more fix of memory access

fix bad memorry access
fix macro in 5a51248cb0
2025-09-17 04:34:27 +08:00 · 2020-07-26 19:07:17 +00:00 · 2020-07-26 18:15:27 +00:00 · 2020-07-15 19:32:14 -04:00 · 2020-07-15 17:23:17 -04:00 · 2020-07-15 17:06:36 -04:00
26 changed files with 1595 additions and 210 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1 @@
-libev/* linguist-vendored
+lib/aes_acc/asm/* linguist-vendored
--- a/README.md
+++ b/README.md
@@ -1,11 +1,282 @@
-# udp2raw-multiplatform
+# Udp2raw-tunnel
+
+
+A Tunnel which turns UDP Traffic into Encrypted FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls(or Unstable UDP Environment). It can defend Replay-Attack and supports Multiplexing. It also acts as a Connection Stabilizer.

 ![image0](images/image0.PNG)

-multi-platform(cross-platform) version of [udp2raw](https://github.com/wangyu-/udp2raw-tunnel), which supports Windows/Mac/BSD natively.
+When used alone,udp2raw tunnels only UDP traffic. Nevertheless,if you used udp2raw + any UDP-based VPN together,you can tunnel any traffic(include TCP/UDP/ICMP),currently OpenVPN/L2TP/ShadowVPN and [tinyfecVPN](https://github.com/wangyu-/tinyfecVPN) are confirmed to be supported.

-udp2raw的跨平台版，协议兼容[linux版的udpraw](https://github.com/wangyu-/udp2raw-tunnel)，可以直接运行在Windows、Mac、BSD上。
+![image_vpn](images/udp2rawopenvpn.PNG)

-Check [Wiki](https://github.com/wangyu-/udp2raw-multiplatform/wiki) for details.
+[简体中文](/doc/README.zh-cn.md)(内容更丰富)

-更多信息，见 [Wiki](https://github.com/wangyu-/udp2raw-multiplatform/wiki)。
+[udp2raw wiki](https://github.com/wangyu-/udp2raw-tunnel/wiki)
+
+# Support Platforms
+Linux host (including desktop Linux,Android phone/tablet,OpenWRT router,or Raspberry PI) with root access.
+
+For Windows and MacOS users, use the udp2raw in [this repo](https://github.com/wangyu-/udp2raw-multiplatform).
+
+<del>For Windows and MacOS You can run udp2raw inside [this](https://github.com/wangyu-/udp2raw-tunnel/releases/download/20171108.0/lede-17.01.2-x86_virtual_machine_image.zip) 7.5mb virtual machine image(make sure network adapter runs at bridged mode).</del>
+
+
+
+# Features
+### Send/Receive UDP Packets with ICMP/FakeTCP/UDP headers
+ICMP/FakeTCP headers help you bypass UDP blocking, UDP QOS or improper UDP NAT behavior on some ISPs. In ICMP header mode,udp2raw works like an ICMP tunnel.
+
+UDP headers are also supported. In UDP header mode, it behaves just like a normal UDP tunnel, and you can just make use of the other features (such as encryption, anti-replay, or connection stalization).
+
+### Simulated TCP with Real-time/Out-of-Order Delivery
+In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring. It also simulates following TCP options: `MSS`, `sackOk`, `TS`, `TS_ack`, `wscale`.Firewalls will regard FakeTCP as a TCP connection, but its essentially UDP: it supports real-time/out-of-order delivery(just as normal UDP does), no congestion control or re-transmission. So there wont be any TCP over TCP problem when using OpenVPN.
+
+### Encryption, Anti-Replay
+* Encrypt your traffic with AES-128-CBC.
+* Protect data integrity by HMAC-SHA1 (or weaker MD5/CRC32).
+* Defense replay attack with an anti-replay window, smiliar to IPSec and OpenVPN.
+
+### Failure Dectection & Stablization (Connection Recovery)
+Conection failures are detected by heartbeats. If timed-out, client will automatically change port number and reconnect. If reconnection is successful, the previous connection will be recovered, and all existing UDP conversations will stay vaild.
+
+For example, if you use udp2raw + OpenVPN, OpenVPN won't lose connection after any reconnect, **even if network cable is re-plugged or WiFi access point is changed**.
+
+### Other Features
+* **Multiplexing** One client can handle multiple UDP connections, all of which share the same raw connection.
+
+* **Multiple Clients** One server can have multiple clients.
+
+* **NAT Support** All of the 3 modes work in NAT environments.
+
+* **OpenVZ Support** Tested on BandwagonHost VPS.
+
+* **Easy to Build** No dependencies.To cross-compile udp2raw,all you need to do is just to download a toolchain,modify makefile to point at the toolchain,run `make cross` then everything is done.(Note:Pre-compiled binaries for Desktop,RaspberryPi,Android,some Openwrt Routers are already included in [Releases](https://github.com/wangyu-/udp2raw-tunnel/releases))
+
+### Keywords
+`Bypass UDP QoS` `Bypass UDP Blocking` `Bypass OpenVPN TCP over TCP problem` `OpenVPN over ICMP` `UDP to ICMP tunnel` `UDP to TCP tunnel` `UDP over ICMP` `UDP over TCP`
+
+# Getting Started
+### Installing
+Download binary release from https://github.com/wangyu-/udp2raw-tunnel/releases
+
+### Running
+Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your server ip is 44.55.66.77, you have a service listening on udp port 7777.
+
+```bash
+# Run at server side:
+./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777    -k "passwd" --raw-mode faketcp -a
+
+# Run at client side
+./udp2raw_amd64 -c -l0.0.0.0:3333  -r44.55.66.77:4096  -k "passwd" --raw-mode faketcp -a
+```
+(The above commands need to be run as root. For better security, with some extra steps, you can run udp2raw as non-root. Check [this link](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) for more info  )
+
+###### Server Output:
+![](images/output_server.PNG)
+###### Client Output:
+![](images/output_client.PNG)
+
+Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.
+
+### Note
+To run on Android, check [Android_Guide](/doc/android_guide.md)
+
+`-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relys on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.
+
+
+# Advanced Topic
+### Usage
+```
+udp2raw-tunnel
+git version:6e1df4b39f    build date:Oct 24 2017 09:21:15
+repository: https://github.com/wangyu-/udp2raw-tunnel
+
+usage:
+    run as client : ./this_program -c -l local_listen_ip:local_port -r server_address:server_port  [options]
+    run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port  [options]
+
+common options,these options must be same on both side:
+    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp
+    -k,--key              <string>        password to gen symetric key,default:"secret key"
+    --cipher-mode         <string>        avaliable values:aes128cbc(default),xor,none
+    --auth-mode           <string>        avaliable values:hmac_sha1,md5(default),crc32,simple,none
+    -a,--auto-rule                        auto add (and delete) iptables rule
+    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and
+                                          add it manually.overrides -a
+    --disable-anti-replay                 disable anti-replay,not suggested
+client options:
+    --source-ip           <ip>            force source-ip for raw socket
+    --source-port         <port>          force source-port for raw socket,tcp/udp only
+                                          this option disables port changing while re-connecting
+other options:
+    --conf-file           <string>        read options from a configuration file instead of command line.
+                                          check example.conf in repo for format
+    --fifo                <string>        use a fifo(named pipe) for sending commands to the running program,
+                                          check readme.md in repository for supported commands.
+    --log-level           <number>        0:never    1:fatal   2:error   3:warn
+                                          4:info (default)     5:debug   6:trace
+    --log-position                        enable file name,function name,line number in log
+    --disable-color                       disable log color
+    --disable-bpf                         disable the kernel space filter,most time its not necessary
+                                          unless you suspect there is a bug
+    --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
+    --force-sock-buf                      bypass system limitation while setting sock-buf
+    --seq-mode            <number>        seq increase mode for faketcp:
+                                          0:static header,do not increase seq and ack_seq
+                                          1:increase seq for every packet,simply ack last seq
+                                          2:increase seq randomly, about every 3 packets,simply ack last seq
+                                          3:simulate an almost real seq/ack procedure(default)
+                                          4:similiar to 3,but do not consider TCP Option Window_Scale,
+                                          maybe useful when firewall doesnt support TCP Option
+    --lower-level         <string>        send packets at OSI level 2, format:'if_name#dest_mac_adress'
+                                          ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
+                                          the parameter automatically,specify it manually if 'auto' failed
+    --gen-add                             generate iptables rule and add it permanently,then exit.overrides -g
+    --keep-rule                           monitor iptables and auto re-add if necessary.implys -a
+    --clear                               clear any iptables rules added by this program.overrides everything
+    -h,--help                             print this help message
+
+```
+
+### Iptables rules,`-a` and `-g`
+This program sends packets via raw socket. In FakeTCP mode, Linux kernel TCP packet processing has to be blocked by a iptables rule on both sides, otherwise the kernel will automatically send RST for an unrecongized TCP packet and you will sustain from stability / peformance problems. You can use `-a` option to let the program automatically add / delete iptables rule on start / exit. You can also use the `-g` option to generate iptables rule and add it manually.
+
+### `--cipher-mode` and `--auth-mode`
+It is suggested to use `aes128cbc` + `hmac_sha1` to obtain maximum security. If you want to run the program on a router, you can try `xor` + `simple`, which can fool packet inspection by firewalls the most of time, but it cannot protect you from serious attacks. Mode none is only for debugging purpose. It is not recommended to set the cipher-mode or auth-mode to none.
+
+### `--seq-mode`
+The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value.
+
+### `--lower-level`
+`--lower-level` allows you to send packet at OSI level 2(link level),so that you can bypass any local iptables rules. If you have a complicated iptables rules which conflicts with udp2raw and you cant(or too lazy to) edit the iptables rules,`--lower-level` can be very useful. Try `--lower-level auto` to auto detect the parameters,you can specify it manually if `auto` fails.
+
+Manual format `if_name#dest_mac_adress`,ie:`eth0#00:23:45:67:89:b9`.
+
+### `--keep-rule`
+Monitor iptables and auto re-add iptables rules(for blocking kernel tcp processing) if necessary.Especially useful when iptables rules may be cleared by other programs(for example,if you are using openwrt,everytime you changed and commited a setting,iptables rule may be cleared and re-constructed).
+
+### `--conf-file`
+
+You can also load options from a configuration file in order to keep secrets away from `ps` command.
+
+For example, rewrite the options for the above `server` example (in Getting Started section) into configuration file:
+
+`server.conf`
+
+```
+-s
+# You can add comments like this
+# Comments MUST occupy an entire line
+# Or they will not work as expected
+# Listen address
+-l 0.0.0.0:4096
+# Remote address
+-r 127.0.0.1:7777
+-a
+-k passwd
+--raw-mode faketcp
+```
+
+Pay attention to the `-k` parameter: In command line mode the quotes around the password will be removed by shell. In configuration files we do not remove quotes.
+
+Then start the server with
+
+```bash
+./udp2raw_amd64 --conf-file server.conf
+```
+
+### `--fifo`
+Use a fifo(named pipe) for sending commands to the running program. For example `--fifo fifo.file`.
+
+At client side,you can use `echo reconnect >fifo.file` to force client to reconnect.Currently no command has been implemented for server.
+
+# Peformance Test
+#### Test method:
+iperf3 TCP via OpenVPN + udp2raw
+(iperf3 UDP mode is not used because of a bug mentioned in this issue: https://github.com/esnet/iperf/issues/296 . Instead, we package the TCP traffic into UDP by OpenVPN to test the performance. Read [Application](https://github.com/wangyu-/udp2raw-tunnel#application) for details.
+
+#### iperf3 command:
+```
+iperf3 -c 10.222.2.1 -P40
+iperf3 -c 10.222.2.1 -P40 -R
+```
+#### Environments
+* **Client** Vultr $2.5/monthly plan (single core 2.4GHz cpu, 512MB RAM, Tokyo, Japan)
+* **Server** BandwagonHost $3.99/annually plan (single core 2.0GHz cpu, 128MB RAM, Los Angeles, USA)
+
+### Test1
+raw_mode: faketcp  cipher_mode: xor  auth_mode: simple
+
+![image4](images/image4.PNG)
+
+(reverse speed was simliar and not uploaded)
+
+### Test2
+raw_mode: faketcp  cipher_mode: aes128cbc  auth_mode: md5
+
+![image5](images/image5.PNG)
+
+(reverse speed was simliar and not uploaded)
+
+# Application
+## Tunneling any traffic via raw traffic by using udp2raw +openvpn
+![image_vpn](images/udp2rawopenvpn.PNG)
+1. Bypasses UDP block/UDP QOS
+
+2. No TCP over TCP problem (TCP over TCP problem http://sites.inka.de/bigred/devel/tcp-tcp.html ,https://community.openvpn.net/openvpn/ticket/2 )
+
+3. OpenVpn over ICMP also becomes a choice
+
+4. Supports almost any UDP-based VPN
+
+More details at [openvpn+udp2raw_guide](https://github.com/wangyu-/udp2raw-tunnel/wiki/udp2raw-openvpn-config-guide)
+## Speed-up tcp connection via raw traffic by using udp2raw+kcptun
+kcptun is a tcp connection speed-up program,it speeds-up tcp connection by using kcp protocol on-top of udp.by using udp2raw,you can use kcptun while udp is QoSed or blocked.
+(kcptun, https://github.com/xtaci/kcptun)
+
+## Speed-up tcp connection via raw traffic by using udp2raw+finalspeed
+finalspeed is a tcp connection speed-up program similiar to kcptun,it speeds-up tcp connection by using kcp protocol on-top of udp or tcp.but its tcp mode doesnt support openvz,you can bypass this problem if you use udp2raw+finalspeed together,and icmp mode also becomes avaliable.
+
+# How to build
+read [build_guide](/doc/build_guide.md)
+
+# Other
+### Easier installation on ArchLinux
+```
+yaourt -S udp2raw-tunnel # or
+pacaur -S udp2raw-tunnel
+```
+
+# Related work
+### kcptun-raw
+udp2raw was inspired by kcptun-raw,which modified kcptun to support tcp mode.
+
+https://github.com/Chion82/kcptun-raw
+### relayRawSocket
+kcptun-raw was inspired by relayRawSocket. A simple  udp to raw tunnel,wrote in python
+
+https://github.com/linhua55/some_kcptun_tools/tree/master/relayRawSocket
+### kcpraw
+another project of kcptun with tcp mode
+
+https://github.com/ccsexyz/kcpraw
+
+### icmptunnel
+Transparently tunnel your IP traffic through ICMP echo and reply packets.
+
+https://github.com/DhavalKapil/icmptunnel
+
+### Tcp Minion
+Tcp Minion is a project which modifid the code of tcp stack in kernel,and implemented real-time out-order udp packet delivery through this modified tcp stack.I failed to find the implementation,but there are some papers avaliable:
+
+https://arxiv.org/abs/1103.0463
+
+http://korz.cs.yale.edu/2009/tng/papers/pfldnet10.pdf
+
+https://pdfs.semanticscholar.org/9e6f/e2306f4385b4eb5416d1fcab16e9361d6ba3.pdf
+
+# wiki
+
+Check wiki for more info:
+
+https://github.com/wangyu-/udp2raw-tunnel/wiki
--- a/client.cpp
+++ b/client.cpp
@@ -7,7 +7,7 @@
 #include "encrypt.h"
 #include "fd_manager.h"

