
}
int empty() {
if (head == tail)
return 1;
else
return 0;
int empty()
{
if(head==tail) return 1;
else return 0;
}
int full() {
if ((tail + 1) % queue_len == head)
return 1;
else
return 0;
int full()
{
if( (tail+1)%queue_len==head ) return 1;
else return 0;
}
void peek_front(char *&p, int &len) {
void peek_front(char * & p,int &len)
{
assert(!empty());
p=data[head];
len=data_len[head];
}
void pop_front() {
void pop_front()
{
assert(!empty());
head++;
head %= queue_len;
head++;head%=queue_len;
}
void push_back(char *p, int len) {
void push_back(char * p,int len)
{
assert(!full());
memcpy(data[tail],p,len);
data_len[tail]=len;
tail++;
tail %= queue_len;
tail++;tail%=queue_len;
}
};
int init_ws();
#endif
u64_t get_current_time();
u64_t pack_u64(u32_t a,u32_t b);
@@ -439,10 +451,12 @@ int create_fifo(char *file);
void print_binary_chars(const char * a,int len);
template <class key_t>
struct lru_collector_t : not_copy_able_t {
struct lru_collector_t:not_copy_able_t
{
//typedef void* key_t;
//#define key_t void*
struct lru_pair_t {
struct lru_pair_t
{
key_t key;
my_time_t ts;
};
@@ -450,61 +464,65 @@ struct lru_collector_t : not_copy_able_t {
unordered_map<key_t,typename list<lru_pair_t>::iterator> mp;
list<lru_pair_t> q;
int update(key_t key) {
int update(key_t key)
{
assert(mp.find(key)!=mp.end());
auto it=mp[key];
q.erase(it);
my_time_t value=get_current_time();
if (!q.empty()) {
if(!q.empty())
{
assert(value >=q.front().ts);
}
lru_pair_t tmp;
tmp.key = key;
tmp.ts = value;
lru_pair_t tmp; tmp.key=key; tmp.ts=value;
q.push_front( tmp);
mp[key]=q.begin();
return 0;
}
int new_key(key_t key) {
int new_key(key_t key)
{
assert(mp.find(key)==mp.end());
my_time_t value=get_current_time();
if (!q.empty()) {
if(!q.empty())
{
assert(value >=q.front().ts);
}
lru_pair_t tmp;
tmp.key = key;
tmp.ts = value;
lru_pair_t tmp; tmp.key=key; tmp.ts=value;
q.push_front( tmp);
mp[key]=q.begin();
return 0;
}
int size() {
int size()
{
return q.size();
}
int empty() {
int empty()
{
return q.empty();
}
void clear() {
mp.clear();
q.clear();
void clear()
{
mp.clear(); q.clear();
}
my_time_t ts_of(key_t key) {
my_time_t ts_of(key_t key)
{
assert(mp.find(key)!=mp.end());
return mp[key]->ts;
}
my_time_t peek_back(key_t &key) {
my_time_t peek_back(key_t &key)
{
assert(!q.empty());
auto it = q.end();
it--;
auto it=q.end(); it--;
key=it->key;
return it->ts;
}
void erase(key_t key) {
void erase(key_t key)
{
assert(mp.find(key)!=mp.end());
q.erase(mp[key]);
mp.erase(key);
@@ -519,4 +537,5 @@ struct lru_collector_t : not_copy_able_t {
}*/
};
#endif /* COMMON_H_ */

289
connection.cpp
View File

@@ -15,53 +15,67 @@ const int disable_conn_clear = 0; // a raw connection is called conn.
conn_manager_t conn_manager;
anti_replay_seq_t anti_replay_t::get_new_seq_for_send() {
anti_replay_seq_t anti_replay_t::get_new_seq_for_send()
{
return anti_replay_seq++;
}
anti_replay_t::anti_replay_t() {
anti_replay_t::anti_replay_t()
{
max_packet_received=0;
anti_replay_seq=get_true_random_number_64()/10;//random first seq
//memset(window,0,sizeof(window)); //not necessary
}
void anti_replay_t::re_init() {
void anti_replay_t::re_init()
{
max_packet_received=0;
//memset(window,0,sizeof(window));
}
int anti_replay_t::is_vaild(u64_t seq) {
int anti_replay_t::is_vaild(u64_t seq)
{
if(disable_anti_replay) return 1;
//if(disabled) return 0;
if (seq == max_packet_received)
return 0;
else if (seq > max_packet_received) {
if (seq - max_packet_received >= anti_replay_window_size) {
if(seq==max_packet_received) return 0;
else if(seq>max_packet_received)
{
if(seq-max_packet_received>=anti_replay_window_size)
{
memset(window,0,sizeof(window));
window[seq%anti_replay_window_size]=1;
} else {
}
else
{
for (u64_t i=max_packet_received+1;i<seq;i++)
window[i%anti_replay_window_size]=0;
window[seq%anti_replay_window_size]=1;
}
max_packet_received=seq;
return 1;
} else if (seq < max_packet_received) {
if (max_packet_received - seq >= anti_replay_window_size)
return 0;
else {
if (window[seq % anti_replay_window_size] == 1)
return 0;
else {
}
else if(seq<max_packet_received)
{
if(max_packet_received-seq>=anti_replay_window_size) return 0;
else
{
if (window[seq%anti_replay_window_size]==1) return 0;
else
{
window[seq%anti_replay_window_size]=1;
return 1;
}
}
}
return 0; //for complier check
}
void conn_info_t::recover(const conn_info_t &conn_info) {
void conn_info_t::recover(const conn_info_t &conn_info)
{
raw_info=conn_info.raw_info;
raw_info.rst_received=0;
@@ -77,9 +91,11 @@ void conn_info_t::recover(const conn_info_t &conn_info) {
my_roller=0;//no need to set,but for easier debug,set it to zero
oppsite_roller=0;//same as above
last_oppsite_roller_time=0;
}
void conn_info_t::re_init() {
void conn_info_t::re_init()
{
//send_packet_info.protocol=g_packet_info_send.protocol;
if(program_mode==server_mode)
state.server_current_state=server_idle;
@@ -94,37 +110,49 @@ void conn_info_t::re_init() {
oppsite_roller=0;
last_oppsite_roller_time=0;
}
conn_info_t::conn_info_t() {
conn_info_t::conn_info_t()
{
blob=0;
re_init();
}
void conn_info_t::prepare() {
void conn_info_t::prepare()
{
assert(blob==0);
blob=new blob_t;
if (program_mode == server_mode) {
if(program_mode==server_mode)
{
blob->conv_manager.s.additional_clear_function=server_clear_function;
} else {
}
else
{
assert(program_mode==client_mode);
}
}
conn_info_t::conn_info_t(const conn_info_t &b) {
conn_info_t::conn_info_t(const conn_info_t&b)
{
assert(0==1);
//mylog(log_error,"called!!!!!!!!!!!!!\n");
}
conn_info_t &conn_info_t::operator=(const conn_info_t &b) {
conn_info_t& conn_info_t::operator=(const conn_info_t& b)
{
mylog(log_fatal,"not allowed\n");
myexit(-1);
return *this;
}
conn_info_t::~conn_info_t() {
if (program_mode == server_mode) {
if (state.server_current_state == server_ready) {
conn_info_t::~conn_info_t()
{
if(program_mode==server_mode)
{
if(state.server_current_state==server_ready)
{
assert(blob!=0);
assert(oppsite_const_id!=0);
//assert(conn_manager.const_id_mp.find(oppsite_const_id)!=conn_manager.const_id_mp.end()); // conn_manager 's deconstuction function erases it
} else {
}
else
{
assert(blob==0);
assert(oppsite_const_id==0);
}
@@ -138,7 +166,9 @@ conn_info_t::~conn_info_t() {
//send_packet_info.protocol=g_packet_info_send.protocol;
}
conn_manager_t::conn_manager_t() {
conn_manager_t::conn_manager_t()
{
ready_num=0;
mp.reserve(10007);
//clear_it=mp.begin();
@@ -149,12 +179,14 @@ conn_manager_t::conn_manager_t() {
//current_ready_ip=0;
// current_ready_port=0;
}
int conn_manager_t::exist(address_t addr) {
int conn_manager_t::exist(address_t addr)
{
//u64_t u64=0;
//u64=ip;
//u64<<=32u;
//u64|=port;
if (mp.find(addr) != mp.end()) {
if(mp.find(addr)!=mp.end())
{
return 1;
}
return 0;
@@ -176,10 +208,13 @@ conn_info_t *&conn_manager_t::find_insert_p(address_t addr) // be aware,the adr
//u64<<=32u;
//u64|=port;
unordered_map<address_t,conn_info_t*>::iterator it=mp.find(addr);
if (it == mp.end()) {
if(it==mp.end())
{
mp[addr]=new conn_info_t;
//lru.new_key(addr);
} else {
}
else
{
//lru.update(addr);
}
return mp[addr];
@@ -191,16 +226,21 @@ conn_info_t &conn_manager_t::find_insert(address_t addr) // be aware,the adress
//u64<<=32u;
//u64|=port;
unordered_map<address_t,conn_info_t*>::iterator it=mp.find(addr);
if (it == mp.end()) {
if(it==mp.end())
{
mp[addr]=new conn_info_t;
//lru.new_key(addr);
} else {
}
else
{
//lru.update(addr);
}
return *mp[addr];
}
int conn_manager_t::erase(unordered_map<address_t, conn_info_t *>::iterator erase_it) {
if (erase_it->second->state.server_current_state == server_ready) {
int conn_manager_t::erase(unordered_map<address_t,conn_info_t*>::iterator erase_it)
{
if(erase_it->second->state.server_current_state==server_ready)
{
ready_num--;
assert(i32_t(ready_num)!=-1);
assert(erase_it->second!=0);
@@ -212,6 +252,7 @@ int conn_manager_t::erase(unordered_map<address_t, conn_info_t *>::iterator eras
assert(erase_it->second->oppsite_const_id!=0);
assert(const_id_mp.find(erase_it->second->oppsite_const_id)!=const_id_mp.end());
//assert(timer_fd_mp.find(erase_it->second->timer_fd)!=timer_fd_mp.end());
const_id_mp.erase(erase_it->second->oppsite_const_id);
@@ -223,24 +264,30 @@ int conn_manager_t::erase(unordered_map<address_t, conn_info_t *>::iterator eras
//close(erase_it->second->timer_fd);// close will auto delte it from epoll
delete(erase_it->second);
mp.erase(erase_it->first);
} else {
}
else
{
assert(erase_it->second->blob==0);
assert(erase_it->second->timer_fd64 ==0);
assert(erase_it->second->oppsite_const_id==0);
delete(erase_it->second);
mp.erase(erase_it->first);
}
return 0;
}
int conn_manager_t::clear_inactive() {
if (get_current_time() - last_clear_time > conn_clear_interval) {
int conn_manager_t::clear_inactive()
{
if(get_current_time()-last_clear_time>conn_clear_interval)
{
last_clear_time=get_current_time();
return clear_inactive0();
}
return 0;
}
int conn_manager_t::clear_inactive0() {
int conn_manager_t::clear_inactive0()
{
unordered_map<address_t,conn_info_t*>::iterator it;
unordered_map<address_t,conn_info_t*>::iterator old_it;
@@ -257,22 +304,31 @@ int conn_manager_t::clear_inactive0() {
num_to_clean=min(num_to_clean,(int)mp.size());
u64_t current_time=get_current_time();
for (;;) {
for(;;)
{
if(cnt>=num_to_clean) break;
if(mp.begin()==mp.end()) break;
if (it == mp.end()) {
if(it==mp.end())
{
it=mp.begin();
}
if (it->second->state.server_current_state == server_ready && current_time - it->second->last_hb_recv_time <= server_conn_timeout) {
if(it->second->state.server_current_state==server_ready &&current_time - it->second->last_hb_recv_time <=server_conn_timeout)
{
it++;
} else if (it->second->state.server_current_state != server_ready && current_time - it->second->last_state_time <= server_handshake_timeout) {
}
else if(it->second->state.server_current_state!=server_ready&& current_time - it->second->last_state_time <=server_handshake_timeout )
{
it++;
} else if (it->second->blob != 0 && it->second->blob->conv_manager.s.get_size() > 0) {
}
else if(it->second->blob!=0&&it->second->blob->conv_manager.s.get_size() >0)
{
assert(it->second->state.server_current_state==server_ready);
it++;
} else {
}
else
{
mylog(log_info,"[%s:%d]inactive conn cleared \n",it->second->raw_info.recv_info.new_src_ip.get_str1(),it->second->raw_info.recv_info.src_port);
old_it=it;
it++;
@@ -285,10 +341,13 @@ int conn_manager_t::clear_inactive0() {
return 0;
}
int send_bare(raw_info_t &raw_info,const char* data,int len)//send function with encryption but no anti replay,this is used when client and server verifys each other
//you have to design the protocol carefully, so that you wont be affect by relay attack
{
if (len < 0) {
if(len<0)
{
mylog(log_debug,"input_len <0\n");
return -1;
}
@@ -298,6 +357,7 @@ int send_bare(raw_info_t &raw_info, const char *data, int len) // send function
char send_data_buf[buf_len]; //buf for send data and send hb
char send_data_buf2[buf_len];
//static send_bare[buf_len];
iv_t iv=get_true_random_number_64();
padding_t padding=get_true_random_number_64();
@@ -309,7 +369,8 @@ int send_bare(raw_info_t &raw_info, const char *data, int len) // send function
memcpy(send_data_buf+sizeof(iv)+sizeof(padding)+1,data,len);
int new_len=len+sizeof(iv)+sizeof(padding)+1;
if (my_encrypt(send_data_buf, send_data_buf2, new_len) != 0) {
if(my_encrypt(send_data_buf,send_data_buf2,new_len)!=0)
{
return -1;
}
send_raw0(raw_info,send_data_buf2,new_len);
@@ -319,22 +380,26 @@ int reserved_parse_bare(const char *input, int input_len, char *&data, int &len)
{
static char recv_data_buf[buf_len];
if (input_len < 0) {
if(input_len<0)
{
mylog(log_debug,"input_len <0\n");
return -1;
}
if (my_decrypt(input, recv_data_buf, input_len) != 0) {
if(my_decrypt(input,recv_data_buf,input_len)!=0)
{
mylog(log_debug,"decrypt_fail in recv bare\n");
return -1;
}
if (recv_data_buf[sizeof(iv_t) + sizeof(padding_t)] != 'b') {
if(recv_data_buf[sizeof(iv_t)+sizeof(padding_t)]!='b')
{
mylog(log_debug,"not a bare packet\n");
return -1;
}
len=input_len;
data=recv_data_buf+sizeof(iv_t)+sizeof(padding_t)+1;
len-=sizeof(iv_t)+sizeof(padding_t)+1;
if (len < 0) {
if(len<0)
{
mylog(log_debug,"len <0\n");
return -1;
}
@@ -346,18 +411,14 @@ int recv_bare(raw_info_t &raw_info, char *&data, int &len) // recv function wit
packet_info_t &send_info=raw_info.send_info;
packet_info_t &recv_info=raw_info.recv_info;
if (recv_raw0(raw_info, data, len) < 0) {
if(recv_raw0(raw_info,data,len)<0)
{
//printf("recv_raw_fail in recv bare\n");
return -1;
}
if (len >= max_data_len + 1) {
mylog(log_debug, "data_len=%d >= max_data_len+1,ignored", len);
return -1;
}
mylog(log_trace,"data len=%d\n",len);
if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1))) {
if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
{
mylog(log_debug,"unexpect packet type recv_info.syn=%d recv_info.ack=%d \n",recv_info.syn,recv_info.ack);
return -1;
}
@@ -369,14 +430,10 @@ int send_handshake(raw_info_t &raw_info, my_id_t id1, my_id_t id2, my_id_t id3)
packet_info_t &send_info=raw_info.send_info;
packet_info_t &recv_info=raw_info.recv_info;
char *data;
int len;
char * data;int len;
//len=sizeof(id_t)*3;
if(numbers_to_char(id1,id2,id3,data,len)!=0) return -1;
if (send_bare(raw_info, data, len) != 0) {
mylog(log_warn, "send bare fail\n");
return -1;
}
if(send_bare(raw_info,data,len)!=0) {mylog(log_warn,"send bare fail\n");return -1;}
return 0;
}
/*
@@ -392,14 +449,17 @@ int recv_handshake(packet_info_t &info,id_t &id1,id_t &id2,id_t &id3)
int send_safer(conn_info_t &conn_info,char type,const char* data,int len) //safer transfer function with anti-replay,when mutually verification is done.
