mirror of
https://github.com/wangyu-/udp2raw.git
synced 2025-10-15 02:15:33 +08:00
Compare commits
3 Commits
fa995e9f09
...
unified
| Author | SHA1 | Date | |
|---|---|---|---|
|
4208db6e27 | ||
|
|
513343e262 | ||
|
4623f878e0 |
16
README.md
16
README.md
@@ -90,7 +90,7 @@ To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki
|
||||
### Usage
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -98,14 +98,16 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
|
||||
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -121,6 +123,7 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -133,11 +136,14 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### Iptables rules,`-a` and `-g`
|
||||
|
||||
2
common.h
2
common.h
@@ -163,8 +163,6 @@ extern int force_socket_buf;
|
||||
|
||||
extern int g_fix_gro;
|
||||
|
||||
extern int g_tcp_spa;
|
||||
|
||||
/*
|
||||
struct ip_port_t
|
||||
{
|
||||
|
||||
@@ -435,7 +435,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len) //
|
||||
if (cipher_mode == cipher_xor) {
|
||||
send_data_buf2[0] ^= gro_xor[0];
|
||||
send_data_buf2[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
aes_ecb_encrypt1(send_data_buf2);
|
||||
}
|
||||
}
|
||||
@@ -586,7 +586,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
|
||||
if (cipher_mode == cipher_xor) {
|
||||
recv_data[0] ^= gro_xor[0];
|
||||
recv_data[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
aes_ecb_decrypt1(recv_data);
|
||||
}
|
||||
single_len = read_u16(recv_data);
|
||||
|
||||
@@ -103,7 +103,7 @@ https://github.com/wangyu-/udp2raw-tunnel/releases
|
||||
### 命令选项
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -111,14 +111,16 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> available values:aes128cbc(default),xor,none
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -134,6 +136,7 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -146,11 +149,14 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### iptables 规则,`-a`和`-g`
|
||||
@@ -269,3 +275,4 @@ raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
||||
|
||||
https://github.com/wangyu-/udp2raw-tunnel/wiki
|
||||
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
const char *gitversion = "e42f0e573221c5e0146c02fd5d71f32aa93c7221";
|
||||
8
misc.cpp
8
misc.cpp
@@ -148,9 +148,7 @@ void print_help() {
|
||||
printf(" --disable-anti-replay disable anti-replay,not suggested\n");
|
||||
printf(" --fix-gro try to fix huge packet caused by GRO. this option is at an early stage.\n");
|
||||
printf(" make sure client and server are at same version.\n");
|
||||
printf(" --tcp-spa TCP SPA mode to avoid port scanning.\n");
|
||||
printf(" when enable on server mode, will check SYN's option.\n");
|
||||
|
||||
|
||||
// printf("\n");
|
||||
printf("client options:\n");
|
||||
printf(" --source-ip <ip> force source-ip for raw socket\n");
|
||||
@@ -298,7 +296,6 @@ void process_arg(int argc, char *argv[]) // process all options
|
||||
{"no-pcap-mutex", no_argument, 0, 1},
|
||||
#endif
|
||||
{"fix-gro", no_argument, 0, 1},
|
||||
{"tcp-spa", no_argument, 0, 1},
|
||||
{NULL, 0, 0, 0}};
|
||||
|
||||
process_log_level(argc, argv);
|
||||
@@ -680,9 +677,6 @@ void process_arg(int argc, char *argv[]) // process all options
|
||||
} else if (strcmp(long_options[option_index].name, "fix-gro") == 0) {
|
||||
mylog(log_info, "--fix-gro enabled\n");
|
||||
g_fix_gro = 1;
|
||||
} else if (strcmp(long_options[option_index].name, "tcp-spa") == 0) {
|
||||
mylog(log_info, "--tcp-spa enabled\n");
|
||||
g_tcp_spa = 1;
|
||||
} else {
|
||||
mylog(log_warn, "ignored unknown long option ,option_index:%d code:<%x>\n", option_index, optopt);
|
||||
}
|
||||
|
||||
71
network.cpp
71
network.cpp
@@ -259,40 +259,6 @@ tcpdump -i eth1 ip and icmp -dd
|
||||
*/
|
||||
#endif
|
||||
|
||||
//tcp option for SPA
|
||||
int g_tcp_spa = 0;