-
+#ifdef UDP2RAW_MP
 u32_t detect_interval=1500;
 u64_t laste_detect_time=0;

@@ -18,6 +18,7 @@ int use_tcp_for_detection=1;
 extern pcap_t *pcap_handle;

 extern int pcap_captured_full_len;
+#endif

 int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is ready in epoll
 {
@@ -31,7 +32,7 @@ int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is

 	mylog(log_trace,"<client_on_timer,send_info.ts_ack= %u>\n",send_info.ts_ack);

-
+#ifdef UDP2RAW_MP
 	//mylog(log_debug,"pcap cnt :%d\n",pcap_cnt);
 	if(send_with_pcap&&!pcap_header_captured)
 	{
@@ -99,7 +100,7 @@ int client_on_timer(conn_info_t &conn_info) //for client. called when a timer is

 		return 0;
 	}
-
+#endif
 	if(raw_info.disabled)
 	{
 		conn_info.state.client_current_state=client_idle;
@@ -467,8 +468,10 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 	raw_info_t &raw_info=conn_info.raw_info;

 	mylog(log_trace,"<client_on_raw_recv,send_info.ts_ack= %u>\n",send_info.ts_ack);
-	//if(pre_recv_raw_packet()<0) return -1;
-	//no pre_recv_raw_packet() in mp version
+
+#ifdef UDP2RAW_LINUX
+	if(pre_recv_raw_packet()<0) return -1;
+#endif

 	if(conn_info.state.client_current_state==client_idle )
 	{
@@ -482,6 +485,11 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 		{
 			return -1;
 		}
+		if(data_len>=max_data_len+1)
+		{
+			mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+			return -1;
+		}
 		if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)||recv_info.src_port!=send_info.dst_port)
 		{
 			mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port);
@@ -609,7 +617,7 @@ int client_on_udp_recv(conn_info_t &conn_info)
 {
 	int recv_len;
 	char buf[buf_len];
-	address_t::storage_t udp_new_addr_in={0};
+	address_t::storage_t udp_new_addr_in={{0}};
 	socklen_t udp_new_addr_len = sizeof(address_t::storage_t);
 	if ((recv_len = recvfrom(udp_fd, buf, max_data_len+1, 0,
 			(struct sockaddr *) &udp_new_addr_in, &udp_new_addr_len)) == -1) {
@@ -664,10 +672,11 @@ void udp_accept_cb(struct ev_loop *loop, struct ev_io *watcher, int revents)
 }
 void raw_recv_cb(struct ev_loop *loop, struct ev_io *watcher, int revents)
 {
-	assert(0==1);
+	if(is_udp2raw_mp)assert(0==1);
 	conn_info_t & conn_info= *((conn_info_t*)watcher->data);
 	client_on_raw_recv(conn_info);
 }
+#ifdef UDP2RAW_MP
 void async_cb(struct ev_loop *loop, struct ev_async *watcher, int revents)
 {
 	conn_info_t & conn_info= *((conn_info_t*)watcher->data);
@@ -727,6 +736,7 @@ void async_cb(struct ev_loop *loop, struct ev_async *watcher, int revents)
 		client_on_raw_recv(conn_info);
 	}
 }
+#endif
 void clear_timer_cb(struct ev_loop *loop, struct ev_timer *watcher, int revents)
 {
 	conn_info_t & conn_info= *((conn_info_t*)watcher->data);
@@ -772,7 +782,7 @@ int client_event_loop()
 	packet_info_t &send_info=conn_info.raw_info.send_info;
 	packet_info_t &recv_info=conn_info.raw_info.recv_info;

-	/*
+#ifdef UDP2RAW_LINUX
 	if(lower_level)
 	{
 		if(lower_level_manual)
@@ -848,7 +858,10 @@ int client_event_loop()
 		}

 	}
-	*/
+#endif
+	
+#ifdef UDP2RAW_MP
+
 	address_t tmp_addr;
 	if(get_src_adress2(tmp_addr,remote_addr)!=0)
 	{
@@ -857,9 +870,9 @@ int client_event_loop()
 	}
 	if(strcmp(dev,"")==0)
 	{
-		mylog(log_info,"--dev have not been set, trying to detect automatically, avaliable deives:\n");
+		mylog(log_info,"--dev have not been set, trying to detect automatically, available devices:\n");

-		mylog(log_info,"avaliable deives(device name: ip address ; description):\n");
+		mylog(log_info,"available device(device name: ip address ; description):\n");

 		char errbuf[PCAP_ERRBUF_SIZE];