{
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
if (type != 'h' && type != 'd') {
if(type!='h'&&type!='d')
{
mylog(log_warn,"first byte is not h or d ,%x\n",type);
return -1;
}
char send_data_buf[buf_len]; //buf for send data and send hb
char send_data_buf2[buf_len];
@@ -415,6 +475,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len) //
memcpy(send_data_buf+sizeof(n_tmp_id)*2,&n_seq,sizeof(n_seq));
send_data_buf[sizeof(n_tmp_id)*2+sizeof(n_seq)]=type;
send_data_buf[sizeof(n_tmp_id)*2+sizeof(n_seq)+1]=conn_info.my_roller;
@@ -422,24 +483,33 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len) //
int new_len=len+sizeof(n_seq)+sizeof(n_tmp_id)*2+2;
if (g_fix_gro == 0) {
if (my_encrypt(send_data_buf, send_data_buf2, new_len) != 0) {
if(g_fix_gro==0)
{
if (my_encrypt(send_data_buf, send_data_buf2, new_len) != 0)
{
return -1;
}
} else {
if (my_encrypt(send_data_buf, send_data_buf2 + 2, new_len) != 0) {
}
else
{
if (my_encrypt(send_data_buf, send_data_buf2+2, new_len) != 0)
{
return -1;
}
write_u16(send_data_buf2,new_len);
new_len+=2;
if (cipher_mode == cipher_xor) {
if(cipher_mode==cipher_xor)
{
send_data_buf2[0]^=gro_xor[0];
send_data_buf2[1]^=gro_xor[1];
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
}
else if(cipher_mode==cipher_aes128cbc||cipher_mode==cipher_aes128cbc)
{
aes_ecb_encrypt1(send_data_buf2);
}
}
if(send_raw0(conn_info.raw_info,send_data_buf2,new_len)!=0) return -1;
if(after_send_raw0(conn_info.raw_info)!=0) return -1;
@@ -460,17 +530,21 @@ int send_data_safer(conn_info_t &conn_info, const char *data, int len, u32_t con
int new_len=len+sizeof(n_conv_num);
send_safer(conn_info,'d',send_data_buf,new_len);
return 0;
}
int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len,char &type,char* &data,int &len)//subfunction for recv_safer,allow overlap
{
static char recv_data_buf[buf_len];
// char *recv_data_buf=recv_data_buf0; //fix strict alias warning
if (my_decrypt(input, recv_data_buf, input_len) != 0) {
if(my_decrypt(input,recv_data_buf,input_len)!=0)
{
//printf("decrypt fail\n");
return -1;
}
//char *a=recv_data_buf;
//id_t h_oppiste_id= ntohl ( *((id_t * )(recv_data_buf)) );
my_id_t h_oppsite_id;
@@ -487,7 +561,8 @@ int reserved_parse_safer(conn_info_t &conn_info, const char *input, int input_le
memcpy(&h_seq,recv_data_buf +sizeof(my_id_t) *2 ,sizeof(h_seq));
h_seq=ntoh64(h_seq);
if (h_oppsite_id != conn_info.oppsite_id || h_my_id != conn_info.my_id) {
if(h_oppsite_id!=conn_info.oppsite_id||h_my_id!=conn_info.my_id)
{
mylog(log_debug,"id and oppsite_id verification failed %x %x %x %x \n",h_oppsite_id,conn_info.oppsite_id,h_my_id,conn_info.my_id);
return -1;
}
@@ -501,37 +576,46 @@ int reserved_parse_safer(conn_info_t &conn_info, const char *input, int input_le
data=recv_data_buf+sizeof(anti_replay_seq_t)+sizeof(my_id_t)*2;
len=input_len-(sizeof(anti_replay_seq_t)+sizeof(my_id_t)*2 );
if (data[0] != 'h' && data[0] != 'd') {
if(data[0]!='h'&&data[0]!='d')
{
mylog(log_debug,"first byte is not h or d ,%x\n",data[0]);
return -1;
}
uint8_t roller=data[1];
type=data[0];
data+=2;
len-=2;
if (len < 0) {
if(len<0)
{
mylog(log_debug,"len <0 ,%d\n",len);
return -1;
}
if (roller != conn_info.oppsite_roller) {
if(roller!=conn_info.oppsite_roller)
{
conn_info.oppsite_roller=roller;
conn_info.last_oppsite_roller_time=get_current_time();
}
if(hb_mode==0)
conn_info.my_roller++;//increase on a successful recv
else if (hb_mode == 1) {
else if(hb_mode==1)
{
if(type=='h')
conn_info.my_roller++;
} else {
}
else
{
mylog(log_fatal,"unknow hb_mode\n");
myexit(-1);
}
if (after_recv_raw0(conn_info.raw_info) != 0) return -1; // TODO might need to move this function to somewhere else after --fix-gro is introduced
if(after_recv_raw0(conn_info.raw_info)!=0) return -1;
return 0;
}
@@ -540,8 +624,7 @@ int recv_safer_notused(conn_info_t &conn_info, char &type, char *&data, int &len
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
char *recv_data;
int recv_len;
char * recv_data;int recv_len;
//static char recv_data_buf[buf_len];
if(recv_raw0(conn_info.raw_info,recv_data,recv_len)!=0) return -1;
@@ -554,8 +637,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
packet_info_t &send_info=conn_info.raw_info.send_info;
packet_info_t &recv_info=conn_info.raw_info.recv_info;
char *recv_data;
int recv_len;
char * recv_data;int recv_len;
assert(type_arr.empty());
assert(data_arr.empty());
@@ -565,45 +647,55 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
char *data;
int len;
if (g_fix_gro == 0) {
if(g_fix_gro==0)
{
int ret = reserved_parse_safer(conn_info, recv_data, recv_len, type, data, len);
if (ret == 0) {
if(ret==0)
{
type_arr.push_back(type);
data_arr.emplace_back(data,data+len);
//std::copy(data,data+len,data_arr[0]);
}
return 0;
} else {
} else
{
char *ori_recv_data=recv_data;
int ori_recv_len=recv_len;
//mylog(log_debug,"recv_len:%d\n",recv_len);
int cnt=0;
while (recv_len >= 16) {
while(recv_len>=16)
{
cnt++;
int single_len_no_xor;
single_len_no_xor=read_u16(recv_data);
int single_len;
if (cipher_mode == cipher_xor) {
if(cipher_mode==cipher_xor)
{
recv_data[0]^=gro_xor[0];
recv_data[1]^=gro_xor[1];
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
}
else if(cipher_mode==cipher_aes128cbc||cipher_mode==cipher_aes128cbc)
{
aes_ecb_decrypt1(recv_data);
}
single_len=read_u16(recv_data);
recv_len-=2;
recv_data+=2;
if (single_len > recv_len) {
if(single_len > recv_len)
{
mylog(log_debug,"illegal single_len %d(%d), recv_len %d left,dropped\n",single_len,single_len_no_xor,recv_len);
break;
}
if (single_len > max_data_len) {
if(single_len> max_data_len )
{
mylog(log_warn,"single_len %d(%d) > %d, maybe you need to turn down mtu at upper level\n",single_len,single_len_no_xor,max_data_len);
break;
}
int ret = reserved_parse_safer(conn_info, recv_data, single_len, type, data, len);
if (ret != 0) {
if(ret!=0)
{
mylog(log_debug,"parse failed, offset= %d,single_len=%d(%d)\n",(int)(recv_data-ori_recv_data),single_len,single_len_no_xor);
} else{
type_arr.push_back(type);
@@ -613,13 +705,15 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
recv_data+=single_len;
recv_len-=single_len;
}
if (cnt > 1) {
if(cnt>1)
{
mylog(log_debug,"got a suspected gro packet, %d packets recovered, recv_len=%d, loop_cnt=%d\n",(int)data_arr.size(),ori_recv_len,cnt);
}
return 0;
}
}
void server_clear_function(u64_t u64)//used in conv_manager in server mode.for server we have to use one udp fd for one conv(udp connection),
//so we have to close the fd when conv expires
{
@@ -637,8 +731,7 @@ void server_clear_function(u64_t u64) // used in conv_manager in server mode.fo
{
mylog(log_fatal,"fd:%d epoll delete failed!!!!\n",fd);
myexit(-1); //this shouldnt happen
}*/
// no need
}*/ //no need
/*ret= close(fd); //closed fd should be auto removed from epoll

98
connection.h
View File

@@ -18,6 +18,7 @@ extern int disable_anti_replay;
const int disable_conv_clear=0;//a udp connection in the multiplexer is called conversation in this program,conv for short.
struct anti_replay_t //its for anti replay attack,similar to openvpn/ipsec 's anti replay window
{
u64_t max_packet_received;
@@ -50,29 +51,36 @@ struct conv_manager_t // manage the udp connections
long long last_clear_time;
conv_manager_t() {
conv_manager_t()
{
//clear_it=conv_last_active_time.begin();
long long last_clear_time=0;
additional_clear_function=0;
}
~conv_manager_t() {
~conv_manager_t()
{
clear();
}
int get_size() {
int get_size()
{
return conv_to_data.size();
}
void reserve() {
void reserve()
{
data_to_conv.reserve(10007);
conv_to_data.reserve(10007);
//conv_last_active_time.reserve(10007);
lru.mp.reserve(10007);
}
void clear() {
void clear()
{
if(disable_conv_clear) return ;
if (additional_clear_function != 0) {
for (auto it = conv_to_data.begin(); it != conv_to_data.end(); it++) {
if(additional_clear_function!=0)
{
for(auto it=conv_to_data.begin();it!=conv_to_data.end();it++)
{
//int fd=int((it->second<<32u)>>32u);
additional_clear_function( it->second);
}
@@ -84,42 +92,53 @@ struct conv_manager_t // manage the udp connections
//conv_last_active_time.clear();
//clear_it=conv_last_active_time.begin();
}
u32_t get_new_conv() {
u32_t get_new_conv()
{
u32_t conv=get_true_random_number_nz();
while (conv_to_data.find(conv) != conv_to_data.end()) {
while(conv_to_data.find(conv)!=conv_to_data.end())
{
conv=get_true_random_number_nz();
}
return conv;
}
int is_conv_used(u32_t conv) {
int is_conv_used(u32_t conv)
{
return conv_to_data.find(conv)!=conv_to_data.end();
}
int is_data_used(T data) {
int is_data_used(T data)
{
return data_to_conv.find(data)!=data_to_conv.end();
}
u32_t find_conv_by_data(T data) {
u32_t find_conv_by_data(T data)
{
return data_to_conv[data];
}
T find_data_by_conv(u32_t conv) {
T find_data_by_conv(u32_t conv)
{
return conv_to_data[conv];
}
int update_active_time(u32_t conv) {
int update_active_time(u32_t conv)
{
//return conv_last_active_time[conv]=get_current_time();
lru.update(conv);
return 0;
}
int insert_conv(u32_t conv, T data) {
int insert_conv(u32_t conv,T data)
{
data_to_conv[data]=conv;
conv_to_data[conv]=data;
//conv_last_active_time[conv]=get_current_time();
lru.new_key(conv);
return 0;
}
int erase_conv(u32_t conv) {
int erase_conv(u32_t conv)
{
if(disable_conv_clear) return 0;
T data=conv_to_data[conv];
if (additional_clear_function != 0) {
if(additional_clear_function!=0)
{
additional_clear_function(data);
}
conv_to_data.erase(conv);
@@ -128,16 +147,20 @@ struct conv_manager_t // manage the udp connections
lru.erase(conv);
return 0;
}
int clear_inactive(char *info = 0) {
if (get_current_time() - last_clear_time > conv_clear_interval) {
int clear_inactive(char * info=0)
{
if(get_current_time()-last_clear_time>conv_clear_interval)
{
last_clear_time=get_current_time();
return clear_inactive0(info);
}
return 0;
}
int clear_inactive0(char *info) {
int clear_inactive0(char * info)
{
if(disable_conv_clear) return 0;
unordered_map<u32_t,u64_t>::iterator it;
unordered_map<u32_t,u64_t>::iterator old_it;
@@ -150,7 +173,8 @@ struct conv_manager_t // manage the udp connections
num_to_clean=min(num_to_clean,size);
my_time_t current_time=get_current_time();
for (;;) {
for(;;)
{
if(cnt>=num_to_clean) break;
if(lru.empty()) break;
@@ -160,9 +184,12 @@ struct conv_manager_t // manage the udp connections
if(current_time- ts < conv_timeout) break;
erase_conv(conv);
if (info == 0) {
if(info==0)
{
mylog(log_info,"conv %x cleared\n",conv);
} else {
}
else
{
mylog(log_info,"[%s]conv %x cleared\n",info,conv);
}
cnt++;
@@ -170,6 +197,7 @@ struct conv_manager_t // manage the udp connections
return 0;
}
/*
conv_manager_t();
~conv_manager_t();
@@ -195,18 +223,26 @@ struct blob_t : not_copy_able_t // used in conn_info_t.
conv_manager_t<address_t> c;
conv_manager_t<u64_t> s;
//avoid templates here and there, avoid pointer and type cast
tmp_union_t() {
if (program_mode == client_mode) {
tmp_union_t()
{
if(program_mode==client_mode)
{
new( &c ) conv_manager_t<address_t>();
} else {
}
else
{
assert(program_mode==server_mode);
new( &s ) conv_manager_t<u64_t>();
}
}
~tmp_union_t() {
if (program_mode == client_mode) {
~tmp_union_t()
{
if(program_mode==client_mode)
{
c.~conv_manager_t<address_t>();
} else {
}
else
{
assert(program_mode==server_mode);
s.~conv_manager_t<u64_t>();
}
@@ -229,6 +265,7 @@ struct conn_info_t // stores info for a raw connection.for client ,there is onl
my_id_t my_id;
my_id_t oppsite_id;
fd64_t timer_fd64;
fd64_t udp_fd64;
@@ -245,7 +282,6 @@ struct conn_info_t // stores info for a raw connection.for client ,there is onl
/*
const uint32_t &ip=raw_info.recv_info.src_ip;
const uint16_t &port=raw_info.recv_info.src_port;
*/
void recover(const conn_info_t &conn_info);
void re_init();
@@ -258,6 +294,7 @@ struct conn_info_t // stores info for a raw connection.for client ,there is onl
struct conn_manager_t //manager for connections. for client,we dont need conn_manager since there is only one connection.for server we use one conn_manager for all connections
{
u32_t ready_num;
//unordered_map<int,conn_info_t *> udp_fd_mp; //a bit dirty to used pointer,but can void unordered_map search
@@ -291,6 +328,7 @@ struct conn_manager_t // manager for connections. for client,we dont need conn_
int erase(unordered_map<address_t,conn_info_t*>::iterator erase_it);
int clear_inactive();
int clear_inactive0();
};
extern conn_manager_t conn_manager;

328
doc/README.zh-cn.md
View File

@@ -1,175 +1,118 @@
# Udp2raw-tunnel
![image2](/images/image0.PNG)
udp2raw tunnel通过raw socket给UDP包加上TCP或ICMP header进而绕过UDP屏蔽或QoS或在UDP不稳定的环境下提升稳定性。可以有效防止在使用kcptun或者finalspeed的情况下udp端口被运营商限速。
支持心跳保活、自动重连,重连后会恢复上次连接,在底层掉线的情况下可以保持上层不掉线。同时有加密、防重放攻击、信道复用的功能。
A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment).
[English](/README.md)
通过 Raw Socket 将 UDP 流量转换为加密的 假TCP/UDP/ICMP 流量的隧道,可帮助你绕过 UDP 防火墙/规避不稳定的 UDP 网络环境。
[udp2raw+kcptun step_by_step教程](kcptun_step_by_step.md)
When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported.
单独使用时udp2raw隧道仅处理UDP流量。尽管如此将基于 UDP 使用的 VPN 与 udp2raw 一起使用时,你可以代理任何流量(包括 TCP/UDP/ICMP目前已确定支持的有 OpenVPN/L2TP/ShadowVPN 与 [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN)
![image0](images/image0.PNG)
or
![image_vpn](images/udp2rawopenvpn.PNG)
[udp2raw+finalspeed step_by_step教程](finalspeed_step_by_step.md)
[udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki)
[简体中文](/doc/README.zh-cn.md)
**提示:**
udp2raw不是加速器只是一个帮助你绕过UDP限制的工具。如果你需要UDP加速器请看UDPspeeder。
# Support Platforms
UDPspeeder的repo:
https://github.com/wangyu-/UDPspeeder
# 支持的平台
Linux主机有root权限。可以是PC、android手机/平板、openwrt路由器、树莓派。主机上最好安装了iptables命令(apt/yum很容易安装)。
Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root account or cap_net_raw capability.
Release中提供了`amd64``x86``arm``mips_be``mips_le`的预编译binary.
有 root 权限的,或者 cap_net_raw 支持的 Linux 设备(包括桌面电脑, Android 手机/平板, OpenWRT 路由器和树莓派)。
##### 对于windows和mac用户
For Windows and MacOS users, use the udp2raw in [this repo](https://github.com/wangyu-/udp2raw-multiplatform).