|
||||
typedef struct tcpopt_data {
|
||||
uint8_t opcode;
|
||||
uint8_t opsize;
|
||||
uint16_t reserve;
|
||||
uint32_t csum;
|
||||
}tcpopt_data_t;
|
||||
|
||||
#define TCPOPT_SPA 233
|
||||
|
||||
#define HASH_PRIME 16777619
|
||||
#define HASH_OFFSET 2166136261U
|
||||
|
||||
//FNV-1a from GPT
|
||||
uint32_t checksum(uint32_t timestamp, const char* key) {
|
||||
uint32_t hash = HASH_OFFSET;
|
||||
const char* ptr = key;
|
||||
size_t key_len = strlen(key);
|
||||
|
||||
for (size_t i = 0; i < key_len; i++) {
|
||||
hash ^= (uint32_t)ptr[i];
|
||||
hash *= HASH_PRIME;
|
||||
}
|
||||
|
||||
for (uint32_t i = 0; i < sizeof(uint32_t); i++) {
|
||||
hash ^= (uint32_t)(timestamp & 0xFF);
|
||||
hash *= HASH_PRIME;
|
||||
timestamp >>= 8;
|
||||
}
|
||||
return hash;
|
||||
}
|
||||
//--------------
|
||||
|
||||
packet_info_t::packet_info_t() {
|
||||
src_port = 0;
|
||||
dst_port = 0;
|
||||
@@ -1713,16 +1679,6 @@ int send_raw_tcp(raw_info_t &raw_info, const char *payload, int payloadlen) { /
|
||||
send_raw_tcp_buf[i++] = 0x03;
|
||||
send_raw_tcp_buf[i++] = 0x03;
|
||||
send_raw_tcp_buf[i++] = wscale;
|
||||
|
||||
if(g_tcp_spa && tcph->ack == 0) {
|
||||
tcph->doff = 12;
|
||||
tcpopt_data_t opt = {TCPOPT_SPA, sizeof(tcpopt_data_t), 0, 0};
|
||||
uint32_t csum = checksum(ts, key_string);
|
||||
opt.csum = htonl(csum);
|
||||
memcpy(&send_raw_tcp_buf[i], &opt, opt.opsize);
|
||||
i += opt.opsize;
|
||||
}
|
||||
|
||||
} else {
|
||||
tcph->doff = 8;
|
||||
int i = sizeof(my_tcphdr);
|
||||
@@ -2157,8 +2113,6 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
|
||||
recv_info.has_ts = 0;
|
||||
recv_info.ts = 0;
|
||||
|
||||
tcpopt_data_t *opt = NULL;
|
||||
|
||||
char *ptr = option_begin;
|
||||
// char *option_end=tcp_begin+tcp_hdr_len;
|
||||
while (ptr < option_end) {
|
||||
@@ -2189,14 +2143,6 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
|
||||
|
||||
// return 0;//we currently only parse ts, so just return after its found
|
||||
ptr += 10;
|
||||
} else if (recv_info.syn == 1 && recv_info.ack == 0
|
||||
&& g_tcp_spa && (unsigned char)*ptr == TCPOPT_SPA) {
|
||||
if (ptr + sizeof(tcpopt_data_t) > option_end) {
|
||||
mylog(log_trace, "ptr+8>option_end for TCPOPT_SPA\n");
|
||||
return -2;
|
||||
}
|
||||
opt = (tcpopt_data_t*)ptr;
|
||||
ptr += sizeof(tcpopt_data_t);
|
||||
} else {
|
||||
if (ptr + 1 >= option_end) {
|
||||
mylog(log_trace, "invaild option ptr+1==option_end\n");
|
||||
@@ -2214,18 +2160,7 @@ int parse_tcp_option(char *option_begin, char *option_end, packet_info_t &recv_i
|
||||
// printf("!");
|
||||
}
|
||||
// printf("\n");
|
||||
if(recv_info.syn == 1 && recv_info.ack == 0 && g_tcp_spa) {
|
||||
if(opt == NULL) {
|
||||
mylog(log_trace, "No found spa opt, pkt drop\n");
|
||||
return -2;
|
||||
}
|
||||
|
||||
uint32_t csum = checksum(htonl(recv_info.ts), key_string);
|
||||
if(opt->csum != htonl(csum)){
|
||||
mylog(log_trace, "SPA csum match failed\n");
|
||||
return -2;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
|
||||
@@ -2359,8 +2294,7 @@ int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
|
||||
}
|
||||
printf("<%d %d>\n",recv_info.ts,recv_info.ts_ack);
|
||||
*/
|
||||
|
||||
//parse_tcp_option(tcp_option, option_end, recv_info);
|
||||
parse_tcp_option(tcp_option, option_end, recv_info);
|
||||
|
||||
recv_info.ack = tcph->ack;
|
||||
recv_info.syn = tcph->syn;
|
||||
@@ -2370,9 +2304,6 @@ int recv_raw_tcp(raw_info_t &raw_info, char *&payload, int &payloadlen) {
|
||||
|
||||
recv_info.seq = ntohl(tcph->seq);
|
||||
|
||||
if(-2 == parse_tcp_option(tcp_option, option_end, recv_info))
|
||||
return -1;
|
||||
|
||||
// recv_info.last_last_ack_seq=recv_info.last_ack_seq;
|
||||
// recv_info.last_ack_seq=recv_info.ack_seq;
|
||||
u32_t last_ack_seq = recv_info.ack_seq;
|
||||
|
||||
Reference in New Issue
Block a user