@@ -926,7 +939,7 @@ int client_event_loop()
 			if(cnt==0) log_bare(log_warn," [no ip found]");
 			if(d->description==0)
 			{
-				log_bare(log_warn,"; (no description avaliable)");
+				log_bare(log_warn,"; (no description available)");
 			}
 			else
 			{
@@ -954,7 +967,7 @@ int client_event_loop()
 	{
 		mylog(log_info,"--dev has been manually set, using device:[%s]\n",dev);
 	}
-
+#endif

 	send_info.src_port=0;
 	memset(&send_info.new_src_ip,0,sizeof(send_info.new_src_ip));
@@ -1014,20 +1027,22 @@ int client_event_loop()
 	//	myexit(-1);
 	//}

-    /*
+#ifdef UDP2RAW_LINUX
 	struct ev_io raw_recv_watcher;

 	raw_recv_watcher.data=&conn_info;
    ev_io_init(&raw_recv_watcher, raw_recv_cb, raw_recv_fd, EV_READ);
    ev_io_start(loop, &raw_recv_watcher);
-     */
+#endif

+#ifdef UDP2RAW_MP
 	g_default_loop=loop;
 	async_watcher.data=&conn_info;
 	ev_async_init(&async_watcher,async_cb);
 	ev_async_start(loop,&async_watcher);

 	init_raw_socket();//must be put after dev detection
+#endif

 	//set_timer(epollfd,timer_fd);
 	struct ev_timer clear_timer;
--- a/common.cpp
+++ b/common.cpp
@@ -345,6 +345,7 @@ int my_ip_t::from_str(char * str)
 	}
 	return 0;
 }*/
+#ifdef UDP2RAW_MP

 int init_ws()
 {
@@ -394,6 +395,8 @@ int init_ws()
 return 0;
 }

+#endif
+
 #if defined(__MINGW32__)
 int inet_pton(int af, const char *src, void *dst)
 {
@@ -802,11 +805,14 @@ unsigned short csum_with_header(char* header,int hlen,const unsigned short *ptr,
 int set_buf_size(int fd,int socket_buf_size)
 {
 	if(force_socket_buf)
+	{
+		if(is_udp2raw_mp)
 		{
 		mylog(log_fatal,"force_socket_buf not supported in this verion\n");
 		myexit(-1);
+		}
 		//assert(0==1);
-#if 0
+#ifdef UDP2RAW_LINUX
 		if(setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &socket_buf_size, sizeof(socket_buf_size))<0)
 		{
 			mylog(log_fatal,"SO_SNDBUFFORCE fail  socket_buf_size=%d  errno=%s\n",socket_buf_size,strerror(errno));
@@ -954,15 +960,14 @@ bool larger_than_u16(uint16_t a,uint16_t b)
 		{
 			return 1;
 		}
-	}
-*/
+	}*/
 }

 void myexit(int a)
 {
    if(enable_log_color)
   	printf("%s\n",RESET);
-    /*
+#ifdef UDP2RAW_LINUX
    if(keep_thread_running)
    {
 		if(pthread_cancel(keep_thread))
@@ -975,7 +980,7 @@ void myexit(int a)
 		}
    }
 	clear_iptables_rule();
-	*/
+#endif
 	exit(a);
 }

@@ -1045,9 +1050,12 @@ int read_file(const char * file,string &output)
 	return 0;
 }
 int run_command(string command0,char * &output,int flag) {
+if(is_udp2raw_mp)
+{
    mylog(log_fatal,"run_command not supported in this version\n");
    myexit(-1);
-#if 0
+}
+#ifdef UDP2RAW_LINUX
    FILE *in;


@@ -1263,6 +1271,7 @@ int create_fifo(char * file)
 #endif
 }

+/*
 void ip_port_t::from_u64(u64_t u64)
 {
 	ip=get_u64_h(u64);
@@ -1277,7 +1286,7 @@ char * ip_port_t::to_s()
 	static char res[40];
 	sprintf(res,"%s:%d",my_ntoa(ip),port);
 	return res;
-}
+}*/



--- a/common.h
+++ b/common.h
@@ -27,6 +27,12 @@
 #include <assert.h>
 #include <pthread.h>

+#ifndef USE_LIBNET
+#define NO_LIBNET
+#endif
+
+#if defined(UDP2RAW_MP)
+const int is_udp2raw_mp=1;
 #if !defined(__CYGWIN__) && !defined(__MINGW32__)
 #include <pcap.h>
 #else
@@ -38,6 +44,21 @@
 #include <libnet.h>
 #endif

+
+#else
+#define UDP2RAW_LINUX
+const int is_udp2raw_mp=0;
+//#include <linux/if_ether.h>
+#include <linux/filter.h>
+#include <linux/if_packet.h>
+#include <sys/epoll.h>
+//#include <sys/wait.h> //signal
+#include <netinet/if_ether.h>
+#include <net/if.h>
+#include <sys/timerfd.h>
+
+#endif
+
 #if !defined(NO_LIBEV_EMBED)
 #include <my_ev.h>
 #else
@@ -149,6 +170,8 @@ const int max_addr_len=100;
 extern int force_socket_buf;

 extern int g_fix_gro;
+
+/*
 struct ip_port_t
 {
 	u32_t ip;
@@ -156,8 +179,7 @@ struct ip_port_t
 	void from_u64(u64_t u64);
 	u64_t to_u64();
 	char * to_s();
-};
-
+};*/

 typedef u64_t fd64_t;

@@ -343,6 +365,7 @@ const int buf_len=max_data_len+400;

 //const int max_address_len=512;

+#ifdef UDP2RAW_MP
 const int queue_len=200;

 struct queue_t
@@ -387,7 +410,7 @@ struct queue_t
 };

 int init_ws();
-
+#endif
 u64_t get_current_time();
 u64_t pack_u64(u32_t a,u32_t b);

--- a/connection.cpp
+++ b/connection.cpp
@@ -416,6 +416,13 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		//printf("recv_raw_fail in recv bare\n");
 		return -1;
 	}
+
+	if(len>=max_data_len+1)
+	{
+		mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len);
+		return -1;
+	}
+
 	mylog(log_trace,"data len=%d\n",len);
 	if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
 	{
@@ -615,7 +622,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len
 	}


-	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;
+	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;  //TODO might need to move this function to somewhere else after --fix-gro is introduced

 	return 0;
 }
--- a/connection.h
+++ b/connection.h
@@ -18,7 +18,6 @@ extern int disable_anti_replay;

 const int disable_conv_clear=0;//a udp connection in the multiplexer is called conversation in this program,conv for short.

-
 struct anti_replay_t  //its for anti replay attack,similar to openvpn/ipsec 's anti replay window
 {
 	u64_t max_packet_received;
@@ -282,6 +281,7 @@ struct conn_info_t     //stores info for a raw connection.for client ,there is o
 /*
 	const uint32_t &ip=raw_info.recv_info.src_ip;
 	const uint16_t &port=raw_info.recv_info.src_port;
+
 */
 	 void recover(const conn_info_t &conn_info);
 	void re_init();
--- a/doc/README.zh-cn.md
+++ b/doc/README.zh-cn.md
@@ -26,11 +26,9 @@ Release中提供了`amd64`、`x86`、`arm`、`mips_be`、`mips_le`的预编译bi

 ##### 对于windows和mac用户：

-可以把udp2raw运行在虚拟机上(网络必须是桥接模式)。
+可以用[这个repo](https://github.com/wangyu-/udp2raw-multiplatform)里的udp2raw，原生运行。

-另外可以参考：
-
-https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客户端，带图形界面
+<del>可以把udp2raw运行在虚拟机上(网络必须是桥接模式)。可以参考： https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客户端，带图形界面 </del>

 ##### 对于ios和游戏主机用户：

@@ -43,15 +41,11 @@ https://github.com/wangyu-/udp2raw-tunnel/wiki/在windows-mac上运行udp2raw客
 ### 模拟TCP3次握手
 模拟TCP3次握手，模拟seq ack过程。另外还模拟了一些tcp option：MSS,sackOk,TS,TS_ack,wscale，用来使流量看起来更像是由普通的linux tcp协议栈发送的。

-### 心跳保活、自动重连，连接快速恢复，单向链路失效检测
+### 心跳保活、自动重连，连接恢复
 心跳保活、自动重连，udp2raw重连可以恢复上次的连接，重连后上层连接继续有效，底层掉线上层不掉线。有效解决上层连接断开的问题。 （功能借鉴自[kcptun-raw](https://github.com/Chion82/kcptun-raw)）（**就算你拔掉网线重插，或者重新拨号获得新ip，上层应用也不会断线**）

-Client能用单倍的超时时间检测到单向链路的失效，不管是上行还是下行，只要有一个方向失效就能被client检测到。重连只需要client发起，就可以立即被server处理，不需要等到server端的连接超时后。
-
-对于有大量client的情况，对于不同client,server发送的心跳是错开时间发送的，不会因为短时间发送大量的心跳而造成拥塞和延迟抖动。
-
 ### 加密 防重放攻击
-用aes128cbc加密，md5/crc32做数据完整校验。用类似ipsec/openvpn的 replay window机制来防止重放攻击。
+用aes128cbc加密(或更弱的xor)，hmac-sha1(或更弱的md5/crc32/simple)做数据完整校验。用类似ipsec/openvpn的replay window机制来防止重放攻击。

 设计目标是，即使攻击者可以监听到tunnel的所有包，可以选择性丢弃tunnel的任意包，可以重放任意包；攻击者也没办法获得tunnel承载的任何数据，也没办法向tunnel的数据流中通过包构造/包重放插入任何数据。

@@ -66,8 +60,6 @@ NAT 穿透 ，tcp icmp udp模式都支持nat穿透。

 支持Openwrt，没有编译依赖，容易编译到任何平台上。

-epoll实现，高并发，除了回收过期连接外，所有操作的时间复杂度都跟连接数无关。回收过期连接的操做也是柔和进行的，不会因为消耗太多cpu时间造成延迟抖动。
-
 ### 关键词
 突破udp qos,突破udp屏蔽，openvpn tcp over tcp problem,openvpn over icmp,udp to icmp tunnel,udp to tcp tunnel,udp via icmp,udp via tcp