可以把udp2raw运行在虚拟机上(网络必须是桥接模式)。
对于 Windows 和 macOS 用户,使用[这个 Repo](https://github.com/wangyu-/udp2raw-multiplatform) 当中的udp2raw。
另外可以参考:
# Features
https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客户端带图形界面
# 功能
##### 对于ios和游戏主机用户
### Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers
可以把udp2raw运行在局域网的其他机器/虚拟机上。最好的办法是买个能刷OpenWrt/LEDE/梅林的路由器把udp2raw运行在路由器上。
### 收发有 ICMP/假TCP/UDP 标头的 UDP 数据包。
# 功能特性
### 把udp流量伪装成tcp /icmp
用raw socket给udp包加上tcp/icmp包头可以突破udp流量限制或Udp QOS。或者在udp nat有问题的环境下提升稳定性。  另外也支持用raw 发udp包这样流量不会被伪装只会被加密。
ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel.
### 模拟TCP3次握手
模拟TCP3次握手模拟seq ack过程。另外还模拟了一些tcp optionMSS,sackOk,TS,TS_ack,wscale用来使流量看起来更像是由普通的linux tcp协议栈发送的。
ICMP/假TCP 标头帮助你绕过UDP封锁UDP QoS 或者纠正由于部分 IPS 的 NAT 导致的 UDP 错误。。ICMP标头模式下 udp2raw 会像 ICMP 隧道一样工作。
### 心跳保活、自动重连,连接快速恢复,单向链路失效检测
心跳保活、自动重连udp2raw重连可以恢复上次的连接重连后上层连接继续有效底层掉线上层不掉线。有效解决上层连接断开的问题。 (功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw)**就算你拔掉网线重插或者重新拨号获得新ip上层应用也不会断线**
UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stabilization).
Client能用单倍的超时时间检测到单向链路的失效不管是上行还是下行只要有一个方向失效就能被client检测到。重连只需要client发起就可以立即被server处理不需要等到server端的连接超时后。
也支持UDP标头模式。在这个模式下udp2raw 表现就像一个普通的 UDP 隧道这时你可以使用其他udp2raw的功能如加密防重放或者稳定性提升
对于有大量client的情况对于不同client,server发送的心跳是错开时间发送的不会因为短时间发送大量的心跳而造成拥塞和延迟抖动
### Simulated TCP with Real-time/Out-of-Order Delivery
### 加密 防重放攻击
用aes128cbc加密md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay window机制来防止重放攻击。
### 模拟实时/乱序 TCP 连接
In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates a few TCP options such as: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`. Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
在假TCP标头模式udp2raw 会在建立连接时模拟TCP的三次握手在数据传输时模拟 seq 和 ack_seq。udp2raw同样会模拟一些TCP Options如`MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`。防火墙会把这些假TCP流量认作TCP流量但实际上它们是UDP因为虽然它同样支持普通TCP的实时/乱序传输,但不支持重传或者堵塞控制。所以不必担心在使用 OpenVPN 时遇到 TCP over TCP 问题。
### Encryption, Anti-Replay
# 加密与防重放
* Encrypt your traffic with AES-128-CBC.
* 使用 AES-128-CBC 加密流量
* Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32).
* 使用 HMAC-SHA1 或者查错能力较差的 MD5/CRC32 保证数据完整性
* Defense replay attack with anti-replay window.
* 使用“滑动窗口”防止重放攻击
[Notes on encryption](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption)
[有关加密的内容](https://github.com/wangyu-/udp2raw-tunnel/wiki/Notes-on-encryption)
### Failure Dectection & Stabilization (Connection Recovery)
### 断线检测与稳定性提升(连接恢复)
Conection failures are detected by heartbeats. If timed-out, client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild.
心跳包会检测连接是否断开。如果连接超时,客户端将会自动切换端口号并重新连接。如果重连成功,原连接将会恢复,现有所有的 UDP 封包仍保持有效。
For example, if you use udp2raw + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if network cable is re-plugged or WiFi access point is changed**.
例如,如果将 udp2raw 和 OpenVPN 配合使用,**就算是重插网线或者更换 Wi-Fi** 之类的重连, OpenVPN 也不会丢失连接。
### Other Features
设计目标是即使攻击者可以监听到tunnel的所有包可以选择性丢弃tunnel的任意包可以重放任意包攻击者也没办法获得tunnel承载的任何数据也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。
### 其他特性
信道复用client的udp端支持多个连接。
* **Multiplexing** One client can handle multiple UDP connections, all of which share the same raw connection.
server支持多个client也能正确处理多个连接的重连和连接恢复。
* **单线复用** 一个客户端可承载多路 UDP 连接,同时使用一个 Raw 连接
NAT 穿透 tcp icmp udp模式都支持nat穿透
* **Multiple Clients** One server can have multiple clients.
支持Openvz配合finalspeed使用可以在openvz上用tcp模式的finalspeed
* **多客户端** 一个服务器可以被多个客户端连接
支持Openwrt没有编译依赖容易编译到任何平台上
* **NAT Support** All of the 3 modes work in NAT environments.
epoll实现高并发除了回收过期连接外所有操作的时间复杂度都跟连接数无关。回收过期连接的操做也是柔和进行的不会因为消耗太多cpu时间造成延迟抖动。
* **NAT 支持** 三种模式都支持 NAT 环境。
### 关键词
突破udp qos,突破udp屏蔽openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp
* **OpenVZ Support** Tested on BandwagonHost VPS.
* **OpenVZ 虚拟化支持** 已经在 BandwagonHost VPS上测试。
* **Easy to Build** No dependencies.To cross-compile udp2raw,all you need to do is just to download a toolchain,modify makefile to point at the toolchain,run `make cross` then everything is done.(Note:Pre-compiled binaries for Desktop,RaspberryPi,Android,some Openwrt Routers are already included in [Releases](https://github.com/wangyu-/udp2raw-tunnel/releases))
* **轻松构建** 没有依赖。跨平台编译 udp2raw 时,你只需要下载交叉编译链,修改 MAKEFILE 指向交叉编译链,运行 `make cross` 即可。(注:对于桌面端,树莓派,安卓与一部分 OpenWRT 路由器,预编译的可执行文件已经包含在 [Releases](https://github.com/wangyu-/udp2raw-tunnel/releases)。)
### Keywords
### 关键字
`Bypass UDP QoS` `Bypass UDP Blocking` `Bypass OpenVPN TCP over TCP problem` `OpenVPN over ICMP` `UDP to ICMP tunnel` `UDP to TCP tunnel` `UDP over ICMP` `UDP over TCP`
# Getting Started
# 快速开始
### Installing
# 简明操作说明
### 安装
下载编译好的二进制文件,解压到任意目录。
Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
在 https://github.com/wangyu-/udp2raw-tunnel/releases 下载可执行文件。
### Running
https://github.com/wangyu-/udp2raw-tunnel/releases
### 运行
假设你有一个serverip为44.55.66.77有一个服务监听在udp 7777端口。 假设你本地的主机到44.55.66.77的UDP流量被屏蔽了或者被qos了
Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your server ip is 44.55.66.77, you have a service listening on udp port 7777.
假设你的 UDP 被封禁,被 QoS ,亦或只是支持较差。你有一台 IP 为 44.55.66.77 的服务器,上面有一个监听 UDP 端口 7777 的服务。
```bash
# 服务器
./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777 -k "passwd" --raw-mode faketcp -a
# 客户端
./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp -a
```
(The above commands need to be run as root. For better security, with some extra steps, you can run udp2raw as non-root. Check [this link](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) for more info )
在server端运行:
./udp2raw_amd64 -s -l0.0.0.0:4096 -r127.0.0.1:7777 -a -k "passwd" --raw-mode faketcp --cipher-mode xor
(上面的指令运行需要 root 。可以通过几个步骤,以非 root 运行 udp2raw 获得更好的安全性。 可点击 [这个链接](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) 了解更多。)
在client端运行:
./udp2raw_amd64 -c -l0.0.0.0:3333 -r44.55.66.77:4096 -a -k "passwd" --raw-mode faketcp --cipher-mode xor
```
(以上例子需要用root账号运行。 用非root运行udp2raw需要一些额外的步骤具体方法请看 [这个](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) 链接。用非root运行更安全)
###### Server Output:
###### Server端输出:
![](/images/output_server.PNG)
###### Client端输出:
![](/images/output_client.PNG)
###### 服务器输出
![](images/output_server.PNG)
###### Client Output:
现在client和server之间建立起了tunnel。想要在本地连接44.55.66.77:7777只需要连接 127.0.0.1:3333。来回的所有的udp流量会被经过tunneling发送。在外界看起来是tcp流量不会有udp流量暴露到公网。
###### 客户端输出
![](images/output_client.PNG)
### MTU设置(重要)
Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.
不论你用udp2raw来加速kcptun还是vpn,为了稳定使用,都需要设置合理的MTU在kcptun/vpn里设置而不是在udp2raw里建议把MTU设置成1200。client和server端都要设置。
现在,在 TCP 端口 4096 上就建立起一个 raw 隧道。客户端对本地 UDP 端口 3333 的请求将会等同于请求服务器 UDP 端口 7777。没有任何暴露的 UDP 连接。
### 提醒
`--cipher-mode xor`表示仅使用简单的XOR加密这样可以节省CPU占用以免CPU成为速度瓶颈。如果你需要更强的加密可以去掉此选项使用默认的AES加密。加密相关的选项见后文的`--cipher-mode``--auth-mode`
### Note
如果要在anroid上运行请看[Android简明教程](/doc/android_guide.md)
### 注
To run on Android, check [Android_Guide](/doc/android_guide.md)
如果要在梅林固件的路由器上使用,添加`--lower-level auto` `--keep-rule`
在安卓上运行请参考[Android_Guide](/doc/android_guide.md)
如果client和server无法连接或者连接经常断开请看一下`--seq-mode`的用法尝试不同的seq-mode
`-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relies on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.
# 进阶操作说明
`-a` 参数会自动加入保证 udp2raw 稳定运行的一条或几条 iptables 规则。这是一个常见问题,所以注意运行时有没有 `-a` 参数。如果你不希望 udp2raw 自动添加 iptables 规则,你可以手动添加规则并不加入 `-a` 选项。(请参考参数 `-g` 的用法。)
# Advanced Topic
### Usage
### 命令选项
```
udp2raw-tunnel
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
@@ -183,7 +126,7 @@ common options,these options must be same on both side:
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
-k,--key <string> password to gen symetric key,default:"secret key"
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
--auth-mode <string> avaliable values:md5(default),crc32,simple,none
-a,--auto-rule auto add (and delete) iptables rule
-g,--gen-rule generate iptables rule then exit,so that you can copy and
add it manually.overrides -a
@@ -222,99 +165,138 @@ other options:
```
### Iptables rules,`-a` and `-g`
### IPTables 规则,选项 `-a` 和 `-g`
This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually.
### iptables 规则,`-a`和`-g`
用raw收发tcp包本质上绕过了linux内核的tcp协议栈。linux碰到raw socket发来的包会不认识如果一直收到不认识的包会回复大量RST造成不稳定或性能问题。所以强烈建议添加iptables规则屏蔽Linux内核的对指定端口的处理。用-a选项udp2raw会在启动的时候自动帮你加上Iptables规则退出的时候再自动删掉。如果长期使用可以用-g选项来生成相应的Iptables规则再自己手动添加这样规则不会在udp2raw退出时被删掉可以避免停掉udp2raw后内核向对端回复RST。
udp2raw 用 raw socket 发送数据包。在 假TCP 封包模式Linux 内核的 TCP 封包处理必须在双向 IPTables 启用的情况下进行,否则 Linux 内核会自动重置未识别的 TCP 封包,此时就会遇到稳定性/性能问题。可以使用 `-a` 选项让 udp2raw 在启动或停止时自动添加或删除 iptables 规则。你也可以使用 `-g` 选项来生成 iptables 规则并手动添加
### `--cipher-mode` and `--auth-mode`
### 选项 `--cipher-mode` 和`--auth-mode`
It is suggested to use `aes128cbc` + `hmac_sha1` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
建议使用 `aes128cbc` + `hmac_sha1` 以获得最佳安全性。如果你想在你的路由器上使用 udp2raw ,你可以尝试大多数情况下可以骗过防火墙的封包检查,但无法防止严重攻击的 `xor` + `simple` 。仅在调试模式下将这两个选项设为 `none` ,这是不建议的。
用raw收发udp包也类似只是内核回复的是icmp unreachable。而用raw 收发icmp内核会自动回复icmp echo。都需要相应的iptables规则。
### `--cipher-mode` 和 `--auth-mode`
如果要最大的安全性建议用aes128cbc+md5。如果要运行在路由器上建议用xor+simple可以节省CPU。但是注意xor+simple只能骗过防火墙的包检测不能防止真正的攻击者。
### `--seq-mode`
### 选项 `--seq-mode`
The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value.
假TCP 封包模式并不 100% 表现得像真 TCP 连接。ISP可能有能力将 假TCP 与 真TCP 连接区分开,尽管开销很大。 `seq-mode` 可以给 seq 增加行为做略微修改。如果你遇到了问题,尝试修改这个选项。
### `--lower-level`
`--lower-level` allows you to send packet at OSI level 2(link level),so that you can bypass any local iptables rules. If you have a complicated iptables rules which conflicts with udp2raw and you cant(or too lazy to) edit the iptables rules,`--lower-level` can be very useful. Try `--lower-level auto` to auto detect the parameters,you can specify it manually if `auto` fails.
Manual format `if_name#dest_mac_adress`,ie:`eth0#00:23:45:67:89:b9`.
facktcp模式并没有模拟tcp的全部。所以理论上有办法把faketcp和真正的tcp流量区分开来虽然大部分ISP不太可能做这种程度的包检测。seq-mode可以改变一些seq ack的行为。如果遇到了连接问题可以尝试更改。在我这边的移动线路用3种模式都没问题。
### `--keep-rule`
Monitor iptables and auto re-add iptables rules(for blocking kernel tcp processing) if necessary.Especially useful when iptables rules may be cleared by other programs(for example,if you are using openwrt,everytime you changed and commited a setting,iptables rule may be cleared and re-constructed).
定期主动检查iptables如果udp2raw添加的iptables规则丢了就重新添加。在一些iptables可能会被其他程序清空的情况下(比如梅林固件和openwrt的路由器)格外有用。
### `--fifo`
指定一个fifo(named pipe)来向运行中的程序发送命令,例如`--fifo fifo.file`
在client端,可以用`echo reconnect >fifo.file`来强制client换端口重连上层不断线.对Server目前没有效果。
### `--lower-level`
大部分udp2raw不能连通的情况都是设置了不兼容的iptables造成的。--lower-level选项允许绕过本地iptables。在一些iptables不好改动的情况下尤其有效比如你用的是梅林固件iptables全是固件自己生成的
##### 格式
`if_name#dest_mac_adress`,例如 `eth0#00:23:45:67:89:b9``eth0`换成你的出口网卡名。`00:23:45:67:89:b9`换成网关的mac地址如果client和server在同一个局域网内可能不需要网关这时候直接用对方主机的mac地址这个属于罕见的应用场景可以忽略
可以用`--lower-level auto`自动获取参数,如果获取参数失败,再手动填写。
##### client端获得--lower-level参数的办法
在client 端,运行`traceroute <server_ip>`,记下第一跳的地址,这个就是`网关ip`。再运行`arp -s <网关ip>`可以同时查到出口网卡名和mac。
![](/images/lower_level.PNG)
如果traceroute第一跳结果是`* * *`说明网关屏蔽了对traceroute的应答。需要用`ip route``route`查询网关:
![](/images/route.PNG)
##### server端获得--lower-level参数的办法
如果client有公网ip`traceroute <client_ip>`。下一步和client端的方法一样。
如果client没有公网ip`traceroute google.com``traceroute baidu.com`。下一步和client端的方法一样。
server端也可以用`--lower-level auto` 来尝试自动获得参数,如果无法连接再手动填写。
##### 注意
如果用了`--lower-level`选项。server虽然还可以bind在0.0.0.0,但是因为你显式指定了网络接口,就只能工作在这一个网络接口了。
如果`arps -s`命令查询不到首先再试几次。如果还是查询不到那么可能是因为你用的是pppoe方式的拨号宽带查询不到是正常的。这种情况下`if_name`填pppoe产生的虚拟interface通常名字叫`pppXXXX`,从`ifconfig`命令的输出里找一下;`des_mac_adress``00:00:00:00:00:00`,例如`ppp0#00:00:00:00:00:00`
### `--conf-file`
You can also load options from a configuration file in order to keep secrets away from `ps` command.
为了避免将密码等私密信息暴露给`ps`命令,你也可以使用 `配置文件` 来存储参数。
For example, rewrite the options for the above `server` example (in Getting Started section) into configuration file:
比如,将以上服务端参数改写成配置文件
`server.conf`
`server.conf`:
```
-s
# You can add comments like this
# Comments MUST occupy an entire line
# Or they will not work as expected
# Listen address
# 你可以像这样添加注释
# 注意,只有整行注释才能在配置文件里使用
# 注释必须独占一行
-l 0.0.0.0:4096
# Remote address
-r 127.0.0.1:7777
-a
-k passwd
--raw-mode faketcp
```
Pay attention to the `-k` parameter: In command line mode the quotes around the password will be removed by shell. In configuration files we do not remove quotes.