@@ -83,10 +75,10 @@ https://github.com/wangyu-/udp2raw-tunnel/releases

 ```
 在server端运行:
-./udp2raw_amd64 -s -l0.0.0.0:4096  -r127.0.0.1:7777   -a -k "passwd" --raw-mode faketcp   --cipher-mode xor
+./udp2raw_amd64 -s -l0.0.0.0:4096  -r127.0.0.1:7777   -k "passwd" --raw-mode faketcp   --cipher-mode xor  -a

 在client端运行:
-./udp2raw_amd64 -c -l0.0.0.0:3333  -r44.55.66.77:4096 -a -k "passwd" --raw-mode faketcp   --cipher-mode xor
+./udp2raw_amd64 -c -l0.0.0.0:3333  -r44.55.66.77:4096 -k "passwd" --raw-mode faketcp   --cipher-mode xor  -a
 ```
 (以上例子需要用root账号运行。 用非root运行udp2raw需要一些额外的步骤，具体方法请看 [这个](https://github.com/wangyu-/udp2raw-tunnel/wiki/run-udp2raw-as-non-root) 链接。用非root运行更安全)

@@ -106,9 +98,7 @@ https://github.com/wangyu-/udp2raw-tunnel/releases

 如果要在anroid上运行，请看[Android简明教程](/doc/android_guide.md)

-如果要在梅林固件的路由器上使用，添加`--lower-level auto` `--keep-rule`
-
-如果client和server无法连接，或者连接经常断开，请看一下`--seq-mode`的用法，尝试不同的seq-mode。
+`-a`选项会自动添加一条/几条iptables规则，udp2raw必须和相应的iptables规则配合才能稳定工作，一定要注意不要忘了`-a`(这是个常见错误)。 如果你不想让udp2raw自动添加iptables规则，可以自己手动添加相应的iptables规则(看一下`-g`选项)，然后以不带`-a`的方式运行udp2raw。

 # 进阶操作说明

@@ -123,10 +113,10 @@ usage:
    run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port  [options]

 common options,these options must be same on both side:
-    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp
+    --raw-mode            <string>        available values:faketcp(default),udp,icmp
    -k,--key              <string>        password to gen symetric key,default:"secret key"
-    --cipher-mode         <string>        avaliable values:aes128cbc(default),xor,none
-    --auth-mode           <string>        avaliable values:md5(default),crc32,simple,none
+    --cipher-mode         <string>        available values:aes128cbc(default),xor,none
+    --auth-mode           <string>        available values:hmac_sha1,md5(default),crc32,simple,none
    -a,--auto-rule                        auto add (and delete) iptables rule
    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and
                                          add it manually.overrides -a
@@ -170,7 +160,7 @@ other options:

 用raw收发udp包也类似，只是内核回复的是icmp unreachable。而用raw 收发icmp，内核会自动回复icmp echo。都需要相应的iptables规则。
 ### `--cipher-mode` 和 `--auth-mode` 
-如果要最大的安全性建议用aes128cbc+md5。如果要运行在路由器上，建议用xor+simple，可以节省CPU。但是注意xor+simple只能骗过防火墙的包检测，不能防止真正的攻击者。
+如果要最大的安全性建议用aes128cbc+hmac_sha1。如果要运行在路由器上，建议用xor+simple，可以节省CPU。但是注意xor+simple只能骗过防火墙的包检测，不能防止真正的攻击者。

 ### `--seq-mode`
 facktcp模式并没有模拟tcp的全部。所以理论上有办法把faketcp和真正的tcp流量区分开来（虽然大部分ISP不太可能做这种程度的包检测）。seq-mode可以改变一些seq ack的行为。如果遇到了连接问题，可以尝试更改。在我这边的移动线路用3种模式都没问题。
--- a/encrypt.cpp
+++ b/encrypt.cpp
@@ -291,6 +291,7 @@ int padding(char *data ,int &data_len,int padding_num)

 int de_padding(const char *data ,int &data_len,int padding_num)
 {
+	if(data_len==0) return -1;
 	if((uint8_t)data[data_len-1]  >padding_num) return -1;
 	data_len-=(uint8_t)data[data_len-1];
 	if(data_len<0)
--- a/images/multiplatform/init
+++ b/images/multiplatform/init
@@ -1 +0,0 @@
-
--- a/images/multiplatform/mp1.PNG
+++ b/images/multiplatform/mp1.PNG
--- a/images/multiplatform/mp2.PNG
+++ b/images/multiplatform/mp2.PNG
--- a/images/multiplatform/mp3.PNG
+++ b/images/multiplatform/mp3.PNG
--- a/images/multiplatform/mp4.5.PNG
+++ b/images/multiplatform/mp4.5.PNG
--- a/images/multiplatform/mp4.PNG
+++ b/images/multiplatform/mp4.PNG
--- a/images/multiplatform/mp5.PNG
+++ b/images/multiplatform/mp5.PNG
--- a/images/multiplatform/mp6.PNG
+++ b/images/multiplatform/mp6.PNG
--- a/images/multiplatform/mp7.PNG
+++ b/images/multiplatform/mp7.PNG
--- a/main.cpp
+++ b/main.cpp
@@ -25,6 +25,7 @@ void sigint_cb(struct ev_loop *l, ev_signal *w, int revents)
 }

 int client_event_loop();
+int server_event_loop();

 int main(int argc, char *argv[])
 {
@@ -32,7 +33,9 @@ int main(int argc, char *argv[])
 	assert(sizeof(unsigned int)==4);
 	assert(sizeof(unsigned long long)==8);

+#ifdef UDP2RAW_MP
 	init_ws();
+#endif

 	dup2(1, 2);//redirect stderr to stdout
 #if defined(__MINGW32__)
@@ -49,6 +52,7 @@ int main(int argc, char *argv[])
 		ev_signal_init(&signal_watcher_sigpipe, sigpipe_cb, SIGPIPE);
 		ev_signal_start(loop, &signal_watcher_sigpipe);
 #endif
+
 		ev_signal signal_watcher_sigterm;
 		ev_signal_init(&signal_watcher_sigterm, sigterm_cb, SIGTERM);
 		ev_signal_start(loop, &signal_watcher_sigterm);
@@ -59,15 +63,17 @@ int main(int argc, char *argv[])
 	}
 	else
 	{
-		mylog(log_fatal,"server mode not supported in multi-platform version\n");
-		myexit(-1);
-		/*
+#ifdef UDP2RAW_LINUX
 		signal(SIGINT, signal_handler);
 		signal(SIGHUP, signal_handler);
 		signal(SIGKILL, signal_handler);
 		signal(SIGTERM, signal_handler);
 		signal(SIGQUIT, signal_handler);
-		 */
+#else
+		mylog(log_fatal,"server mode not supported in multi-platform version\n");
+		myexit(-1);	
+#endif
+	      
 	}
 #if !defined(__MINGW32__)
 	if(geteuid() != 0)
@@ -91,8 +97,10 @@ int main(int argc, char *argv[])
 	my_init_keys(key_string,program_mode==client_mode?1:0);

 	iptables_rule();
-	//init_raw_socket();
-	//init_raw_socket() has to be done after dev dectection in mp version
+	
+#ifdef UDP2RAW_LINUX
+	init_raw_socket();
+#endif

 	if(program_mode==client_mode)
 	{
@@ -100,11 +108,12 @@ int main(int argc, char *argv[])
 	}
 	else
 	{
+#ifdef UDP2RAW_LINUX
+		server_event_loop();
+#else
 		mylog(log_fatal,"server mode not supported in multi-platform version\n");
 		myexit(-1);
-		/*
-		server_event_loop();
-		*/
+#endif
 	}

 	return 0;
--- a/158
+++ b/158
@@ -1,97 +1,131 @@
 cc_cross=/home/wangyu/Desktop/arm-2014.05/bin/arm-none-linux-gnueabi-g++
 cc_local=g++
-#cc_local=/opt/cross/x86_64-linux-musl/bin/x86_64-linux-musl-g++
-#cc_mips34kc=/toolchains/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-g++
 cc_mips24kc_be=/toolchains/lede-sdk-17.01.2-ar71xx-generic_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl-1.1.16/bin/mips-openwrt-linux-musl-g++
 cc_mips24kc_le=/toolchains/lede-sdk-17.01.2-ramips-mt7621_gcc-5.4.0_musl-1.1.16.Linux-x86_64/staging_dir/toolchain-mipsel_24kc_gcc-5.4.0_musl-1.1.16/bin/mipsel-openwrt-linux-musl-g++
-#cc_arm= /toolchains/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabi/bin/arm-linux-gnueabi-g++ -march=armv6 -marm 
 cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++
-#cc_arm=/toolchains/lede-sdk-17.01.2-brcm2708-bcm2708_gcc-5.4.0_musl-1.1.16_eabi.Linux-x86_64/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-5.4.0_musl-1.1.16_eabi/bin/arm-openwrt-linux-muslgnueabi-g++
-#cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ 
-cc_tmp= /home/wangyu/OpenWrt-SDK-15.05-x86-64_gcc-4.8-linaro_uClibc-0.9.33.2.Linux-x86_64/staging_dir/toolchain-x86_64_gcc-4.8-linaro_uClibc-0.9.33.2/bin/x86_64-openwrt-linux-uclibc-g++
 cc_mingw_cross=i686-w64-mingw32-g++-posix
+cc_mac_cross=o64-clang++ -stdlib=libc++
+#cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ 
+

 FLAGS= -std=c++11   -Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -Wno-missing-field-initializers ${OPT}

-COMMON=main.cpp lib/md5.cpp encrypt.cpp log.cpp network.cpp common.cpp  connection.cpp misc.cpp fd_manager.cpp client.cpp -lpthread
+COMMON=main.cpp lib/md5.cpp lib/pbkdf2-sha1.cpp lib/pbkdf2-sha256.cpp encrypt.cpp log.cpp network.cpp common.cpp  connection.cpp misc.cpp fd_manager.cpp client.cpp server.cpp -lpthread

-PCAP="-lpcap"
-
-LIBNET=-D_DEFAULT_SOURCE `libnet-config --defines` `libnet-config --libs`
-
-
-SOURCES0= $(COMMON) lib/aes_faster_c/aes.cpp lib/aes_faster_c/wrapper.cpp lib/pbkdf2-sha1.cpp lib/pbkdf2-sha256.cpp
+SOURCES0= $(COMMON) lib/aes_faster_c/aes.cpp lib/aes_faster_c/wrapper.cpp
 SOURCES= ${SOURCES0} my_ev.cpp -isystem libev
-SOURCES_TINY_AES= $(COMMON) lib/aes.cpp
-SOURCES_AES_ACC=$(COMMON) $(wildcard lib/aes_acc/aes*.c)
+SOURCES_AES_ACC= $(COMMON) $(wildcard lib/aes_acc/aes*.c) my_ev.cpp -isystem libev
+PCAP="-lpcap"
+MP="-DUDP2RAW_MP"

-NAME=udp2raw_mp
-OUTPUTS=${NAME} ${NAME}_nolibnet ${NAME}.exe ${NAME}_nolibnet.exe
+
+NAME=udp2raw

 TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
-TAR=${NAME}_binaries.tar.gz `echo ${TARGETS}|sed -r 's/([^ ]+)/udp2raw_\1/g'` version.txt

+TAR=${NAME}_binaries.tar.gz `echo ${TARGETS}|sed -r 's/([^ ]+)/${NAME}_\1/g'` version.txt
+
+TARGETS_MP= mingw_cross mingw_cross_wepoll mac_cross
+
+export STAGING_DIR=/tmp/    #just for supress warning of staging_dir not define
+
+# targets for nativei (non-cross) compile 
 all:git_version
-	echo "\ndo not use 'make all', instead, use 'make linux' 'make mac' 'make freebsd' 'make cygwin' \nyou can also try 'make linux_nolibnet' 'make mac_nolibnet'  'make freebsd_nolibnet'  "
+	rm -f ${NAME}
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -ggdb -static -O2

-cygwin:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}_nolibnet          -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -lrt -ggdb -static -O2 -D_GNU_SOURCE
+#dynamic link
+dynamic: git_version
+	${cc_local}   -o ${NAME}_$@          -I. ${SOURCES} ${FLAGS} -lrt -O3

-mingw:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}_nolibnet          -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32
+#targes for general cross compile

-mingw_cross:git_version
-	${cc_mingw_cross}   -o ${NAME}_nolibnet.exe          -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32
+cross:git_version
+	${cc_cross}   -o ${NAME}_cross    -I. ${SOURCES} ${FLAGS} -lrt -O2

-mingw_cross_wepoll:git_version
-	${cc_mingw_cross}   -o ${NAME}_nolibnet_wepoll.exe          -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32
+cross2:git_version
+	${cc_cross}   -o ${NAME}_cross    -I. ${SOURCES} ${FLAGS} -lrt -static -lgcc_eh -O2

-linux:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2
-
-linux_nolibnet:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}_nolibnet          -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 -DNO_LIBNET
-
-freebsd:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2
-
-freebsd_nolibnet:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}_nolibnet         -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 -DNO_LIBNET
-
-mac:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -ggdb -O2
-
-mac_nolibnet:git_version
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}_nolibnet          -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 -DNO_LIBNET
-
-mac_nolibnet_static:git_version  #it doesnt work
-	rm -f ${OUTPUTS}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} -static-libstdc++  /usr/local/Cellar/libpcap/1.8.1/lib/libpcap.a  ${FLAGS} -ggdb -O2 -DNO_LIBNET
+cross3:git_version
+	${cc_cross}   -o ${NAME}_cross    -I. ${SOURCES} ${FLAGS} -lrt -static -O2

+#targets only for debug purpose
 fast: git_version
 	rm -f ${NAME}
 	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -ggdb
 debug: git_version
 	rm -f ${NAME}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${PCAP} ${LIBNET} ${FLAGS} -lrt -ggdb -static -O2 -Wformat-nonliteral -D MY_DEBUG 
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG 
 debug2: git_version
 	rm -f ${NAME}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address
+
+#targets only for 'make release'
+
+mips24kc_be: git_version
+	${cc_mips24kc_be}  -o ${NAME}_$@   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+mips24kc_be_asm_aes: git_version
+	${cc_mips24kc_be}  -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips_be.S
+mips24kc_le: git_version
+	${cc_mips24kc_le}  -o ${NAME}_$@   -I. ${SOURCES} ${FLAGS} -lrt -lgcc_eh -static -O3
+mips24kc_le_asm_aes: git_version
+	${cc_mips24kc_le}  -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -lgcc_eh -static -O3 lib/aes_acc/asm/mips.S
+amd64:git_version
+	${cc_local}   -o ${NAME}_$@    -I. ${SOURCES} ${FLAGS} -lrt -static -O3
+amd64_hw_aes:git_version
+	${cc_local}   -o ${NAME}_$@   -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 lib/aes_acc/asm/x64.S
+x86:git_version
+	${cc_local}   -o ${NAME}_$@      -I. ${SOURCES} ${FLAGS} -lrt -static -O3 -m32
+x86_asm_aes:git_version
+	${cc_local}   -o ${NAME}_$@    -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 -m32 lib/aes_acc/asm/x86.S
+arm:git_version
+	${cc_arm}   -o ${NAME}_$@      -I. ${SOURCES} ${FLAGS} -lrt -static -O3
+arm_asm_aes:git_version
+	${cc_arm}   -o ${NAME}_$@    -I. ${SOURCES_AES_ACC} ${FLAGS} -lrt -static -O3 lib/aes_acc/asm/arm.S
+
+release: ${TARGETS}
+	cp git_version.h version.txt
+	tar -zcvf ${TAR}
+
+#targets for multi-platform version (native compile)
+cygwin:git_version
+	${cc_local}   -o ${NAME}_$@          -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -lrt -ggdb -static -O2 -D_GNU_SOURCE
+
+mingw:git_version
+	${cc_local}   -o ${NAME}_$@         -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32
+
+mingw_wepoll:git_version
+	${cc_local}   -o ${NAME}_$@        -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32
+
+linux:git_version
+	${cc_local}   -o ${NAME}_$@          -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2
+
+freebsd:git_version
+	${cc_local}   -o ${NAME}_$@        -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2
+
+mac:git_version
+	${cc_local}   -o ${NAME}_$@        -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2
+
+#targets for multi-platform version (cross compile)
+
+mingw_cross:git_version
+	${cc_mingw_cross}   -o ${NAME}_mp.exe          -I. ${SOURCES} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -lws2_32 ${MP}
+
+mingw_cross_wepoll:git_version
+	${cc_mingw_cross}   -o ${NAME}_mp_wepoll.exe   -I. ${SOURCES0} pcap_wrapper.cpp ${FLAGS} -ggdb -static -O2 -DNO_LIBEV_EMBED -D_WIN32 -lev -lws2_32 ${MP}
+
+mac_cross:git_version
+	${cc_mac_cross}   -o ${NAME}_mp_mac            -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 ${MP}
+
+release_mp:${TARGETS_MP}
+	cp git_version.h version.txt
+	tar -zcvf ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac

-#dynamic: git_version
-#	${cc_local}   -o ${NAME}_$@          -I. ${SOURCES} ${FLAGS} -lrt -O3

 clean:	
-	rm -f udp2raw.exe ${OUTPUTS}
-	rm -f udp2raw udp2raw_cross udp2raw_cmake udp2raw_dynamic
+	rm -f ${TAR}
+	rm -f ${NAME} ${NAME}_cross ${NAME}.exe ${NAME}_wepoll.exe ${NAME}_mac
+	rm -f ${NAME}_mp_binaries.tar.gz ${NAME}_mp.exe ${NAME}_mp_wepoll.exe ${NAME}_mp_mac
 	rm -f git_version.h

 git_version:
--- a/misc.cpp
+++ b/misc.cpp
@@ -47,8 +47,10 @@ my_id_t const_id=0;//an id used for connection recovery,its generated randomly,i

 int udp_fd=-1;  //for client only. client use this fd to listen and handle udp connection
 int bind_fd=-1; //bind only,never send or recv.  its just a dummy fd for bind,so that other program wont occupy the same port
-//int epollfd=-1; //fd for epoll
-//int timer_fd=-1;   //the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
+#ifdef UDP2RAW_LINUX
+int epollfd=-1; //fd for epoll
+int timer_fd=-1;   //the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
+#endif
 int fail_time_counter=0;//determine if the max_fail_time is reached
 int epoll_trigger_counter=0;//for debug only
 int debug_flag=0;//for debug only
@@ -70,6 +72,14 @@ char fifo_file[1000]="";

 int clear_iptables=0;
 int wait_xtables_lock=0;
+#ifdef UDP2RAW_LINUX
+string iptables_command0="iptables/ip6tables ";
+string iptables_command="";
+string iptables_pattern="";
+int iptables_rule_added=0;
+int iptables_rule_keeped=0;
+int iptables_rule_keep_index=0;
+#endif

 program_mode_t program_mode=unset_mode;//0 unset; 1client 2server
 raw_mode_t raw_mode=mode_faketcp;
@@ -88,7 +98,7 @@ int socket_buf_size=1024*1024;