注意,当写入配置文件的时候,密码等参数两边的引号必须去除。
Then start the server with
然后就可以使用下面的方式启动服务端
```bash
./udp2raw_amd64 --conf-file server.conf
```
### `--fifo`
Use a fifo(named pipe) for sending commands to the running program. For example `--fifo fifo.file`.
# 性能测试
iperf3 的UDP模式有BUG所以这里用iperf3的tcp模式配合Openvpn测试udp2raw的性能。iperf3 udp issue ,https://github.com/esnet/iperf/issues/296
At client side,you can use `echo reconnect >fifo.file` to force client to reconnect.Currently no command has been implemented for server.
# Peformance Test
#### Test method:
iperf3 TCP via OpenVPN + udp2raw
(iperf3 UDP mode is not used because of a bug mentioned in this issue: https://github.com/esnet/iperf/issues/296 . Instead, we package the TCP traffic into UDP by OpenVPN to test the performance. Read [Application](https://github.com/wangyu-/udp2raw-tunnel#application) for details.
#### iperf3 command:
openvpn关掉了自带的加密。
#### iperf3 命令:
```
iperf3 -c 10.222.2.1 -P40
iperf3 -c 10.222.2.1 -P40 -R
```
#### Environments
* **Client** Vultr $2.5/monthly plan (single core 2.4GHz cpu, 512MB RAM, Tokyo, Japan)
* **Server** BandwagonHost $3.99/annually plan (single core 2.0GHz cpu, 128MB RAM, Los Angeles, USA)
### Test1
#### client主机
vultr 2.5美元每月套餐(single core 2.4ghz cpu,512m ram,日本东京机房),
#### server主机
bandwagonhost 3.99美元每年套餐(single core 2.0ghz cpu,128m ram,美国洛杉矶机房)
### 测试1
raw_mode: faketcp cipher_mode: xor  auth_mode: simple
![image4](images/image4.PNG)
![image4](/images/image4.PNG)
(reverse speed was simliar and not uploaded)
(反向的速度几乎一样,所以只发正向测试的图)
### Test2
测试中cpu被打满。其中有30%的cpu是被openvpn占的。 如果不用Openvpn中转实际达到100+Mb/S 应该没问题。
### 测试2
raw_mode: faketcp cipher_mode: aes128cbc  auth_mode: md5
![image5](images/image5.PNG)
![image5](/images/image5.PNG)
(reverse speed was simliar and not uploaded)
(反向的速度几乎一样,所以只发正向测试的图)
测试中cpu被打满。绝大多数cpu都是被udp2raw占用的主要消耗在aes加密。即使不用Openvpn速度也不会快很多了。
# 应用
### 中转 kcptun
[udp2raw+kcptun step_by_step教程](kcptun_step_by_step.md)
### 中转 finalspeed
[udp2raw+finalspeed step_by_step教程](finalspeed_step_by_step.md)
# 如何自己编译
[编译教程](build_guide.zh-cn.md)
# 相关repo
### kcptun-raw
udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
https://github.com/Chion82/kcptun-raw
### relayRawSocket
kcptun-raw was inspired by relayRawSocket. A simple udp to raw tunnel,wrote in python
https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
### kcpraw
another project of kcptun with tcp mode
https://github.com/ccsexyz/kcpraw
### icmptunnel
Transparently tunnel your IP traffic through ICMP echo and reply packets.
https://github.com/DhavalKapil/icmptunnel
# wiki
Check wiki for more info:
更多内容请看 wiki:
https://github.com/wangyu-/udp2raw-tunnel/wiki

364
encrypt.cpp Normal file → Executable file
View File

@@ -28,20 +28,9 @@ unsigned char cipher_key_decrypt[cipher_key_len + 100]; // key for aes etc.
char gro_xor[256+100];//dirty fix for gro
unordered_map<int, const char *> auth_mode_tostring = {
{auth_none, "none"},
{auth_md5, "md5"},
{auth_crc32, "crc32"},
{auth_simple, "simple"},
{auth_hmac_sha1, "hmac_sha1"},
};
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},};
unordered_map<int, const char *> cipher_mode_tostring = {
{cipher_none, "none"},
{cipher_aes128cfb, "aes128cfb"},
{cipher_aes128cbc, "aes128cbc"},
{cipher_xor, "xor"},
};
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cfb,"aes128cfb"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"},};
//TODO aes-gcm
auth_mode_t auth_mode=auth_md5;
@@ -52,7 +41,8 @@ int aes128cfb_old = 0;
//TODO key negotiation and forward secrecy
int my_init_keys(const char *user_passwd, int is_client) {
int my_init_keys(const char * user_passwd,int is_client)
{
char tmp[1000]="";
int len=strlen(user_passwd);
@@ -62,9 +52,11 @@ int my_init_keys(const char *user_passwd, int is_client) {
md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)normal_key);
if(auth_mode==auth_hmac_sha1)
is_hmac_used=1;
if (is_hmac_used || g_fix_gro || 1) {
if(is_hmac_used||g_fix_gro||1)
{
unsigned char salt[400]="";
char salt_text[400]="udp2raw_salt1";
md5((uint8_t*)(salt_text),strlen(salt_text),salt); //TODO different salt per session
@@ -80,15 +72,14 @@ int my_init_keys(const char *user_passwd, int is_client) {
const char *info_cipher_encrypt="cipher_key server-->client";
const char *info_cipher_decrypt="cipher_key client-->server";
if (is_client) {
if(is_client)
{
const char *tmp;
tmp = info_hmac_encrypt;
info_hmac_encrypt = info_hmac_decrypt;
info_hmac_decrypt = tmp;
tmp = info_cipher_encrypt;
info_cipher_encrypt = info_cipher_decrypt;
info_cipher_decrypt = tmp;
} else {
tmp=info_hmac_encrypt; info_hmac_encrypt=info_hmac_decrypt;info_hmac_decrypt=tmp;
tmp=info_cipher_encrypt; info_cipher_encrypt=info_cipher_decrypt;info_cipher_decrypt=tmp;
}
else
{
//nop
}
@@ -152,7 +143,8 @@ void simple_hash(unsigned char *str, int len, unsigned char res[8]) // djb2+ sd
u32_t hash2 = 0;
int c;
int i=0;
while (c = *str++, i++ != len) {
while(c = *str++,i++!=len)
{
// hash = ((hash << 5) + hash) + c; /* hash * 33 + c */
hash = ((hash << 5) + hash)^c; /* (hash * 33) ^ c */
hash2 = c + (hash2 << 6) + (hash2 << 16) - hash2;
@@ -164,14 +156,16 @@ void simple_hash(unsigned char *str, int len, unsigned char res[8]) // djb2+ sd
memcpy(res+sizeof(hash),&hash2,sizeof(hash2));
}
int auth_md5_cal(const char *data, char *output, int &len) {
int auth_md5_cal(const char *data,char * output,int &len)
{
memcpy(output,data,len);//TODO inefficient code
md5((unsigned char *)output,len,(unsigned char *)(output+len));
len+=16;
return 0;
}
int auth_hmac_sha1_cal(const char *data, char *output, int &len) {
int auth_hmac_sha1_cal(const char *data,char * output,int &len)
{
mylog(log_trace,"auth_hmac_sha1_cal() is called\n");
memcpy(output,data,len);//TODO inefficient code
sha1_hmac(hmac_key_encrypt, 20, (const unsigned char *)data, len,(unsigned char *)(output+len));
@@ -180,9 +174,11 @@ int auth_hmac_sha1_cal(const char *data, char *output, int &len) {
return 0;
}
int auth_hmac_sha1_verify(const char *data, int &len) {
int auth_hmac_sha1_verify(const char *data,int &len)
{
mylog(log_trace,"auth_hmac_sha1_verify() is called\n");
if (len < 20) {
if(len<20)
{
mylog(log_trace,"auth_hmac_sha1_verify len<20\n");
return -1;
}
@@ -190,7 +186,8 @@ int auth_hmac_sha1_verify(const char *data, int &len) {
sha1_hmac(hmac_key_decrypt, 20, (const unsigned char *)data, len-20,(unsigned char *)(res));
if (memcmp(res, data + len - 20, 20) != 0) {
if(memcmp(res,data+len-20,20)!=0)
{
mylog(log_trace,"auth_hmac_sha1 check failed\n");
return -2;
}
@@ -198,7 +195,8 @@ int auth_hmac_sha1_verify(const char *data, int &len) {
return 0;
}
int auth_crc32_cal(const char *data, char *output, int &len) {
int auth_crc32_cal(const char *data,char * output,int &len)
{
memcpy(output,data,len);//TODO inefficient code
unsigned int ret=crc32h((unsigned char *)output,len);
unsigned int ret_n=htonl(ret);
@@ -207,14 +205,16 @@ int auth_crc32_cal(const char *data, char *output, int &len) {
return 0;
}
int auth_simple_cal(const char *data, char *output, int &len) {
int auth_simple_cal(const char *data,char * output,int &len)
{
//char res[4];
memcpy(output,data,len);//TODO inefficient code
simple_hash((unsigned char *)output,len,(unsigned char *)(output+len));
len+=8;
return 0;
}
int auth_simple_verify(const char *data, int &len) {
int auth_simple_verify(const char *data,int &len)
{
if(len<8) return -1;
unsigned char res[8];
len-=8;
@@ -224,12 +224,16 @@ int auth_simple_verify(const char *data, int &len) {
return 0;
}
int auth_none_cal(const char *data, char *output, int &len) {
int auth_none_cal(const char *data,char * output,int &len)
{
memcpy(output,data,len);
return 0;
}
int auth_md5_verify(const char *data, int &len) {
if (len < 16) {
int auth_md5_verify(const char *data,int &len)
{
if(len<16)
{
mylog(log_trace,"auth_md5_verify len<16\n");
return -1;
}
@@ -237,14 +241,16 @@ int auth_md5_verify(const char *data, int &len) {
md5((unsigned char *)data,len-16,(unsigned char *)md5_res);
if (memcmp(md5_res, data + len - 16, 16) != 0) {
if(memcmp(md5_res,data+len-16,16)!=0)
{
mylog(log_trace,"auth_md5_verify md5 check failed\n");
return -2;
}
len-=16;
return 0;
}
int auth_none_verify(const char *data, int &len) {
int auth_none_verify(const char *data,int &len)
{
return 0;
}
@@ -270,10 +276,12 @@ int cipher_xor_decrypt(const char *data, char *output, int &len, char *key) {
return 0;
}
int padding(char *data, int &data_len, int padding_num) {
int padding(char *data ,int &data_len,int padding_num)
{
int old_len=data_len;
data_len+=1;
if (data_len % padding_num != 0) {
if(data_len%padding_num!=0)
{
data_len= (data_len/padding_num)*padding_num+padding_num;
}
unsigned char * p= (unsigned char *)&data[data_len-1];
@@ -281,48 +289,52 @@ int padding(char *data, int &data_len, int padding_num) {
return 0;
}
int de_padding(const char *data, int &data_len, int padding_num) {
if (data_len == 0) return -1;
int de_padding(const char *data ,int &data_len,int padding_num)
{
if((uint8_t)data[data_len-1] >padding_num) return -1;
data_len-=(uint8_t)data[data_len-1];
if (data_len < 0) {
if(data_len<0)
{
return -1;
}
return 0;
}
void aes_ecb_encrypt(const char *data, char *output) {
void aes_ecb_encrypt(const char *data,char *output)
{
static int first_time=1;
char *key=(char*)cipher_key_encrypt;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
AES_ECB_encrypt_buffer((uint8_t*)data,(uint8_t*)key,(uint8_t*)output);
}
void aes_ecb_encrypt1(char *data) {
void aes_ecb_encrypt1(char *data)
{
char buf[16];
memcpy(buf,data,16);
aes_ecb_encrypt(buf,data);
}
void aes_ecb_decrypt(const char *data, char *output) {
void aes_ecb_decrypt(const char *data,char *output)
{
static int first_time=1;
char *key=(char*)cipher_key_decrypt;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
AES_ECB_decrypt_buffer((uint8_t*)data,(uint8_t*)key,(uint8_t*)output);
}
void aes_ecb_decrypt1(char *data) {
void aes_ecb_decrypt1(char *data)
{
char buf[16];
memcpy(buf,data,16);
aes_ecb_decrypt(buf,data);
}
int cipher_aes128cbc_encrypt(const char *data, char *output, int &len, char *key) {
int cipher_aes128cbc_encrypt(const char *data,char *output,int &len,char * key)
{
static int first_time=1;
char buf[buf_len];
@@ -330,81 +342,83 @@ int cipher_aes128cbc_encrypt(const char *data, char *output, int &len, char *key
if(padding(buf,len,16)<0) return -1;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
AES_CBC_encrypt_buffer((unsigned char *)output,(unsigned char *)buf,len,(unsigned char *)key,(unsigned char *)zero_iv);
return 0;
}
int cipher_aes128cfb_encrypt(const char *data, char *output, int &len, char *key) {
int cipher_aes128cfb_encrypt(const char *data,char *output,int &len,char * key)
{
static int first_time=1;
assert(len>=16);
char buf[buf_len];
memcpy(buf,data,len);//TODO inefficient code
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
if (!aes128cfb_old) {
if(!aes128cfb_old)
{
aes_ecb_encrypt(data,buf); //encrypt the first block
}
AES_CFB_encrypt_buffer((unsigned char *)output,(unsigned char *)buf,len,(unsigned char *)key,(unsigned char *)zero_iv);
return 0;
}
int auth_crc32_verify(const char *data, int &len) {
if (len < int(sizeof(unsigned int))) {
int auth_crc32_verify(const char *data,int &len)
{
if(len<int(sizeof(unsigned int)))
{
mylog(log_debug,"auth_crc32_verify len<%d\n",int(sizeof(unsigned int)));
return -1;
}
unsigned int ret=crc32h((unsigned char *)data,len-sizeof(unsigned int));
unsigned int ret_n=htonl(ret);
if (memcmp(data + len - sizeof(unsigned int), &ret_n, sizeof(unsigned int)) != 0) {
if(memcmp(data+len-sizeof(unsigned int),&ret_n,sizeof(unsigned int))!=0)
{
mylog(log_debug,"auth_crc32_verify memcmp fail\n");
return -1;
}
len-=sizeof(unsigned int);
return 0;
}
int cipher_none_encrypt(const char *data, char *output, int &len, char *key) {
int cipher_none_encrypt(const char *data,char *output,int &len,char * key)
{
memcpy(output,data,len);
return 0;
}
int cipher_aes128cbc_decrypt(const char *data, char *output, int &len, char *key) {
int cipher_aes128cbc_decrypt(const char *data,char *output,int &len,char * key)
{
static int first_time=1;
if (len % 16 != 0) {
mylog(log_debug, "len%%16!=0\n");
return -1;
}
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(len%16 !=0) {mylog(log_debug,"len%%16!=0\n");return -1;}
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
AES_CBC_decrypt_buffer((unsigned char *)output,(unsigned char *)data,len,(unsigned char *)key,(unsigned char *)zero_iv);
if(de_padding(output,len,16)<0) return -1;
return 0;
}
int cipher_aes128cfb_decrypt(const char *data, char *output, int &len, char *key) {
int cipher_aes128cfb_decrypt(const char *data,char *output,int &len,char * key)
{
static int first_time=1;
if(len<16) return -1;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
if(aes_key_optimize)
{
if(first_time==0) key=0;
else first_time=0;
}
AES_CFB_decrypt_buffer((unsigned char *)output,(unsigned char *)data,len,(unsigned char *)key,(unsigned char *)zero_iv);
if(!aes128cfb_old)
@@ -413,97 +427,81 @@ int cipher_aes128cfb_decrypt(const char *data, char *output, int &len, char *key
return 0;
}
int cipher_none_decrypt(const char *data, char *output, int &len, char *key) {
int cipher_none_decrypt(const char *data,char *output,int &len,char * key)
{
memcpy(output,data,len);
return 0;
}
int auth_cal(const char *data, char *output, int &len) {
int auth_cal(const char *data,char * output,int &len)
{
mylog(log_trace,"auth:%d\n",auth_mode);
switch (auth_mode) {
case auth_crc32:
return auth_crc32_cal(data, output, len);
case auth_md5:
return auth_md5_cal(data, output, len);
case auth_simple:
return auth_simple_cal(data, output, len);
case auth_none:
return auth_none_cal(data, output, len);
case auth_hmac_sha1:
return auth_hmac_sha1_cal(data, output, len);
switch(auth_mode)
{
case auth_crc32:return auth_crc32_cal(data, output, len);
case auth_md5:return auth_md5_cal(data, output, len);
case auth_simple:return auth_simple_cal(data, output, len);
case auth_none:return auth_none_cal(data, output, len);
case auth_hmac_sha1:return auth_hmac_sha1_cal(data,output,len);
//default: return auth_md5_cal(data,output,len);//default;
default:
assert(0 == 1);
default: assert(0==1);
}
return -1;
}
int auth_verify(const char *data, int &len) {
int auth_verify(const char *data,int &len)
{
mylog(log_trace,"auth:%d\n",auth_mode);
switch (auth_mode) {
case auth_crc32:
return auth_crc32_verify(data, len);
case auth_md5:
return auth_md5_verify(data, len);
case auth_simple:
return auth_simple_verify(data, len);
case auth_none:
return auth_none_verify(data, len);
case auth_hmac_sha1:
return auth_hmac_sha1_verify(data, len);
switch(auth_mode)
{
case auth_crc32:return auth_crc32_verify(data, len);
case auth_md5:return auth_md5_verify(data, len);
case auth_simple:return auth_simple_verify(data, len);
case auth_none:return auth_none_verify(data, len);
case auth_hmac_sha1:return auth_hmac_sha1_verify(data,len);
//default: return auth_md5_verify(data,len);//default
default:
assert(0 == 1);
default: assert(0==1);
}
return -1;
}
int cipher_encrypt(const char *data, char *output, int &len, char *key) {
int cipher_encrypt(const char *data,char *output,int &len,char * key)
{
mylog(log_trace,"cipher:%d\n",cipher_mode);
switch (cipher_mode) {
case cipher_aes128cbc:
return cipher_aes128cbc_encrypt(data, output, len, key);
case cipher_aes128cfb:
return cipher_aes128cfb_encrypt(data, output, len, key);
case cipher_xor:
return cipher_xor_encrypt(data, output, len, key);
case cipher_none:
return cipher_none_encrypt(data, output, len, key);
switch(cipher_mode)
{
case cipher_aes128cbc:return cipher_aes128cbc_encrypt(data,output,len, key);
case cipher_aes128cfb:return cipher_aes128cfb_encrypt(data,output,len, key);
case cipher_xor:return cipher_xor_encrypt(data,output,len, key);
case cipher_none:return cipher_none_encrypt(data,output,len, key);
//default:return cipher_aes128cbc_encrypt(data,output,len, key);
default:
assert(0 == 1);
default: assert(0==1);
}
return -1;
}
int cipher_decrypt(const char *data, char *output, int &len, char *key) {
int cipher_decrypt(const char *data,char *output,int &len,char * key)
{
mylog(log_trace,"cipher:%d\n",cipher_mode);
switch (cipher_mode) {
case cipher_aes128cbc:
return cipher_aes128cbc_decrypt(data, output, len, key);
case cipher_aes128cfb:
return cipher_aes128cfb_decrypt(data, output, len, key);
case cipher_xor:
return cipher_xor_decrypt(data, output, len, key);
case cipher_none:
return cipher_none_decrypt(data, output, len, key);
switch(cipher_mode)
{
case cipher_aes128cbc:return cipher_aes128cbc_decrypt(data,output,len, key);
case cipher_aes128cfb:return cipher_aes128cfb_decrypt(data,output,len, key);
case cipher_xor:return cipher_xor_decrypt(data,output,len, key);
case cipher_none:return cipher_none_decrypt(data,output,len, key);
// default: return cipher_aes128cbc_decrypt(data,output,len,key);
default:
assert(0 == 1);
default: assert(0==1);
}
return -1;
}
int encrypt_AE(const char *data, char *output, int &len /*,char * key*/) {
int encrypt_AE(const char *data,char *output,int &len /*,char * key*/)
{
mylog(log_trace,"encrypt_AE is called\n");
char buf[buf_len];
char buf2[buf_len];
memcpy(buf,data,len);
if (cipher_encrypt(buf, buf2, len, (char *)cipher_key_encrypt) != 0) {
mylog(log_debug, "cipher_encrypt failed ");
return -1;
}
if (auth_cal(buf2, output, len) != 0) {
mylog(log_debug, "auth_cal failed ");
return -1;
}
if(cipher_encrypt(buf,buf2,len,(char *)cipher_key_encrypt) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
if(auth_cal(buf2,output,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
//printf("%d %x %x\n",len,(int)(output[0]),(int)(output[1]));
//print_binary_chars(output,len);
@@ -512,77 +510,59 @@ int encrypt_AE(const char *data, char *output, int &len /*,char * key*/) {
return 0;
}
int decrypt_AE(const char *data, char *output, int &len /*,char * key*/) {
int decrypt_AE(const char *data,char *output,int &len /*,char * key*/)
{
mylog(log_trace,"decrypt_AE is called\n");
//printf("%d %x %x\n",len,(int)(data[0]),(int)(data[1]));
//print_binary_chars(data,len);
if (auth_verify(data, len) != 0) {
mylog(log_debug, "auth_verify failed\n");
return -1;
}
if (cipher_decrypt(data, output, len, (char *)cipher_key_decrypt) != 0) {
mylog(log_debug, "cipher_decrypt failed \n");
return -1;
}
if(auth_verify(data,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
if(cipher_decrypt(data,output,len,(char *)cipher_key_decrypt) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
return 0;
}
int my_encrypt(const char *data, char *output, int &len /*,char * key*/) {
if (len < 0) {
mylog(log_trace, "len<0");
return -1;
}
if (len > max_data_len) {
mylog(log_warn, "len>max_data_len");
return -1;
}
int my_encrypt(const char *data,char *output,int &len /*,char * key*/)
{
if(len<0) {mylog(log_trace,"len<0");return -1;}
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
if(is_hmac_used)
return encrypt_AE(data,output,len);
char buf[buf_len];
char buf2[buf_len];
memcpy(buf,data,len);
if (auth_cal(buf, buf2, len) != 0) {
mylog(log_debug, "auth_cal failed ");
return -1;
}
if (cipher_encrypt(buf2, output, len, normal_key) != 0) {
mylog(log_debug, "cipher_encrypt failed ");
return -1;
}
if(auth_cal(buf,buf2,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
if(cipher_encrypt(buf2,output,len,normal_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
return 0;
}
int my_decrypt(const char *data, char *output, int &len /*,char * key*/) {
int my_decrypt(const char *data,char *output,int &len /*,char * key*/)
{
if(len<0) return -1;
if (len > max_data_len) {
mylog(log_warn, "len>max_data_len");
return -1;
}
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
if(is_hmac_used)
return decrypt_AE(data,output,len);
if (cipher_decrypt(data, output, len, normal_key) != 0) {
mylog(log_debug, "cipher_decrypt failed \n");
return -1;
}
if (auth_verify(output, len) != 0) {
mylog(log_debug, "auth_verify failed\n");
return -1;
}
if(cipher_decrypt(data,output,len,normal_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
if(auth_verify(output,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
return 0;
}
int encrypt_AEAD(uint8_t *data, uint8_t *output, int &len, uint8_t *key, uint8_t *header, int hlen) {
int encrypt_AEAD(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
{
//TODO
return -1;
}
int decrypt_AEAD(uint8_t *data, uint8_t *output, int &len, uint8_t *key, uint8_t *header, int hlen) {
int decrypt_AEAD(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
{
//TODO
return -1;
}

20
encrypt.h Normal file → Executable file
View File

@@ -1,10 +1,13 @@
#ifndef UDP2RAW_ENCRYPTION_H_
#define UDP2RAW_ENCRYPTION_H_
//#include "aes.h"
//#include "md5.h"
#include "common.h"
//using namespace std;
//extern char key[16];
@@ -16,20 +19,15 @@ int my_init_keys(const char *, int);
int my_encrypt(const char *data,char *output,int &len);
int my_decrypt(const char *data,char *output,int &len);
unsigned short csum(const unsigned short *ptr,int nbytes) ;
enum auth_mode_t { auth_none = 0,
auth_md5,
auth_crc32,
auth_simple,
auth_hmac_sha1,
auth_end };
enum cipher_mode_t { cipher_none = 0,
cipher_aes128cbc,
cipher_xor,
cipher_aes128cfb,
cipher_end };
enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_hmac_sha1,auth_end};
enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_aes128cfb,cipher_end};
extern auth_mode_t auth_mode;
extern cipher_mode_t cipher_mode;

31
fd_manager.cpp
View File

@@ -5,49 +5,60 @@
* Author: root
*/
#include "fd_manager.h"
int fd_manager_t::fd_exist(int fd) {
int fd_manager_t::fd_exist(int fd)
{
return fd_to_fd64_mp.find(fd)!=fd_to_fd64_mp.end();
}
int fd_manager_t::exist(fd64_t fd64) {
int fd_manager_t::exist(fd64_t fd64)
{
return fd64_to_fd_mp.find(fd64)!=fd64_to_fd_mp.end();
}
int fd_manager_t::to_fd(fd64_t fd64) {
int fd_manager_t::to_fd(fd64_t fd64)
{
assert(exist(fd64));
return fd64_to_fd_mp[fd64];
}
void fd_manager_t::fd64_close(fd64_t fd64) {
void fd_manager_t::fd64_close(fd64_t fd64)
{
assert(exist(fd64));
int fd=fd64_to_fd_mp[fd64];
fd64_to_fd_mp.erase(fd64);
fd_to_fd64_mp.erase(fd);
if (exist_info(fd64)) {
if(exist_info(fd64))
{
fd_info_mp.erase(fd64);
}
//assert(close(fd)==0);
sock_close(fd);
}
void fd_manager_t::reserve(int n) {
void fd_manager_t::reserve(int n)
{
fd_to_fd64_mp.reserve(n);
fd64_to_fd_mp.reserve(n);
fd_info_mp.reserve(n);
}
u64_t fd_manager_t::create(int fd) {
u64_t fd_manager_t::create(int fd)
{
assert(!fd_exist(fd));
fd64_t fd64=counter++;
fd_to_fd64_mp[fd]=fd64;
fd64_to_fd_mp[fd64]=fd;
return fd64;
}
fd_manager_t::fd_manager_t() {
fd_manager_t::fd_manager_t()
{
counter=u32_t(-1);
counter+=100;
reserve(10007);
}
fd_info_t& fd_manager_t::get_info(fd64_t fd64) {
fd_info_t & fd_manager_t::get_info(fd64_t fd64)
{
assert(exist(fd64));
return fd_info_mp[fd64];
}
int fd_manager_t::exist_info(fd64_t fd64) {
int fd_manager_t::exist_info(fd64_t fd64)
{
return fd_info_mp.find(fd64)!=fd_info_mp.end();
}

4
fd_manager.h
View File

@@ -12,7 +12,8 @@
//#include "packet.h"
#include "connection.h"
struct fd_info_t {
struct fd_info_t
{
//ip_port_t ip_port;
conn_info_t *p_conn_info;
};
@@ -28,7 +29,6 @@ struct fd_manager_t // conver fd to a uniq 64bit number,avoid fd value conflict
void reserve(int n);
u64_t create(int fd);
fd_manager_t();
private:
u64_t counter;
unordered_map<int,fd64_t> fd_to_fd64_mp;

1
images/multiplatform/init Normal file
View File

@@ -0,0 +1 @@

BIN
images/multiplatform/mp1.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
images/multiplatform/mp2.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
images/multiplatform/mp3.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
images/multiplatform/mp4.5.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
images/multiplatform/mp4.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
images/multiplatform/mp5.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/multiplatform/mp6.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
images/multiplatform/mp7.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

9
log.cpp Normal file → Executable file
View File

@@ -7,9 +7,11 @@ int enable_log_position = 0;
int enable_log_color=1;
void log0(const char * file,const char * function,int line,int level,const char* str, ...) {
if(level>log_level) return ;
if(level>log_trace||level<0) return ;
time_t timer;
char buffer[100];
struct tm* tm_info;
@@ -37,12 +39,14 @@ void log0(const char* file, const char* function, int line, int level, const cha
//printf(log_color[level]);
fflush(stdout);
if (log_level == log_fatal) {
if(log_level==log_fatal)
{
about_to_exit=1;
}
}
void log_bare(int level, const char* str, ...) {
void log_bare(int level,const char* str, ...)
{
if(level>log_level) return ;
if(level>log_trace||level<0) return ;
if(enable_log_color)
@@ -54,4 +58,5 @@ void log_bare(int level, const char* str, ...) {
if(enable_log_color)
printf("%s",RESET);
fflush(stdout);
}

7
log.h Normal file → Executable file
View File

@@ -2,10 +2,13 @@
#ifndef UDP2RAW_LOG_MYLOG_H_
#define UDP2RAW_LOG_MYLOG_H_
#include "common.h"
using namespace std;
#define RED "\x1B[31m"
#define GRN "\x1B[32m"
#define YEL "\x1B[33m"
@@ -15,6 +18,7 @@ using namespace std;
#define WHT "\x1B[37m"
#define RESET "\x1B[0m"
const int log_never=0;
const int log_fatal=1;
const int log_error=2;
@@ -31,6 +35,7 @@ extern int log_level;
extern int enable_log_position;
extern int enable_log_color;
#ifdef MY_DEBUG
#define mylog(__first_argu__dummy_abcde__,...) printf(__VA_ARGS__)
@@ -38,10 +43,12 @@ extern int enable_log_color;
#define mylog(...) log0(__FILE__,__FUNCTION__,__LINE__,__VA_ARGS__)
#endif
//#define mylog(__first_argu__dummy_abcde__,...) {;}
void log0(const char * file,const char * function,int line,int level,const char* str, ...);
void log_bare(int level,const char* str, ...);
#endif

65
main.cpp Normal file → Executable file
View File

@@ -7,31 +7,32 @@
#include "encrypt.h"
#include "fd_manager.h"
void sigpipe_cb(struct ev_loop *l, ev_signal *w, int revents) {
void sigpipe_cb(struct ev_loop *l, ev_signal *w, int revents)
{
mylog(log_info, "got sigpipe, ignored");
}
void sigterm_cb(struct ev_loop *l, ev_signal *w, int revents) {
void sigterm_cb(struct ev_loop *l, ev_signal *w, int revents)
{
mylog(log_info, "got sigterm, exit");
myexit(0);
}
void sigint_cb(struct ev_loop *l, ev_signal *w, int revents) {
void sigint_cb(struct ev_loop *l, ev_signal *w, int revents)
{
mylog(log_info, "got sigint, exit");
myexit(0);
}
int client_event_loop();
int server_event_loop();
int main(int argc, char *argv[]) {
int main(int argc, char *argv[])
{
assert(sizeof(unsigned short)==2);
assert(sizeof(unsigned int)==4);
assert(sizeof(unsigned long long)==8);
#ifdef UDP2RAW_MP
init_ws();
#endif
dup2(1, 2);//redirect stderr to stdout
#if defined(__MINGW32__)
@@ -40,37 +41,41 @@ int main(int argc, char *argv[]) {
pre_process_arg(argc,argv);
ev_signal signal_watcher_sigpipe;
ev_signal signal_watcher_sigterm;
ev_signal signal_watcher_sigint;
if (program_mode == client_mode) {
if(program_mode==client_mode)
{
struct ev_loop* loop=ev_default_loop(0);
#if !defined(__MINGW32__)
ev_signal signal_watcher_sigpipe;
ev_signal_init(&signal_watcher_sigpipe, sigpipe_cb, SIGPIPE);
ev_signal_start(loop, &signal_watcher_sigpipe);
#endif
ev_signal signal_watcher_sigterm;
ev_signal_init(&signal_watcher_sigterm, sigterm_cb, SIGTERM);