 //char lower_level_arg[1000];
-/*
+#ifdef UDP2RAW_LINUX
 int process_lower_level_arg()//handle --lower-level option
 {
 	lower_level=1;
@@ -116,7 +126,8 @@ int process_lower_level_arg()//handle --lower-level option
 		dest_hw_addr[i] = uint8_t(hw[i]);
 	}
 	return 0;
-}*/
+}
+#endif
 void print_help()
 {
 	char git_version_buf[100]={0};
@@ -126,19 +137,21 @@ void print_help()
 	printf("build date:%s %s\n",__DATE__,__TIME__);
 	printf("repository: https://github.com/wangyu-/udp2raw-tunnel\n");
 	printf("\n");
+#ifdef UDP2RAW_MP
 #ifdef NO_LIBNET
 	printf("libnet is disabled at compile time\n");
 	printf("\n");
+#endif
 #endif
 	printf("usage:\n");
 	printf("    run as client : ./this_program -c -l local_listen_ip:local_port -r server_address:server_port  [options]\n");
 	printf("    run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port  [options]\n");
 	printf("\n");
 	printf("common options,these options must be same on both side:\n");
-	printf("    --raw-mode            <string>        avaliable values:faketcp(default),udp,icmp and easy-faketcp\n");
+	printf("    --raw-mode            <string>        available values:faketcp(default),udp,icmp and easy-faketcp\n");
 	printf("    -k,--key              <string>        password to gen symetric key,default:\"secret key\"\n");
-	printf("    --cipher-mode         <string>        avaliable values:aes128cfb,aes128cbc(default),xor,none\n");
-	printf("    --auth-mode           <string>        avaliable values:hmac_sha1,md5(default),crc32,simple,none\n");
+	printf("    --cipher-mode         <string>        available values:aes128cfb,aes128cbc(default),xor,none\n");
+	printf("    --auth-mode           <string>        available values:hmac_sha1,md5(default),crc32,simple,none\n");
 	printf("    -a,--auto-rule                        auto add (and delete) iptables rule\n");
 	printf("    -g,--gen-rule                         generate iptables rule then exit,so that you can copy and\n");
 	printf("                                          add it manually.overrides -a\n");
@@ -165,6 +178,9 @@ void print_help()
 	printf("    --disable-bpf                         disable the kernel space filter,most time its not necessary\n");
 	printf("                                          unless you suspect there is a bug\n");
 //	printf("\n");
+#ifdef UDP2RAW_LINUX
+	printf("    --dev                 <string>        bind raw socket to a device, not necessary but improves performance\n");
+#endif
 	printf("    --sock-buf            <number>        buf size for socket,>=10 and <=10240,unit:kbyte,default:1024\n");
 	printf("    --force-sock-buf                      bypass system limitation while setting sock-buf\n");
 	printf("    --seq-mode            <number>        seq increase mode for faketcp:\n");
@@ -296,9 +312,11 @@ void process_arg(int argc, char *argv[])  //process all options
 		{"set-ttl", required_argument,    0, 1},
 		{"dev", required_argument,    0, 1},
 		{"dns-resolve", no_argument,    0, 1},
-		{"pcap-send", no_argument,    0, 1},
 		{"easy-tcp", no_argument,    0, 1},
+#ifdef UDP2RAW_MP
+		{"pcap-send", no_argument,    0, 1},
 		{"no-pcap-mutex", no_argument,    0, 1},
+#endif
        {"fix-gro", no_argument,    0, 1},
 		{NULL, 0, 0, 0}
 	  };
@@ -468,8 +486,11 @@ void process_arg(int argc, char *argv[])  //process all options
 		case 'h':
 			break;
 		case 'a':
+if(is_udp2raw_mp)
+{
 			mylog(log_fatal,"-a not supported in this version, check -g or --raw-mode easyfaketcp\n");
 			myexit(-1);
+}
 			auto_add_iptables_rule=1;
 			break;
 		case 'g':
@@ -482,9 +503,12 @@ void process_arg(int argc, char *argv[])  //process all options
 		case 1:
 			mylog(log_debug,"option_index: %d\n",option_index);
 			if(strcmp(long_options[option_index].name,"clear")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--clear not supported in this version\n");
 				myexit(-1);
+}

 				clear_iptables=1;
 			}
@@ -595,30 +619,44 @@ void process_arg(int argc, char *argv[])  //process all options
 			}
 			else if(strcmp(long_options[option_index].name,"lower-level")==0)
 			{
-				//process_lower_level_arg();
+if(is_udp2raw_mp)
+{
 				mylog(log_fatal,"--lower-level not supported in this version\n");
 				myexit(-1);
+}

+#ifdef UDP2RAW_LINUX
+				process_lower_level_arg();
+#endif
+				//process_lower_level_arg();
 				//lower_level=1;
 				//strcpy(lower_level_arg,optarg);
 			}
 			else if(strcmp(long_options[option_index].name,"simple-rule")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--simple-rule not supported in this version\n");
 				myexit(-1);
-
+}
 				simple_rule=1;
 			}
 			else if(strcmp(long_options[option_index].name,"keep-rule")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--keep-rule not supported in this version\n");
 				myexit(-1);
+}
 				keep_rule=1;
 			}
 			else if(strcmp(long_options[option_index].name,"gen-add")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--gen-add not supported in this version\n");
 				myexit(-1);
+}
 				generate_iptables_rule_add=1;
 			}
 			else if(strcmp(long_options[option_index].name,"disable-color")==0)
@@ -650,9 +688,12 @@ void process_arg(int argc, char *argv[])  //process all options
 				//enable_log_position=1;
 			}
 			else if(strcmp(long_options[option_index].name,"force-sock-buf")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--force-sock-buf not supported in this version\n");
 				myexit(-1);
+}
 				force_socket_buf=1;
 			}
 			else if(strcmp(long_options[option_index].name,"retry-on-error")==0)
@@ -708,9 +749,12 @@ void process_arg(int argc, char *argv[])  //process all options
 				mylog(log_info,"random_drop =%d \n",random_drop);
 			}
 			else if(strcmp(long_options[option_index].name,"fifo")==0)
+			{
+if(is_udp2raw_mp)
 {
 				mylog(log_fatal,"--fifo not supported in this version\n");
 				myexit(-1);
+}
 				sscanf(optarg,"%s",fifo_file);

 				mylog(log_info,"fifo_file =%s \n",fifo_file);
@@ -761,6 +805,7 @@ void process_arg(int argc, char *argv[])  //process all options
 				enable_dns_resolve=1;
 				mylog(log_info,"dns-resolve enabled\n");
 			}
+#ifdef UDP2RAW_MP
 			else if(strcmp(long_options[option_index].name,"pcap-send")==0)
 			{
 				send_with_pcap=1;
@@ -771,6 +816,7 @@ void process_arg(int argc, char *argv[])  //process all options
 				use_pcap_mutex=0;
 				mylog(log_warn,"--no-pcap-mutex enabled, we will assume the underlying pcap calls are threadsafe\n");
 			}
+#endif
 			else if(strcmp(long_options[option_index].name,"easy-tcp")==0)
 			{
 				use_tcp_dummy_socket=1;
@@ -933,7 +979,7 @@ void pre_process_arg(int argc, char *argv[])//mainly for load conf file
 	process_arg(new_argc,new_argv_char);

 }
-/*
+#ifdef UDP2RAW_LINUX
 void *run_keep(void *none)  //called in a new thread for --keep-rule option
 {

@@ -1064,6 +1110,29 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-loc
 		}
 		pattern+=tmp_pattern;
 	}
+/*
+	if(!simple_rule)
+	{
+		pattern += " -m comment --comment udp2rawDwrW_";
+
+		char const_id_str[100];
+		sprintf(const_id_str, "%x_", const_id);
+
+		pattern += const_id_str;
+
+		time_t timer;
+		char buffer[26];
+		struct tm* tm_info;
+
+		time(&timer);
+		tm_info = localtime(&timer);
+
+		strftime(buffer, 26, "%Y-%m-%d-%H:%M:%S", tm_info);
+
+		pattern += buffer;
+
+
+	}*/

 	if(generate_iptables_rule)
 	{
@@ -1099,7 +1168,8 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-loc
 		mylog(log_warn," -a has not been set, make sure you have added the needed iptables rules manually\n");
 	}
 }
-*/
+#endif
+
 int unit_test()
 {
 	printf("running unit test\n");
@@ -1158,7 +1228,7 @@ int unit_test()
 	return 0;
 }

-/*
+#ifdef UDP2RAW_LINUX
 int set_timer(int epollfd,int &timer_fd)//put a timer_fd into epoll,general function,used both in client and server
 {
 	int ret;
@@ -1330,6 +1400,19 @@ int iptables_rule_init(const char * s,u32_t const_id,int keep)

 int keep_iptables_rule()  //magic to work on a machine without grep/iptables --check/-m commment
 {
+	/*
+	if(iptables_rule_keeped==0) return  0;
+
+
+	uint64_t tmp_current_time=get_current_time();
+	if(tmp_current_time-keep_rule_last_time<=iptables_rule_keep_interval)
+	{
+		return 0;
+	}
+	else
+	{
+		keep_rule_last_time=tmp_current_time;
+	}*/

 	mylog(log_debug,"keep_iptables_rule begin %llu\n",get_current_time());
 	iptables_rule_keep_index+=1;
@@ -1374,9 +1457,9 @@ int clear_iptables_rule()
 	}
 	return 0;
 }
+#endif

-*/
-
+#ifdef UDP2RAW_MP
 void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-lock
 {

@@ -1484,6 +1567,7 @@ void iptables_rule()  // handles -a -g --gen-add  --keep-rule --clear --wait-loc
 	}

 }
+#endif

 void  signal_handler(int sig)
 {
--- a/misc.h
+++ b/misc.h
@@ -75,12 +75,10 @@ union current_state_t
 	client_current_state_t client_current_state;
 };

-extern char remote_address[max_addr_len];
 //extern char remote_address[max_address_len];
-extern char local_ip[100], remote_ip[100],source_ip[100];//local_ip is for -l option,remote_ip for -r option,source for --source-ip
-extern u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
-extern int local_port , remote_port,source_port;//similiar to local_ip  remote_ip,buf for port.source_port=0 indicates --source-port is not enabled
-
+//extern char local_ip[100], remote_ip[100],source_ip[100];//local_ip is for -l option,remote_ip for -r option,source for --source-ip
+//extern u32_t local_ip_uint32,remote_ip_uint32,source_ip_uint32;//convert from last line.
+//extern int local_port , remote_port,source_port;//similiar to local_ip  remote_ip,buf for port.source_port=0 indicates --source-port is not enabled

 extern address_t local_addr,remote_addr,source_addr;