ev_signal_start(loop, &signal_watcher_sigterm);
ev_signal signal_watcher_sigint;
ev_signal_init(&signal_watcher_sigint, sigint_cb, SIGINT);
ev_signal_start(loop, &signal_watcher_sigint);
} else {
#ifdef UDP2RAW_LINUX
}
else
{
mylog(log_fatal,"server mode not supported in multi-platform version\n");
myexit(-1);
/*
signal(SIGINT, signal_handler);
signal(SIGHUP, signal_handler);
signal(SIGKILL, signal_handler);
signal(SIGTERM, signal_handler);
signal(SIGQUIT, signal_handler);
#else
mylog(log_fatal, "server mode not supported in multi-platform version\n");
myexit(-1);
#endif
*/
}
#if !defined(__MINGW32__)
if (geteuid() != 0) {
if(geteuid() != 0)
{
mylog(log_warn,"root check failed, it seems like you are using a non-root account. we can try to continue, but it may fail. If you want to run udp2raw as non-root, you have to add iptables rule manually, and grant udp2raw CAP_NET_RAW capability, check README.md in repo for more info.\n");
} else {
}
else
{
mylog(log_warn,"you can run udp2raw with non-root account for better security. check README.md in repo for more info.\n");
}
#endif
@@ -86,20 +91,20 @@ int main(int argc, char *argv[]) {
my_init_keys(key_string,program_mode==client_mode?1:0);
iptables_rule();
//init_raw_socket();
//init_raw_socket() has to be done after dev dectection in mp version
#ifdef UDP2RAW_LINUX
init_raw_socket();
#endif
if (program_mode == client_mode) {
if(program_mode==client_mode)
{
client_event_loop();
} else {
#ifdef UDP2RAW_LINUX
server_event_loop();
#else
}
else
{
mylog(log_fatal,"server mode not supported in multi-platform version\n");
myexit(-1);
#endif
/*
server_event_loop();
*/
}
return 0;

160
makefile
View File

@@ -1,133 +1,97 @@
cc_cross=/home/wangyu/Desktop/arm-2014.05/bin/arm-none-linux-gnueabi-g++
cc_local=g++
#cc_local=/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-g++
#cc_mips34kc=/toolchains/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
cc_mips24kc_be=/toolchains/lede-sdk-17.01.2-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl-1.1.16/bin/mips-openwrt-linux-musl-g++
cc_mips24kc_le=/toolchains/lede-sdk-17.01.2-ramips-mt7621_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl-1.1.16/bin/mipsel-openwrt-linux-musl-g++
cc_arm= /toolchains/lede-sdk-17.01.2-bcm53xx_gcc-5.4.0_musl-1.1.16_eabi.Linux-x86_64/staging_dir/toolchain-arm_cortex-a9_gcc-5.4.0_musl-1.1.16_eabi/bin/arm-openwrt-linux-c++
cc_mingw_cross=i686-w64-mingw32-g++-posix
cc_mac_cross=o64-clang++ -stdlib=libc++
cc_x86=/toolchains/lede-sdk-17.01.2-x86-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-i386_pentium4_gcc-5.4.0_musl-1.1.16/bin/i486-openwrt-linux-c++
cc_amd64=/toolchains/lede-sdk-17.01.2-x86-64_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-x86_64_gcc-5.4.0_musl-1.1.16/bin/x86_64-openwrt-linux-c++
#cc_arm= /toolchains/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabi/bin/arm-linux-gnueabi-g++ -march=armv6 -marm
cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++
#cc_arm=/toolchains/lede-sdk-17.01.2-brcm2708-bcm2708_gcc-5.4.0_musl-1.1.16_eabi.Linux-x86_64/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-5.4.0_musl-1.1.16_eabi/bin/arm-openwrt-linux-muslgnueabi-g++
#cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++
cc_tmp= /home/wangyu/OpenWrt-SDK-15.05-x86-64_gcc-4.8-linaro_uClibc-0.9.33.2.Linux-x86_64/staging_dir/toolchain-x86_64_gcc-4.8-linaro_uClibc-0.9.33.2/bin/x86_64-openwrt-linux-uclibc-g++
cc_mingw_cross=i686-w64-mingw32-g++-posix
FLAGS= -std=c++11 -Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -Wno-missing-field-initializers ${OPT}
COMMON=main.cpp lib/md5.cpp lib/pbkdf2-sha1.cpp lib/pbkdf2-sha256.cpp encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp client.cpp server.cpp -lpthread
COMMON=main.cpp lib/md5.cpp encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp client.cpp -lpthread
SOURCES0= $(COMMON) lib/aes_faster_c/aes.cpp lib/aes_faster_c/wrapper.cpp
SOURCES= ${SOURCES0} my_ev.cpp -isystem libev
SOURCES_AES_ACC= $(COMMON) $(wildcard lib/aes_acc/aes*.c) my_ev.cpp -isystem libev
PCAP="-lpcap"
MP="-DUDP2RAW_MP"
LIBNET=-D_DEFAULT_SOURCE `libnet-config --defines` `libnet-config --libs`
NAME=udp2raw
SOURCES0= $(COMMON) lib/aes_faster_c/aes.cpp lib/aes_faster_c/wrapper.cpp lib/pbkdf2-sha1.cpp lib/pbkdf2-sha256.cpp
SOURCES=${SOURCES0} my_ev.cpp -isystem libev
SOURCES_TINY_AES= $(COMMON) lib/aes.cpp
SOURCES_AES_ACC=$(COMMON) $(wildcard lib/aes_acc/aes*.c)
NAME=udp2raw_mp
OUTPUTS=${NAME} ${NAME}_nolibnet ${NAME}.exe ${NAME}_nolibnet.exe
TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
TAR=${NAME}_binaries.tar.gz `echo ${TARGETS}|sed -r 's/([^ ]+)/udp2raw_\1/g'` version.txt
TAR=${NAME}_binaries.tar.gz `echo ${TARGETS}|sed -r 's/([^ ]+)/${NAME}_\1/g'` version.txt
TARGETS_MP= mingw_cross mingw_cross_wepoll mac_cross
export STAGING_DIR=/tmp/ #just for supress warning of staging_dir not define
# targets for nativei (non-cross) compile
all:git_version
rm -f ${NAME}
${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -ggdb -static -O2
echo "\ndo not use 'make all', instead, use 'make linux' 'make mac' 'make freebsd' 'make cygwin' \nyou can also try 'make linux_nolibnet' 'make mac_nolibnet' 'make freebsd_nolibnet' "
#dynamic link
dynamic: git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -O2
cygwin:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME}_nolibnet -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -lrt -ggdb -static -O2 -D_GNU_SOURCE
#targes for general cross compile
mingw:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME}_nolibnet -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32
cross:git_version
${cc_cross} -o ${NAME}_cross -I. ${SOURCES} ${FLAGS} -lrt -O2
mingw_cross:git_version
${cc_mingw_cross} -o ${NAME}_nolibnet.exe -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32
cross2:git_version
${cc_cross} -o ${NAME}_cross -I. ${SOURCES} ${FLAGS} -lrt -static -lgcc_eh -O2
mingw_cross_wepoll:git_version
${cc_mingw_cross} -o ${NAME}_nolibnet_wepoll.exe -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32
cross3:git_version
${cc_cross} -o ${NAME}_cross -I. ${SOURCES} ${FLAGS} -lrt -static -O2
linux:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME} -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2
linux_nolibnet:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME}_nolibnet -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 -DNO_LIBNET
freebsd:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME} -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2
freebsd_nolibnet:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME}_nolibnet -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 -DNO_LIBNET
mac:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME} -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -ggdb -O2
mac_nolibnet:git_version
rm -f ${OUTPUTS}
${cc_local} -o ${NAME}_nolibnet -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 -DNO_LIBNET
mac_nolibnet_static:git_version #it doesnt work
rm -f ${OUTPUTS}
${cc_local} -o ${NAME} -I. ${SOURCES} -static-libstdc++ /usr/local/Cellar/libpcap/1.8.1/lib/libpcap.a ${FLAGS} -ggdb -O2 -DNO_LIBNET
#targets only for debug purpose
fast: git_version
rm -f ${NAME}
${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -ggdb
debug: git_version
rm -f ${NAME}
${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG -ggdb
${cc_local} -o ${NAME} -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2 -Wformat-nonliteral -D MY_DEBUG
debug2: git_version
rm -f ${NAME}
${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address
#targets only for 'make release'
mips24kc_be: git_version
${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O2
mips24kc_be_asm_aes: git_version
${cc_mips24kc_be} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O2 lib/aes_acc/asm/mips_be.S
mips24kc_le: git_version
${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O2
mips24kc_le_asm_aes: git_version
${cc_mips24kc_le} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O2 lib/aes_acc/asm/mips.S
amd64:git_version
${cc_amd64} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh -ggdb
amd64_hw_aes:git_version
${cc_amd64} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/x64.S -lgcc_eh -ggdb
x86:git_version
${cc_x86} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh -ggdb
x86_asm_aes:git_version
${cc_x86} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/x86.S -lgcc_eh -ggdb
arm:git_version
${cc_arm} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -static -O2 -lgcc_eh
arm_asm_aes:git_version
${cc_arm} -o ${NAME}_$@ -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O2 lib/aes_acc/asm/arm.S -lgcc_eh
release: ${TARGETS}
cp git_version.h version.txt
tar -zcvf ${TAR}
#targets for multi-platform version (native compile)
cygwin:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -lrt -ggdb -static -O2 -D_GNU_SOURCE ${MP}
mingw:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32 ${MP}
mingw_wepoll:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32 ${MP}
linux:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 ${MP}
freebsd:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -libverbs -O2 ${MP}
mac:git_version
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 ${MP}
#targets for multi-platform version (cross compile)
mingw_cross:git_version
${cc_mingw_cross} -o ${NAME}_mp.exe -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32 ${MP}
mingw_cross_wepoll:git_version
${cc_mingw_cross} -o ${NAME}_mp_wepoll.exe -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32 ${MP}
mac_cross:git_version
${cc_mac_cross} -o ${NAME}_mp_mac -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 ${MP}
release_mp:${TARGETS_MP}
cp git_version.h version.txt
tar -zcvf ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac version.txt
${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
#dynamic: git_version
# ${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${FLAGS} -lrt -O3
clean:
rm -f ${TAR}
rm -f ${NAME} ${NAME}_cross ${NAME}.exe ${NAME}_wepoll.exe ${NAME}_mac
rm -f ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac
rm -f udp2raw.exe ${OUTPUTS}
rm -f udp2raw udp2raw_cross udp2raw_cmake udp2raw_dynamic
rm -f git_version.h
git_version:

689
misc.cpp
View File

File diff suppressed because it is too large Load Diff

45
misc.h
View File

@@ -8,6 +8,7 @@
#ifndef MISC_H_
#define MISC_H_
#include "common.h"
#include "log.h"
#include "network.h"
@@ -25,6 +26,7 @@ extern int enable_dns_resolve;
extern int ttl_value;
const u32_t max_handshake_conn_num=10000;
const u32_t max_ready_conn_num=1000;
const u32_t anti_replay_window_size=4000;
@@ -43,6 +45,7 @@ const int conn_clear_min = 1;
const u32_t conv_clear_interval=1000;//ms
const u32_t conn_clear_interval=1000;//ms
const i32_t max_fail_time=0;//disable
const u32_t heartbeat_interval=600;//ms
@@ -60,33 +63,24 @@ const uint32_t server_conn_timeout = conv_timeout + 60000; // ms. this should b
const u32_t iptables_rule_keep_interval=20;//unit: second;
enum server_current_state_t { server_idle = 0,
server_handshake1,
server_ready }; // server state machine
enum client_current_state_t { client_idle = 0,
client_tcp_handshake,
client_handshake1,
client_handshake2,
client_ready,
client_tcp_handshake_dummy }; // client state machine
enum server_current_state_t {server_idle=0,server_handshake1,server_ready}; //server state machine
enum client_current_state_t {client_idle=0,client_tcp_handshake,client_handshake1,client_handshake2,client_ready,client_tcp_handshake_dummy};//client state machine
enum raw_mode_t { mode_faketcp = 0,
mode_udp,
mode_icmp,
mode_end };
enum program_mode_t { unset_mode = 0,
client_mode,
server_mode };
enum raw_mode_t{mode_faketcp=0,mode_udp,mode_icmp,mode_end};
enum program_mode_t {unset_mode=0,client_mode,server_mode};
union current_state_t {
union current_state_t
{
server_current_state_t server_current_state;
client_current_state_t client_current_state;
};
extern char remote_address[max_addr_len];
//extern char remote_address[max_address_len];
// extern char local_ip[100], remote_ip[100],source_ip[100];//local_ip is for -l option,remote_ip for -r option,source for --source-ip
// extern u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
// extern int local_port , remote_port,source_port;//similiar to local_ip remote_ip,buf for port.source_port=0 indicates --source-port is not enabled
extern char local_ip[100], remote_ip[100],source_ip[100];//local_ip is for -l option,remote_ip for -r option,source for --source-ip
extern u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
extern int local_port , remote_port,source_port;//similiar to local_ip remote_ip,buf for port.source_port=0 indicates --source-port is not enabled
extern address_t local_addr,remote_addr,source_addr;
@@ -101,12 +95,13 @@ extern my_id_t const_id; // an id used for connection recovery,its generated ra
extern int udp_fd; //for client only. client use this fd to listen and handle udp connection
extern int bind_fd; //bind only,never send or recv. its just a dummy fd for bind,so that other program wont occupy the same port
extern int epollfd; // fd for epoll
extern int timer_fd; // the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
//extern int epollfd; //fd for epoll
//extern int timer_fd; //the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
extern int fail_time_counter;//determine if the max_fail_time is reached
extern int epoll_trigger_counter;//for debug only
extern int debug_flag;//for debug only
extern int simple_rule; //deprecated.
extern int keep_rule; //whether to monitor the iptables rule periodly,re-add if losted
extern int auto_add_iptables_rule;//if -a is set
@@ -120,6 +115,7 @@ extern int debug_resend; // debug only
extern char key_string[1000];// -k option
extern char fifo_file[1000];
extern raw_mode_t raw_mode;
extern u32_t raw_ip_version;
@@ -133,6 +129,9 @@ extern int socket_buf_size;
extern pthread_t keep_thread;
extern int keep_thread_running;
int process_lower_level_arg();
void print_help();
void iptables_rule();
@@ -150,6 +149,8 @@ int iptables_gen_add(const char *s, u32_t const_id);
int iptables_rule_init(const char * s,u32_t const_id,int keep);
int keep_iptables_rule();
void signal_handler(int sig);
#endif /* MISC_H_ */

1
my_ev.h
View File

@@ -2,3 +2,4 @@
#include "my_ev_common.h"
#include "ev.h"

5
my_ev_common.h
View File

@@ -1,8 +1,6 @@
#define EV_STANDALONE 1
#define EV_COMMON \
void *data; \
unsigned long long u64;
#define EV_COMMON void *data; unsigned long long u64;
#define EV_COMPAT3 0
//#include <wepoll.h>
@@ -17,3 +15,4 @@
#endif
//#define EV_VERIFY 2

1076
network.cpp
View File

File diff suppressed because it is too large Load Diff

62
network.h
View File

@@ -14,11 +14,11 @@ extern int use_tcp_dummy_socket;
extern int seq_mode;
extern int max_seq_mode;
extern int filter_port;
// extern u32_t bind_address_uint32;
extern u32_t bind_address_uint32;
extern int disable_bpf_filter;
extern int lower_level;
extern int lower_level_manual;
//extern int lower_level;
//extern int lower_level_manual;
extern char if_name[100];
extern char dev[100];
extern unsigned char dest_hw_addr[];
@@ -30,7 +30,7 @@ extern int ifindex;
extern char g_packet_buf[huge_buf_len];
extern int g_packet_buf_len;
extern int g_packet_buf_cnt;
#ifdef UDP2RAW_MP
extern queue_t my_queue;
extern ev_async async_watcher;
@@ -47,16 +47,17 @@ extern int send_with_pcap;
extern int pcap_header_captured;
extern int pcap_header_buf[buf_len];
struct icmphdr {
struct icmphdr
{
uint8_t type;
uint8_t code;
uint16_t check_sum;
uint16_t id;
uint16_t seq;
};
#endif
struct my_iphdr {
struct my_iphdr
{
#ifdef UDP2RAW_LITTLE_ENDIAN
unsigned char ihl:4;
unsigned char version:4;
@@ -76,8 +77,11 @@ struct my_iphdr {
/*The options start here. */
};
struct my_udphdr {
/*__extension__*/ union {
struct my_udphdr
{
/*__extension__*/ union
{
struct
{
u_int16_t uh_sport; /* source port */
@@ -95,8 +99,11 @@ struct my_udphdr {
};
};
struct my_tcphdr {
/*__extension__*/ union {
struct my_tcphdr
{
/*__extension__*/ union
{
struct
{
u_int16_t th_sport; /* source port */
@@ -155,7 +162,9 @@ struct my_tcphdr {
};
};
struct my_ip6hdr {
struct my_ip6hdr
{
# ifdef UDP2RAW_LITTLE_ENDIAN
uint8_t traffic_class_high:4;
uint8_t version:4;
@@ -176,7 +185,8 @@ struct my_ip6hdr {
struct in6_addr dst;
};
struct my_icmphdr {
struct my_icmphdr
{
uint8_t type;
uint8_t code;
uint16_t check_sum;
@@ -207,6 +217,9 @@ struct packet_info_t // todo change this to union
//u32_t src_ip;
//u32_t dst_ip;
u32_t src_ip;
u32_t dst_ip;
my_ip_t new_src_ip;
my_ip_t new_dst_ip;
@@ -222,26 +235,28 @@ struct packet_info_t // todo change this to union
u32_t ts,ts_ack;
uint16_t my_icmp_seq;
bool has_ts;
i32_t data_len;
//sockaddr_ll addr_ll;
#ifdef UDP2RAW_LINUX
sockaddr_ll addr_ll;
#endif
i32_t data_len;
packet_info_t();
};
struct raw_info_t {
struct raw_info_t
{
packet_info_t send_info;
packet_info_t recv_info;
//int last_send_len;
//int last_recv_len;
bool peek=0;
//bool csum=1;
u32_t reserved_send_seq;
//uint32_t first_seq,first_ack_seq;
int rst_received=0;
@@ -249,19 +264,16 @@ struct raw_info_t {
};//g_raw_info;
int init_raw_socket();
void init_filter(int port);
void remove_filter();
#ifdef UDP2RAW_LINUX
int init_ifindex(const char *if_name, int fd, int &index);
#endif
#ifdef UDP2RAW_MP
//int init_ifindex(const char * if_name,int fd,int &index);
int init_ifindex(const char * if_name,int &index);
#endif
int find_lower_level_info(u32_t ip,u32_t &dest_ip,string &if_name,string &hw);
@@ -275,7 +287,6 @@ int client_bind_to_a_new_port(int &bind_fd, u32_t local_ip_uint32); // find a f
int client_bind_to_a_new_port2(int &fd,const address_t& address);
int discard_raw_packet();
int pre_recv_raw_packet();
int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen);
@@ -307,4 +318,5 @@ int after_send_raw0(raw_info_t &raw_info);
int after_recv_raw0(raw_info_t &raw_info);
#endif /* NETWORK_H_ */

34
pcap_wrapper.cpp
View File

@@ -32,23 +32,26 @@ char *(*pcap_lookupdev)(char *) = 0;
int (*pcap_findalldevs)(pcap_if_t **, char *)=0;
struct init_pcap_t {
init_pcap_t() {
struct init_pcap_t
{
init_pcap_t()
{
init_pcap();
}
}do_it;
static void init_npcap_dll_path() {
BOOL(WINAPI * SetDllDirectory)
(LPCTSTR);
static void init_npcap_dll_path()
{
BOOL(WINAPI *SetDllDirectory)(LPCTSTR);
char sysdir_name[512];
int len;
SetDllDirectory = (BOOL(WINAPI *)(LPCTSTR)) GetProcAddress(GetModuleHandle("kernel32.dll"), "SetDllDirectoryA");
if (SetDllDirectory == NULL) {
printf("Error in SetDllDirectory\n");
} else {
}
else {
len = GetSystemDirectory(sysdir_name, 480); // be safe
if (!len)
printf("Error in GetSystemDirectory (%d)\n", (int)GetLastError());
@@ -58,22 +61,24 @@ static void init_npcap_dll_path() {
}
}
#define EXPORT_FUN(XXX) \
do { \
XXX = (__typeof__(XXX))GetProcAddress(wpcap, #XXX); \
} while (0)
int init_pcap() {
#define EXPORT_FUN(XXX) do{ XXX= (__typeof__(XXX)) GetProcAddress(wpcap, #XXX); }while(0)
int init_pcap()
{
HMODULE wpcap=LoadLibrary("wpcap.dll");
if (wpcap != 0) {
if(wpcap!=0)
{
printf("using system32/wpcap.dll\n");
} else {
}
else
{
init_npcap_dll_path();
//SetDllDirectory("C:\\Windows\\System32\\Npcap\\");
wpcap=LoadLibrary("wpcap.dll");
if(wpcap!=0)
printf("using system32/npcap/wpcap.dll\n");
}
if (wpcap == 0) {
if(wpcap==0)
{
printf("cant not open wpcap.dll, make sure winpcap/npcap is installed\n");
exit(-1);
}
@@ -116,4 +121,5 @@ int init_pcap() {
//pcap_loop = (__typeof__(pcap_loop))GetProcAddress(wpcap, "pcap_loop");
*/
return 0;
}

20
pcap_wrapper.h
View File

@@ -7,12 +7,14 @@
//#include <sys/time.h>
//#include <stdint.h>
struct bpf_program {
char a[4096];
struct bpf_program
{
char a[2000];
};
struct pcap_t {
char a[4096];
struct pcap_t
{
char a[2000];
};
typedef unsigned int bpf_u_int32;
@@ -34,6 +36,7 @@ typedef enum {
PCAP_D_OUT
} pcap_direction_t;
struct pcap_addr {
struct pcap_addr *next;
struct sockaddr *addr; /* address */
@@ -53,8 +56,11 @@ struct pcap_if {
typedef struct pcap_if pcap_if_t;
typedef struct pcap_addr pcap_addr_t;
typedef unsigned char u_char;
#define PCAP_ERRBUF_SIZE 256
#define DLT_NULL 0 /* BSD loopback encapsulation */
@@ -106,12 +112,16 @@ extern char *(*pcap_lookupdev)(char *);
extern int (*pcap_findalldevs)(pcap_if_t **, char *);
inline int pcap_set_immediate_mode(pcap_t *, int) {
inline int pcap_set_immediate_mode(pcap_t *,int)
{
return 0;
}
//#ifdef __cplusplus
//}
//#endif
int init_pcap();

800
server.cpp
View File

@@ -1,800 +0,0 @@
/*
* server.cpp
*
* Created on: Aug 29, 2018
* Author: root
*/
#ifndef UDP2RAW_MP
#include "common.h"
#include "network.h"
#include "connection.h"
#include "misc.h"
#include "log.h"
#include "lib/md5.h"
#include "encrypt.h"
#include "fd_manager.h"
int server_on_timer_multi(conn_info_t &conn_info) // for server. called when a timer is ready in epoll.for server,there will be one timer for every connection
// there is also a global timer for server,but its not handled here
{
char ip_port[max_addr_len];
// u32_t ip=conn_info.raw_info.send_info.dst_ip;
// u32_t port=conn_info.raw_info.send_info.dst_port;
address_t tmp_addr;
tmp_addr.from_ip_port_new(raw_ip_version, &conn_info.raw_info.send_info.new_dst_ip, conn_info.raw_info.send_info.dst_port);
// sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
tmp_addr.to_str(ip_port);
// keep_iptables_rule();
mylog(log_trace, "server timer!\n");
raw_info_t &raw_info = conn_info.raw_info;
assert(conn_info.state.server_current_state == server_ready);
if (conn_info.state.server_current_state == server_ready) {
conn_info.blob->conv_manager.s.clear_inactive(ip_port);
/*
if( get_current_time()-conn_info.last_hb_recv_time>heartbeat_timeout )
{
mylog(log_trace,"%lld %lld\n",get_current_time(),conn_info.last_state_time);
conn_info.server_current_state=server_nothing;
//conn_manager.current_ready_ip=0;
//conn_manager.current_ready_port=0;
mylog(log_info,"changed state to server_nothing\n");
return 0;
}*/
// dont need to do this at server,conn_manger will clear expired connections
if (get_current_time() - conn_info.last_hb_sent_time < heartbeat_interval) {
return 0;
}
if (hb_mode == 0)
send_safer(conn_info, 'h', hb_buf, 0); /////////////send
else
send_safer(conn_info, 'h', hb_buf, hb_len);
conn_info.last_hb_sent_time = get_current_time();
mylog(log_debug, "heart beat sent<%x,%x>\n", conn_info.my_id, conn_info.oppsite_id);
} else {
mylog(log_fatal, "this shouldnt happen!\n");
myexit(-1);
}
return 0;
}
int server_on_raw_recv_ready(conn_info_t &conn_info, char *ip_port, char type, char *data, int data_len) // called while the state for a connection is server_ready
// receives data and heart beat by recv_safer.
{
raw_info_t &raw_info = conn_info.raw_info;
packet_info_t &send_info = conn_info.raw_info.send_info;
packet_info_t &recv_info = conn_info.raw_info.recv_info;
// char ip_port[40];
// sprintf(ip_port,"%s:%d",my_ntoa(recv_info.src_ip),recv_info.src_port);
/*
if (recv_info.src_ip != send_info.dst_ip
|| recv_info.src_port != send_info.dst_port) {
mylog(log_debug, "unexpected adress\n");
return 0;
}*/
if (type == 'h' && data_len >= 0) {
// u32_t tmp = ntohl(*((u32_t *) &data[sizeof(u32_t)]));
mylog(log_debug, "[%s][hb]received hb \n", ip_port);
conn_info.last_hb_recv_time = get_current_time();
return 0;
} else if (type == 'd' && data_len >= int(sizeof(u32_t))) {
// u32_t tmp_conv_id = ntohl(*((u32_t *) &data[0]));
my_id_t tmp_conv_id;
memcpy(&tmp_conv_id, &data[0], sizeof(tmp_conv_id));
tmp_conv_id = ntohl(tmp_conv_id);
if (hb_mode == 0)
conn_info.last_hb_recv_time = get_current_time();
mylog(log_trace, "conv:%u\n", tmp_conv_id);
if (!conn_info.blob->conv_manager.s.is_conv_used(tmp_conv_id)) {
if (conn_info.blob->conv_manager.s.get_size() >= max_conv_num) {
mylog(log_warn,
"[%s]ignored new conv %x connect bc max_conv_num exceed\n", ip_port,
tmp_conv_id);
return 0;
}
/*
struct sockaddr_in remote_addr_in={0};
socklen_t slen = sizeof(sockaddr_in);
//memset(&remote_addr_in, 0, sizeof(remote_addr_in));
remote_addr_in.sin_family = AF_INET;
remote_addr_in.sin_port = htons(remote_port);
remote_addr_in.sin_addr.s_addr = remote_ip_uint32;
int new_udp_fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (new_udp_fd < 0) {
mylog(log_warn, "[%s]create udp_fd error\n",ip_port);
return -1;
}
setnonblocking(new_udp_fd);
set_buf_size(new_udp_fd,socket_buf_size);
mylog(log_debug, "[%s]created new udp_fd %d\n",ip_port, new_udp_fd);
int ret = connect(new_udp_fd, (struct sockaddr *) &remote_addr_in,
slen);
if (ret != 0) {
mylog(log_warn, "udp fd connect fail\n");
close(new_udp_fd);
return -1;
}*/
int new_udp_fd = remote_addr.new_connected_udp_fd();
if (new_udp_fd < 0) {
mylog(log_warn, "[%s]new_connected_udp_fd() failed\n", ip_port);
return -1;
}
struct epoll_event ev;
fd64_t new_udp_fd64 = fd_manager.create(new_udp_fd);
fd_manager.get_info(new_udp_fd64).p_conn_info = &conn_info;
mylog(log_trace, "[%s]u64: %lld\n", ip_port, new_udp_fd64);
ev.events = EPOLLIN;
ev.data.u64 = new_udp_fd64;
int ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, new_udp_fd, &ev);
if (ret != 0) {
mylog(log_warn, "[%s]add udp_fd error\n", ip_port);
close(new_udp_fd);
return -1;
}
conn_info.blob->conv_manager.s.insert_conv(tmp_conv_id, new_udp_fd64);
// assert(conn_manager.udp_fd_mp.find(new_udp_fd)==conn_manager.udp_fd_mp.end());
// conn_manager.udp_fd_mp[new_udp_fd] = &conn_info;
// pack_u64(conn_info.raw_info.recv_info.src_ip,conn_info.raw_info.recv_info.src_port);
mylog(log_info, "[%s]new conv conv_id=%x, assigned fd=%d\n", ip_port,
tmp_conv_id, new_udp_fd);
}
fd64_t fd64 = conn_info.blob->conv_manager.s.find_data_by_conv(tmp_conv_id);
conn_info.blob->conv_manager.s.update_active_time(tmp_conv_id);
int fd = fd_manager.to_fd(fd64);
mylog(log_trace, "[%s]received a data from fake tcp,len:%d\n", ip_port, data_len);
int ret = send(fd, data + sizeof(u32_t),
data_len - (sizeof(u32_t)), 0);
mylog(log_trace, "[%s]%d byte sent ,fd :%d\n ", ip_port, ret, fd);
if (ret < 0) {
mylog(log_warn, "send returned %d\n", ret);
// perror("what happened????");
}
return 0;
}
return 0;
}
int server_on_raw_recv_pre_ready(conn_info_t &conn_info, char *ip_port, u32_t tmp_oppsite_const_id) // do prepare work before state change to server ready for a specifc connection
// connection recovery is also handle here
{
// u32_t ip;uint16_t port;
// ip=conn_info.raw_info.recv_info.src_ip;
// port=conn_info.raw_info.recv_info.src_port;
// char ip_port[40];
// sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
mylog(log_info, "[%s]received handshake oppsite_id:%x my_id:%x\n", ip_port, conn_info.oppsite_id, conn_info.my_id);
mylog(log_info, "[%s]oppsite const_id:%x \n", ip_port, tmp_oppsite_const_id);
if (conn_manager.const_id_mp.find(tmp_oppsite_const_id) == conn_manager.const_id_mp.end()) {
// conn_manager.const_id_mp=
if (conn_manager.ready_num >= max_ready_conn_num) {
mylog(log_info, "[%s]max_ready_conn_num,cant turn to ready\n", ip_port);
conn_info.state.server_current_state = server_idle;
return 0;
}
conn_info.prepare();
conn_info.state.server_current_state = server_ready;
conn_info.oppsite_const_id = tmp_oppsite_const_id;
conn_manager.ready_num++;
conn_manager.const_id_mp[tmp_oppsite_const_id] = &conn_info;
// conn_info.last_state_time=get_current_time(); //dont change this!!!!!!!!!!!!!!!!!!!!!!!!!