@@ -95,8 +93,8 @@ extern my_id_t const_id;//an id used for connection recovery,its generated rando

 extern int udp_fd;  //for client only. client use this fd to listen and handle udp connection
 extern int bind_fd; //bind only,never send or recv.  its just a dummy fd for bind,so that other program wont occupy the same port
-//extern int epollfd; //fd for epoll
-//extern int timer_fd;   //the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
+extern int epollfd; //fd for epoll
+extern int timer_fd;   //the general timer fd for client and server.for server this is not the only timer find,every connection has a timer fd.
 extern int fail_time_counter;//determine if the max_fail_time is reached
 extern int epoll_trigger_counter;//for debug only
 extern int debug_flag;//for debug only
@@ -126,12 +124,11 @@ extern int about_to_exit;

 extern int socket_buf_size;

+
 extern pthread_t keep_thread;
 extern int keep_thread_running;


-
-
 int process_lower_level_arg();
 void print_help();
 void iptables_rule();
--- a/network.cpp
+++ b/network.cpp
@@ -34,9 +34,11 @@ char if_name[100]="";
 char dev[100]="";

 unsigned short g_ip_id_counter=0;
+#ifdef UDP2RAW_LINUX
+unsigned char dest_hw_addr[sizeof(sockaddr_ll::sll_addr)]=
+    {0xff,0xff,0xff,0xff,0xff,0xff,0,0};
+#endif

-//unsigned char dest_hw_addr[sizeof(sockaddr_ll::sll_addr)]=
- //   {0xff,0xff,0xff,0xff,0xff,0xff,0,0};
 //{0x00,0x23,0x45,0x67,0x89,0xb9};

 const u32_t receive_window_lower_bound=40960;
@@ -47,14 +49,17 @@ char g_packet_buf[huge_buf_len]; //looks dirty but works well
 int g_packet_buf_len=-1;
 int g_packet_buf_cnt=0;

-/*
+#ifdef UDP2RAW_LINUX
 union
 {
 	sockaddr_ll ll;
 	sockaddr_in ipv4;
 	sockaddr_in6 ipv6;
 }g_sockaddr;
-socklen_t g_sockaddr_len = -1;*/
+socklen_t g_sockaddr_len = -1;
+#endif
+
+#ifdef UDP2RAW_MP

 #ifndef NO_LIBNET
 libnet_t *libnet_handle;
@@ -86,7 +91,10 @@ pthread_t pcap_recv_thread;
 struct bpf_program g_filter;
 long long g_filter_compile_cnt=0;

-#if 0
+#endif
+
+#ifdef UDP2RAW_LINUX
+
 struct sock_filter code_tcp_old[] = {
 		{ 0x28, 0, 0, 0x0000000c },//0
 		{ 0x15, 0, 10, 0x00000800 },//1
@@ -288,7 +296,7 @@ packet_info_t::packet_info_t()
 	}

 }
-
+#ifdef UDP2RAW_MP
 void my_packet_handler(
    u_char *args,
    const struct pcap_pkthdr *packet_header,
@@ -373,8 +381,9 @@ void *pcap_recv_thread_entry(void *none)
 }

 extern void async_cb(struct ev_loop *loop, struct ev_async *watcher, int revents);
+#endif

-#if 0
+#ifdef UDP2RAW_LINUX
 int init_raw_socket()
 {
 	assert(raw_ip_version==AF_INET||raw_ip_version==AF_INET6);
@@ -500,7 +509,7 @@ int init_raw_socket()
 	return 0;
 }
 #endif
-
+#ifdef UDP2RAW_MP
 int init_raw_socket()
 {

@@ -717,7 +726,8 @@ int init_raw_socket()

 	return 0;
 }
-/*
+#endif
+#ifdef UDP2RAW_LINUX
 void init_filter(int port)
 {
 	sock_fprog bpf;
@@ -787,7 +797,9 @@ void init_filter(int port)
 		myexit(-1);
 	}
 }
- */
+#endif
+
+#ifdef UDP2RAW_MP
 void init_filter(int port)
 {
 	/*
@@ -933,10 +945,12 @@ void init_filter(int port)
 		myexit(-1);
 	}*/
 }
+#endif
+
 void remove_filter()
 {
 	filter_port=0;
-/*
+#ifdef UDP2RAW_LINUX
 	int dummy;
 	int ret=setsockopt(raw_recv_fd, SOL_SOCKET, SO_DETACH_FILTER, &dummy, sizeof(dummy));
 	if (ret != 0)
@@ -945,12 +959,12 @@ void remove_filter()
 		//perror("filter");
 		//exit(-1);
 	}
-*/
+#endif
 }

 int init_ifindex(const char * if_name,int fd,int &index)
 {
-/*
+#ifdef UDP2RAW_LINUX
 	struct ifreq ifr;
 	size_t if_name_len=strlen(if_name);
 	if (if_name_len<sizeof(ifr.ifr_name)) {
@@ -967,11 +981,11 @@ int init_ifindex(const char * if_name,int fd,int &index)
 	}
 	index=ifr.ifr_ifindex;
 	mylog(log_info,"ifname:%s  ifindex:%d\n",if_name,index);
-*/
+#endif
 	return 0;
 }

-#if 0
+#ifdef UDP2RAW_LINUX
 bool interface_has_arp(const char * interface) {
    struct ifreq ifr;
   // int sock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
@@ -986,8 +1000,6 @@ bool interface_has_arp(const char * interface) {
    //close(sock);
    return !(ifr.ifr_flags & IFF_NOARP);
 }
-#endif
-/*
 struct route_info_t
 {
 	string if_name;
@@ -1032,8 +1044,7 @@ vector<int> find_route_entry(const vector<route_info_t> &route_info_vec,u32_t ip
 		}
 	}
 	return res;
-}*/
-/*
+}
 int find_direct_dest(const vector<route_info_t> &route_info_vec,u32_t ip,u32_t &dest_ip,string &if_name)
 {
 	vector<int> res;
@@ -1104,9 +1115,7 @@ int find_arp(const vector<arp_info_t> &arp_info_vec,u32_t ip,string if_name,stri
 	}
 	hw=arp_info_vec[pos].hw;
 	return 0;
-}*/
-
-/*
+}
 int find_lower_level_info(u32_t ip,u32_t &dest_ip,string &if_name,string &hw)
 {
 	ip=htonl(ip);
@@ -1195,8 +1204,10 @@ int find_lower_level_info(u32_t ip,u32_t &dest_ip,string &if_name,string &hw)

 	dest_ip=ntohl(dest_ip);
 	return 0;
-}*/
-#if 0
+}
+#endif
+
+#ifdef UDP2RAW_LINUX
 int send_raw_packet(raw_info_t &raw_info,const char * packet,int len)
 {
 	const packet_info_t &send_info=raw_info.send_info;
@@ -1229,12 +1240,10 @@ int send_raw_packet(raw_info_t &raw_info,const char * packet,int len)
    else
    {

-    	assert(0==1);
-    	/*
    	struct sockaddr_ll addr={0};  //={0} not necessary
    	memcpy(&addr,&send_info.addr_ll,sizeof(addr));

-    	ret = sendto(raw_send_fd, packet, len ,  0, (struct sockaddr *) &addr, sizeof (addr));*/
+    	ret = sendto(raw_send_fd, packet, len ,  0, (struct sockaddr *) &addr, sizeof (addr));
    }
    if(ret==-1)
    {
@@ -1250,6 +1259,9 @@ int send_raw_packet(raw_info_t &raw_info,const char * packet,int len)
    return 0;
 }
 #endif
+
+#ifdef UDP2RAW_MP
+
 int send_raw_packet(raw_info_t &raw_info,const char * packet,int len)
 {
 	const packet_info_t &send_info=raw_info.send_info;
@@ -1314,6 +1326,8 @@ int send_raw_packet(raw_info_t &raw_info,const char * packet,int len)
    }
    return 0;
 }
+#endif
+
 int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)
 {
 	const packet_info_t &send_info=raw_info.send_info;
@@ -1357,22 +1371,28 @@ int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)
 		iph->daddr = send_info.new_dst_ip.v4;

 		ip_tot_len=sizeof (struct my_iphdr)+payloadlen;
-		/*
+#ifdef UDP2RAW_LINUX
 		if(lower_level)iph->tot_len = htons(ip_tot_len);            //this is not necessary ,kernel will always auto fill this  //http://man7.org/linux/man-pages/man7/raw.7.html
 		else
 			iph->tot_len = 0;
-		*/
+#endif
+
+#ifdef UDP2RAW_MP
 		iph->tot_len = htons(ip_tot_len);//always fill for mp version
+#endif
+
 		memcpy(send_raw_ip_buf+sizeof(my_iphdr) , payload, payloadlen);

-		/*
+#ifdef UDP2RAW_LINUX
 		if(lower_level) iph->check =
 				csum ((unsigned short *) send_raw_ip_buf, iph->ihl*4); //this is not necessary ,kernel will always auto fill this
 		else
 			iph->check=0;
-			*/
+#endif

+#ifdef UDP2RAW_MP
 		iph->check =csum((unsigned short *) send_raw_ip_buf, iph->ihl*4);//always cal checksum for mp version
+#endif
    }
    else
    {
@@ -1398,8 +1418,7 @@ int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen)

 int pre_recv_raw_packet()
 {
-	//not used in mp version,use async cb instead
-	/*
+#ifdef UDP2RAW_LINUX
 	assert(g_packet_buf_cnt==0);

 	g_sockaddr_len=sizeof(g_sockaddr.ll);
@@ -1422,7 +1441,7 @@ int pre_recv_raw_packet()
 		}
 	}