// conn_manager.current_ready_ip=ip;
// conn_manager.current_ready_port=port;
// my_id=conn_info.my_id;
// oppsite_id=conn_info.oppsite_id;
conn_info.last_hb_recv_time = get_current_time();
conn_info.last_hb_sent_time = conn_info.last_hb_recv_time; //=get_current_time()
if (hb_mode == 0)
send_safer(conn_info, 'h', hb_buf, 0); /////////////send
else
send_safer(conn_info, 'h', hb_buf, hb_len);
mylog(log_info, "[%s]changed state to server_ready\n", ip_port);
conn_info.blob->anti_replay.re_init();
// g_conn_info=conn_info;
int new_timer_fd;
set_timer_server(epollfd, new_timer_fd, conn_info.timer_fd64);
fd_manager.get_info(conn_info.timer_fd64).p_conn_info = &conn_info;
// assert(conn_manager.timer_fd_mp.find(new_timer_fd)==conn_manager.timer_fd_mp.end());
// conn_manager.timer_fd_mp[new_timer_fd] = &conn_info;//pack_u64(ip,port);
// timer_fd_mp[new_timer_fd]
/*
if(oppsite_const_id!=0&&tmp_oppsite_const_id!=oppsite_const_id) //TODO MOVE TO READY
{
mylog(log_info,"cleared all conv bc of const id doesnt match\n");
conv_manager.clear();
}*/
// oppsite_const_id=tmp_oppsite_const_id;
} else {
conn_info_t &ori_conn_info = *conn_manager.const_id_mp[tmp_oppsite_const_id];
if (ori_conn_info.state.server_current_state == server_ready) {
if (conn_info.last_state_time < ori_conn_info.last_state_time) {
mylog(log_info, "[%s]conn_info.last_state_time<ori_conn_info.last_state_time. ignored new handshake\n", ip_port);
conn_info.state.server_current_state = server_idle;
conn_info.oppsite_const_id = 0;
return 0;
}
address_t addr1;
addr1.from_ip_port_new(raw_ip_version, &ori_conn_info.raw_info.recv_info.new_src_ip, ori_conn_info.raw_info.recv_info.src_port);
if (!conn_manager.exist(addr1)) // TODO remove this
{
mylog(log_fatal, "[%s]this shouldnt happen\n", ip_port);
myexit(-1);
}
address_t addr2;
addr2.from_ip_port_new(raw_ip_version, &conn_info.raw_info.recv_info.new_src_ip, conn_info.raw_info.recv_info.src_port);
if (!conn_manager.exist(addr2)) // TODO remove this
{
mylog(log_fatal, "[%s]this shouldnt happen2\n", ip_port);
myexit(-1);
}
conn_info_t *&p_ori = conn_manager.find_insert_p(addr1);
conn_info_t *&p = conn_manager.find_insert_p(addr2);
conn_info_t *tmp = p;
p = p_ori;
p_ori = tmp;
mylog(log_info, "[%s]grabbed a connection\n", ip_port);
// ori_conn_info.state.server_current_state=server_ready;
ori_conn_info.recover(conn_info);
// send_safer(ori_conn_info, 'h',hb_buf, hb_len);
// ori_conn_info.blob->anti_replay.re_init();
if (hb_mode == 0)
send_safer(ori_conn_info, 'h', hb_buf, 0); /////////////send
else
send_safer(ori_conn_info, 'h', hb_buf, hb_len);
ori_conn_info.last_hb_recv_time = get_current_time();
conn_info.state.server_current_state = server_idle;
conn_info.oppsite_const_id = 0;
} else {
mylog(log_fatal, "[%s]this should never happen\n", ip_port);
myexit(-1);
}
return 0;
}
return 0;
}
int server_on_raw_recv_handshake1(conn_info_t &conn_info, char *ip_port, char *data, int data_len) // called when server received a handshake1 packet from client
{
packet_info_t &send_info = conn_info.raw_info.send_info;
packet_info_t &recv_info = conn_info.raw_info.recv_info;
raw_info_t &raw_info = conn_info.raw_info;
// u32_t ip=conn_info.raw_info.recv_info.src_ip;
// uint16_t port=conn_info.raw_info.recv_info.src_port;
// char ip_port[40];
// sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
if (data_len < int(3 * sizeof(my_id_t))) {
mylog(log_debug, "[%s] data_len=%d too short to be a handshake\n", ip_port, data_len);
return -1;
}
// id_t tmp_oppsite_id= ntohl(* ((u32_t *)&data[0]));
my_id_t tmp_oppsite_id;
memcpy(&tmp_oppsite_id, (u32_t *)&data[0], sizeof(tmp_oppsite_id));
tmp_oppsite_id = ntohl(tmp_oppsite_id);
// id_t tmp_my_id=ntohl(* ((u32_t *)&data[sizeof(id_t)]));
my_id_t tmp_my_id;
memcpy(&tmp_my_id, &data[sizeof(my_id_t)], sizeof(tmp_my_id));
tmp_my_id = ntohl(tmp_my_id);
if (tmp_my_id == 0) // received init handshake again
{
if (raw_mode == mode_faketcp) {
send_info.seq = recv_info.ack_seq;
send_info.ack_seq = recv_info.seq + raw_info.recv_info.data_len;
send_info.ts_ack = recv_info.ts;
}
if (raw_mode == mode_icmp) {
send_info.my_icmp_seq = recv_info.my_icmp_seq;
}
send_handshake(raw_info, conn_info.my_id, tmp_oppsite_id, const_id); //////////////send
mylog(log_info, "[%s]changed state to server_handshake1,my_id is %x\n", ip_port, conn_info.my_id);
} else if (tmp_my_id == conn_info.my_id) {
conn_info.oppsite_id = tmp_oppsite_id;
// id_t tmp_oppsite_const_id=ntohl(* ((u32_t *)&data[sizeof(id_t)*2]));
my_id_t tmp_oppsite_const_id;
memcpy(&tmp_oppsite_const_id, &data[sizeof(my_id_t) * 2], sizeof(tmp_oppsite_const_id));
tmp_oppsite_const_id = ntohl(tmp_oppsite_const_id);
if (raw_mode == mode_faketcp) {
send_info.seq = recv_info.ack_seq;
send_info.ack_seq = recv_info.seq + raw_info.recv_info.data_len;
send_info.ts_ack = recv_info.ts;
}
if (raw_mode == mode_icmp) {
send_info.my_icmp_seq = recv_info.my_icmp_seq;
}
server_on_raw_recv_pre_ready(conn_info, ip_port, tmp_oppsite_const_id);
} else {
mylog(log_debug, "[%s]invalid my_id %x,my_id is %x\n", ip_port, tmp_my_id, conn_info.my_id);
}
return 0;
}
int server_on_recv_safer_multi(conn_info_t &conn_info, char type, char *data, int data_len) {
return 0;
}
int server_on_raw_recv_multi() // called when server received an raw packet
{
char dummy_buf[buf_len];
raw_info_t peek_raw_info;
peek_raw_info.peek = 1;
packet_info_t &peek_info = peek_raw_info.recv_info;
mylog(log_trace, "got a packet\n");
if (pre_recv_raw_packet() < 0) return -1;
if (peek_raw(peek_raw_info) < 0) {
discard_raw_packet();
// recv(raw_recv_fd, 0,0, 0 );//
// struct sockaddr saddr;
// socklen_t saddr_size=sizeof(saddr);
/// recvfrom(raw_recv_fd, 0,0, 0 ,&saddr , &saddr_size);//
mylog(log_trace, "peek_raw failed\n");
return -1;
} else {
mylog(log_trace, "peek_raw success\n");
}
// u32_t ip=peek_info.src_ip;uint16_t port=peek_info.src_port;
int data_len;
char *data;
address_t addr;
addr.from_ip_port_new(raw_ip_version, &peek_info.new_src_ip, peek_info.src_port);
char ip_port[max_addr_len];
addr.to_str(ip_port);
// sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
mylog(log_trace, "[%s]peek_raw\n", ip_port);
if (raw_mode == mode_faketcp && peek_info.syn == 1) {
if (!conn_manager.exist(addr) || conn_manager.find_insert(addr).state.server_current_state != server_ready) { // reply any syn ,before state become ready
raw_info_t tmp_raw_info;
if (recv_raw0(tmp_raw_info, data, data_len) < 0) {
return 0;
}
if (data_len >= max_data_len + 1) {
mylog(log_debug, "data_len=%d >= max_data_len+1,ignored", data_len);
return -1;
}
if (use_tcp_dummy_socket != 0)
return 0;
raw_info_t &raw_info = tmp_raw_info;
packet_info_t &send_info = raw_info.send_info;
packet_info_t &recv_info = raw_info.recv_info;
send_info.new_src_ip = recv_info.new_dst_ip;
send_info.src_port = recv_info.dst_port;
send_info.dst_port = recv_info.src_port;
send_info.new_dst_ip = recv_info.new_src_ip;
if (lower_level) {
handle_lower_level(raw_info);
}
if (data_len == 0 && raw_info.recv_info.syn == 1 && raw_info.recv_info.ack == 0) {
send_info.ack_seq = recv_info.seq + 1;
send_info.psh = 0;
send_info.syn = 1;
send_info.ack = 1;
send_info.ts_ack = recv_info.ts;
mylog(log_info, "[%s]received syn,sent syn ack back\n", ip_port);
send_raw0(raw_info, 0, 0);
return 0;
}
} else {
discard_raw_packet();
// recv(raw_recv_fd, 0,0,0);
}
return 0;
}
if (!conn_manager.exist(addr)) {
if (conn_manager.mp.size() >= max_handshake_conn_num) {
mylog(log_info, "[%s]reached max_handshake_conn_num,ignored new handshake\n", ip_port);
discard_raw_packet();
// recv(raw_recv_fd, 0,0, 0 );//
return 0;
}
raw_info_t tmp_raw_info;
if (raw_mode == mode_icmp) {
tmp_raw_info.send_info.dst_port = tmp_raw_info.send_info.src_port = addr.get_port();
}
if (recv_bare(tmp_raw_info, data, data_len) < 0) {
return 0;
}
if (data_len < int(3 * sizeof(my_id_t))) {
mylog(log_debug, "[%s]too short to be a handshake\n", ip_port);
return -1;
}
// id_t zero=ntohl(* ((u32_t *)&data[sizeof(id_t)]));
my_id_t zero;
memcpy(&zero, &data[sizeof(my_id_t)], sizeof(zero));
zero = ntohl(zero);
if (zero != 0) {
mylog(log_debug, "[%s]not a invalid initial handshake\n", ip_port);
return -1;
}
mylog(log_info, "[%s]got packet from a new ip\n", ip_port);
conn_info_t &conn_info = conn_manager.find_insert(addr);
conn_info.raw_info = tmp_raw_info;
raw_info_t &raw_info = conn_info.raw_info;
packet_info_t &send_info = conn_info.raw_info.send_info;
packet_info_t &recv_info = conn_info.raw_info.recv_info;
// conn_info.ip_port.ip=ip;
// conn_info.ip_port.port=port;
send_info.new_src_ip = recv_info.new_dst_ip;
send_info.src_port = recv_info.dst_port;
send_info.dst_port = recv_info.src_port;
send_info.new_dst_ip = recv_info.new_src_ip;
if (lower_level) {
handle_lower_level(raw_info);
}
// id_t tmp_oppsite_id= ntohl(* ((u32_t *)&data[0]));
// mylog(log_info,"[%s]handshake1 received %x\n",ip_port,tmp_oppsite_id);
conn_info.my_id = get_true_random_number_nz();
mylog(log_info, "[%s]created new conn,state: server_handshake1,my_id is %x\n", ip_port, conn_info.my_id);
conn_info.state.server_current_state = server_handshake1;
conn_info.last_state_time = get_current_time();
server_on_raw_recv_handshake1(conn_info, ip_port, data, data_len);
return 0;
}
conn_info_t &conn_info = conn_manager.find_insert(addr); // insert if not exist
packet_info_t &send_info = conn_info.raw_info.send_info;
packet_info_t &recv_info = conn_info.raw_info.recv_info;
raw_info_t &raw_info = conn_info.raw_info;
if (conn_info.state.server_current_state == server_handshake1) {
if (recv_bare(raw_info, data, data_len) != 0) {
return -1;
}
return server_on_raw_recv_handshake1(conn_info, ip_port, data, data_len);
}
if (conn_info.state.server_current_state == server_ready) {
vector<char> type_vec;
vector<string> data_vec;
recv_safer_multi(conn_info, type_vec, data_vec);
if (data_vec.empty()) {
mylog(log_debug, "recv_safer failed!\n");
return -1;
}
for (int i = 0; i < (int)type_vec.size(); i++) {
char type = type_vec[i];
char *data = (char *)data_vec[i].c_str(); // be careful, do not append data to it
int data_len = data_vec[i].length();
server_on_raw_recv_ready(conn_info, ip_port, type, data, data_len);
}
return 0;
}
if (conn_info.state.server_current_state == server_idle) {
discard_raw_packet();
// recv(raw_recv_fd, 0,0, 0 );//
return 0;
}
mylog(log_fatal, "we should never run to here\n");
myexit(-1);
return -1;
}
int server_on_udp_recv(conn_info_t &conn_info, fd64_t fd64) {
char buf[buf_len];
if (conn_info.state.server_current_state != server_ready) // TODO remove this for peformance
{
mylog(log_fatal, "p_conn_info->state.server_current_state!=server_ready!!!this shouldnt happen\n");
myexit(-1);
}
// conn_info_t &conn_info=*p_conn_info;
assert(conn_info.blob->conv_manager.s.is_data_used(fd64));
u32_t conv_id = conn_info.blob->conv_manager.s.find_conv_by_data(fd64);
int fd = fd_manager.to_fd(fd64);
int recv_len = recv(fd, buf, max_data_len + 1, 0);
mylog(log_trace, "received a packet from udp_fd,len:%d\n", recv_len);
if (recv_len == max_data_len + 1) {
mylog(log_warn, "huge packet, data_len > %d,dropped\n", max_data_len);
return -1;
}
if (recv_len < 0) {
mylog(log_debug, "udp fd,recv_len<0 continue,%s\n", strerror(errno));
return -1;
}
if (recv_len >= mtu_warn) {
mylog(log_warn, "huge packet,data len=%d (>=%d).strongly suggested to set a smaller mtu at upper level,to get rid of this warn\n ", recv_len, mtu_warn);
}
// conn_info.conv_manager->update_active_time(conv_id); server dosnt update from upd side,only update from raw side. (client updates at both side)
if (conn_info.state.server_current_state == server_ready) {
send_data_safer(conn_info, buf, recv_len, conv_id);
// send_data(g_packet_info_send,buf,recv_len,my_id,oppsite_id,conv_id);
mylog(log_trace, "send_data_safer ,sent !!\n");
}
return 0;
}
int server_event_loop() {
char buf[buf_len];
int i, j, k;
int ret;
if (raw_ip_version == AF_INET) {
if (local_addr.inner.ipv4.sin_addr.s_addr != 0) {
bind_addr_used = 1;
bind_addr.v4 = local_addr.inner.ipv4.sin_addr.s_addr;
}
} else {
assert(raw_ip_version == AF_INET6);
char zero_arr[16] = {0};
if (memcmp(&local_addr.inner.ipv6.sin6_addr, zero_arr, 16) != 0) {
bind_addr_used = 1;
bind_addr.v6 = local_addr.inner.ipv6.sin6_addr;
}
}
// bind_address_uint32=local_ip_uint32;//only server has bind adress,client sets it to zero
if (lower_level) {
if (lower_level_manual) {
init_ifindex(if_name, raw_send_fd, ifindex);
mylog(log_info, "we are running at lower-level (manual) mode\n");
} else {
mylog(log_info, "we are running at lower-level (auto) mode\n");
}
}
if (raw_mode == mode_faketcp) {
bind_fd = socket(local_addr.get_type(), SOCK_STREAM, 0);
} else if (raw_mode == mode_udp || raw_mode == mode_icmp) // bind an adress to avoid collision,for icmp,there is no port,just bind a udp port
{
bind_fd = socket(local_addr.get_type(), SOCK_DGRAM, 0);
}
// struct sockaddr_in temp_bind_addr={0};
// bzero(&temp_bind_addr, sizeof(temp_bind_addr));
// temp_bind_addr.sin_family = AF_INET;
// temp_bind_addr.sin_port = local_addr.get_port();
// temp_bind_addr.sin_addr.s_addr = local_addr.inner.ipv4.sin_addr.s_addr;
if (bind(bind_fd, (struct sockaddr *)&local_addr.inner, local_addr.get_len()) != 0) {
mylog(log_fatal, "bind fail\n");
myexit(-1);
}
if (raw_mode == mode_faketcp) {
if (listen(bind_fd, SOMAXCONN) != 0) {
mylog(log_fatal, "listen fail\n");
myexit(-1);
}
}
// init_raw_socket();
init_filter(local_addr.get_port()); // bpf filter
epollfd = epoll_create1(0);
const int max_events = 4096;
struct epoll_event ev, events[max_events];
if (epollfd < 0) {
mylog(log_fatal, "epoll return %d\n", epollfd);
myexit(-1);
}
ev.events = EPOLLIN;
ev.data.u64 = raw_recv_fd;
ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, raw_recv_fd, &ev);
if (ret != 0) {
mylog(log_fatal, "add raw_fd error\n");
myexit(-1);
}
int timer_fd;
set_timer(epollfd, timer_fd);
u64_t begin_time = 0;
u64_t end_time = 0;
mylog(log_info, "now listening at %s\n", local_addr.get_str());
int fifo_fd = -1;
if (fifo_file[0] != 0) {
fifo_fd = create_fifo(fifo_file);
ev.events = EPOLLIN;
ev.data.u64 = fifo_fd;
ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, fifo_fd, &ev);
if (ret != 0) {
mylog(log_fatal, "add fifo_fd to epoll error %s\n", strerror(errno));
myexit(-1);
}
mylog(log_info, "fifo_file=%s\n", fifo_file);
}
while (1) ////////////////////////
{
if (about_to_exit) myexit(0);
int nfds = epoll_wait(epollfd, events, max_events, 180 * 1000);
if (nfds < 0) { // allow zero
if (errno == EINTR) {
mylog(log_info, "epoll interrupted by signal,continue\n");
// myexit(0);
} else {
mylog(log_fatal, "epoll_wait return %d,%s\n", nfds, strerror(errno));
myexit(-1);
}
}
int idx;
for (idx = 0; idx < nfds; ++idx) {
// mylog(log_debug,"ndfs: %d \n",nfds);
epoll_trigger_counter++;
// printf("%d %d %d %d\n",timer_fd,raw_recv_fd,raw_send_fd,n);
if ((events[idx].data.u64) == (u64_t)timer_fd) {
if (debug_flag) begin_time = get_current_time();
conn_manager.clear_inactive();
u64_t dummy;
int unused = read(timer_fd, &dummy, 8);
// current_time_rough=get_current_time();
if (debug_flag) {
end_time = get_current_time();
mylog(log_debug, "timer_fd,%llu,%llu,%llu\n", begin_time, end_time, end_time - begin_time);
}
mylog(log_trace, "epoll_trigger_counter: %d \n", epoll_trigger_counter);
epoll_trigger_counter = 0;
} else if (events[idx].data.u64 == (u64_t)raw_recv_fd) {
if (debug_flag) begin_time = get_current_time();
server_on_raw_recv_multi();
if (debug_flag) {
end_time = get_current_time();
mylog(log_debug, "raw_recv_fd,%llu,%llu,%llu \n", begin_time, end_time, end_time - begin_time);
}
} else if (events[idx].data.u64 == (u64_t)fifo_fd) {
int len = read(fifo_fd, buf, sizeof(buf));
if (len < 0) {
mylog(log_warn, "fifo read failed len=%d,errno=%s\n", len, strerror(errno));
continue;
}
// assert(len>=0);
buf[len] = 0;
while (len >= 1 && buf[len - 1] == '\n')
buf[len - 1] = 0;
mylog(log_info, "got data from fifo,len=%d,s=[%s]\n", len, buf);
mylog(log_info, "unknown command\n");
} else if (events[idx].data.u64 > u32_t(-1)) {
fd64_t fd64 = events[idx].data.u64;
if (!fd_manager.exist(fd64)) {
mylog(log_trace, "fd64 no longer exist\n");
return -1;
}
assert(fd_manager.exist_info(fd64));
conn_info_t *p_conn_info = fd_manager.get_info(fd64).p_conn_info;
conn_info_t &conn_info = *p_conn_info;
if (fd64 == conn_info.timer_fd64) //////////timer_fd64
{
if (debug_flag) begin_time = get_current_time();
int fd = fd_manager.to_fd(fd64);
u64_t dummy;
int unused = read(fd, &dummy, 8);
assert(conn_info.state.server_current_state == server_ready); // TODO remove this for peformance
server_on_timer_multi(conn_info);
if (debug_flag) {
end_time = get_current_time();
mylog(log_debug, "(events[idx].data.u64 >>32u) == 2u ,%llu,%llu,%llu \n", begin_time, end_time, end_time - begin_time);
}
} else // udp_fd64
{
if (debug_flag) begin_time = get_current_time();
server_on_udp_recv(conn_info, fd64);
if (debug_flag) {
end_time = get_current_time();
mylog(log_debug, "(events[idx].data.u64 >>32u) == 1u,%lld,%lld,%lld \n", begin_time, end_time, end_time - begin_time);
}
}
} else {
mylog(log_fatal, "unknown fd,this should never happen\n");
myexit(-1);
}
}
}
return 0;
}
#endif