-    if(g_packet_buf_len> max_data_len+1)
+    if(g_packet_buf_len>= max_data_len+1)
    {
        if(g_fix_gro==0)
        {
@@ -1444,7 +1463,8 @@ int pre_recv_raw_packet()
 		mylog(log_trace,"recv_len %d\n",g_packet_buf_len);
 		return -1;
 	}
-	g_packet_buf_cnt++;*/
+	g_packet_buf_cnt++;
+#endif
 	return 0;
 }
 int discard_raw_packet()
@@ -1453,7 +1473,7 @@ int discard_raw_packet()
 	g_packet_buf_cnt--;
 	return 0;
 }
-/*
+#ifdef UDP2RAW_LINUX
 int recv_raw_packet(char * &packet,int &len,int peek)
 {
 	assert(g_packet_buf_cnt==1);
@@ -1481,8 +1501,9 @@ int recv_raw_packet(char * &packet,int &len,int peek)
 	packet=g_packet_buf+int(link_level_header_len);
 	len=g_packet_buf_len-int(link_level_header_len);
 	return 0;
-}*/
-
+}
+#endif
+#ifdef UDP2RAW_MP
 int recv_raw_packet(char * &packet,int &len,int peek)
 {
 	assert(g_packet_buf_cnt==1);
@@ -1493,7 +1514,7 @@ int recv_raw_packet(char * &packet,int &len,int peek)
 	len=g_packet_buf_len;
 	return 0;
 }
-
+#endif
 int recv_raw_ip(raw_info_t &raw_info,char * &payload,int &payloadlen)
 {
 	char *raw_packet_buf;
@@ -1548,11 +1569,12 @@ int recv_raw_ip(raw_info_t &raw_info,char * &payload,int &payloadlen)
 			return -1;
 		}
 	}
-
+#ifdef UDP2RAW_LINUX
 	if(lower_level)
 	{
-		//memcpy(&recv_info.addr_ll,&g_sockaddr.ll,sizeof(recv_info.addr_ll));
+		memcpy(&recv_info.addr_ll,&g_sockaddr.ll,sizeof(recv_info.addr_ll));
 	}
+#endif



@@ -3146,8 +3168,8 @@ int client_bind_to_a_new_port(int &fd,u32_t local_ip_uint32)//find a free port a
 	mylog(log_fatal,"bind port fail\n");
 	myexit(-1);
 	return -1;////for compiler check
-}
-*/
+}*/
+
 int client_bind_to_a_new_port2(int &fd,const address_t& address)//find a free port and bind to it.
 {
 	address_t tmp=address;
--- a/network.h
+++ b/network.h
@@ -14,11 +14,11 @@ extern int use_tcp_dummy_socket;
 extern int seq_mode;
 extern int max_seq_mode;
 extern int filter_port;
-extern u32_t bind_address_uint32;
+//extern u32_t bind_address_uint32;
 extern int disable_bpf_filter;

-//extern int lower_level;
-//extern int lower_level_manual;
+extern int lower_level;
+extern int lower_level_manual;
 extern char if_name[100];
 extern char dev[100];
 extern unsigned char dest_hw_addr[];
@@ -30,7 +30,7 @@ extern int ifindex;
 extern char g_packet_buf[huge_buf_len];
 extern int g_packet_buf_len;
 extern int g_packet_buf_cnt;
-
+#ifdef UDP2RAW_MP
 extern queue_t my_queue;

 extern ev_async async_watcher;
@@ -55,6 +55,7 @@ struct icmphdr
 	uint16_t id;
 	uint16_t seq;
 };
+#endif

 struct my_iphdr
  {
@@ -162,7 +163,6 @@ struct my_tcphdr
    };
 };

-
 struct my_ip6hdr
  {
 # ifdef UDP2RAW_LITTLE_ENDIAN
@@ -215,11 +215,9 @@ struct packet_info_t  //todo change this to union
 {
 	uint8_t protocol;

+
 	//u32_t src_ip;
 	//u32_t dst_ip;
-	u32_t src_ip;
-	u32_t dst_ip;
-
 	my_ip_t new_src_ip;
 	my_ip_t new_dst_ip;

@@ -240,7 +238,9 @@ struct packet_info_t  //todo change this to union

 	bool has_ts;

-	//sockaddr_ll addr_ll;
+#ifdef UDP2RAW_LINUX
+	sockaddr_ll addr_ll;
+#endif

 	i32_t data_len;

@@ -253,10 +253,8 @@ struct raw_info_t
 	packet_info_t recv_info;
 	//int last_send_len;
 	//int last_recv_len;
-
 	bool peek=0;
 	//bool csum=1;
-
 	u32_t reserved_send_seq;
 	//uint32_t first_seq,first_ack_seq;
 	int rst_received=0;
@@ -265,15 +263,19 @@ struct raw_info_t
 };//g_raw_info;


-
 int init_raw_socket();

 void init_filter(int port);

 void remove_filter();

-//int init_ifindex(const char * if_name,int fd,int &index);
+#ifdef UDP2RAW_LINUX
+int init_ifindex(const char * if_name,int fd,int &index);
+#endif
+
+#ifdef UDP2RAW_MP
 int init_ifindex(const char * if_name,int &index);
+#endif

 int find_lower_level_info(u32_t ip,u32_t &dest_ip,string &if_name,string &hw);

@@ -287,6 +289,7 @@ int client_bind_to_a_new_port(int & bind_fd,u32_t local_ip_uint32);//find a free
 int client_bind_to_a_new_port2(int &fd,const address_t& address);

 int discard_raw_packet();
+int pre_recv_raw_packet();

 int send_raw_ip(raw_info_t &raw_info,const char * payload,int payloadlen);

--- a/pcap_wrapper.h
+++ b/pcap_wrapper.h
@@ -9,12 +9,12 @@

 struct bpf_program
 {
- char a[2000];
+ char a[4096];
 };

 struct pcap_t
 {
- char a[2000];
+ char a[4096];
 };

 typedef unsigned int bpf_u_int32;
--- a/server.cpp
+++ b/server.cpp
@@ -0,0 +1,921 @@
+/*
+ * server.cpp
+ *
+ *  Created on: Aug 29, 2018
+ *      Author: root
+ */
+
+#ifndef UDP2RAW_MP
+
+#include "common.h"
+#include "network.h"
+#include "connection.h"
+#include "misc.h"
+#include "log.h"
+#include "lib/md5.h"
+#include "encrypt.h"
+#include "fd_manager.h"
+
+int server_on_timer_multi(conn_info_t &conn_info)  //for server. called when a timer is ready in epoll.for server,there will be one timer for every connection
+// there is also a global timer for server,but its not handled here
+{
+	char ip_port[max_addr_len];
+	//u32_t ip=conn_info.raw_info.send_info.dst_ip;
+	//u32_t port=conn_info.raw_info.send_info.dst_port;
+
+	address_t tmp_addr;
+	tmp_addr.from_ip_port_new(raw_ip_version,&conn_info.raw_info.send_info.new_dst_ip,conn_info.raw_info.send_info.dst_port);
+	//sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
+	tmp_addr.to_str(ip_port);
+
+	//keep_iptables_rule();
+	mylog(log_trace,"server timer!\n");
+	raw_info_t &raw_info=conn_info.raw_info;
+
+	assert(conn_info.state.server_current_state==server_ready);
+
+
+	if(conn_info.state.server_current_state==server_ready)
+	{
+		conn_info.blob->conv_manager.s.clear_inactive(ip_port);
+		/*
+		if( get_current_time()-conn_info.last_hb_recv_time>heartbeat_timeout )
+		{
+			mylog(log_trace,"%lld %lld\n",get_current_time(),conn_info.last_state_time);
+			conn_info.server_current_state=server_nothing;
+
+			//conn_manager.current_ready_ip=0;
+			//conn_manager.current_ready_port=0;
+
+			mylog(log_info,"changed state to server_nothing\n");
+			return 0;
+		}*/  //dont need to do this at server,conn_manger will clear expired connections
+
+		if(get_current_time()-conn_info.last_hb_sent_time<heartbeat_interval)
+		{
+			return 0;
+		}
+
+		if(hb_mode==0)
+			send_safer(conn_info,'h',hb_buf,0);  /////////////send
+		else
+			send_safer(conn_info,'h',hb_buf,hb_len);
+		conn_info.last_hb_sent_time=get_current_time();
+
+		mylog(log_debug,"heart beat sent<%x,%x>\n",conn_info.my_id,conn_info.oppsite_id);
+	}
+	else
+	{
+		mylog(log_fatal,"this shouldnt happen!\n");
+		myexit(-1);
+	}
+	return 0;
+
+}
+int server_on_raw_recv_ready(conn_info_t &conn_info,char * ip_port,char type,char *data,int data_len)  //called while the state for a connection is server_ready
+//receives data and heart beat by recv_safer.
+{
+
+	raw_info_t &raw_info = conn_info.raw_info;
+	packet_info_t &send_info = conn_info.raw_info.send_info;
+	packet_info_t &recv_info = conn_info.raw_info.recv_info;
+	//char ip_port[40];
+
+	//sprintf(ip_port,"%s:%d",my_ntoa(recv_info.src_ip),recv_info.src_port);
+
+
+/*
+	if (recv_info.src_ip != send_info.dst_ip
+			|| recv_info.src_port != send_info.dst_port) {
+		mylog(log_debug, "unexpected adress\n");
+		return 0;
+	}*/
+
+	if (type == 'h' && data_len >= 0) {
+		//u32_t tmp = ntohl(*((u32_t *) &data[sizeof(u32_t)]));
+		mylog(log_debug,"[%s][hb]received hb \n",ip_port);
+		conn_info.last_hb_recv_time = get_current_time();
+		return 0;
+	} else if (type== 'd' && data_len >=int( sizeof(u32_t) ))
+	{
+
+		//u32_t tmp_conv_id = ntohl(*((u32_t *) &data[0]));
+		my_id_t tmp_conv_id;
+		memcpy(&tmp_conv_id,&data[0],sizeof(tmp_conv_id));
+		tmp_conv_id=ntohl(tmp_conv_id);
+
+
+		if(hb_mode==0)
+			conn_info.last_hb_recv_time = get_current_time();
+
+		mylog(log_trace, "conv:%u\n", tmp_conv_id);
+		if (!conn_info.blob->conv_manager.s.is_conv_used(tmp_conv_id)) {
+			if (conn_info.blob->conv_manager.s.get_size() >= max_conv_num) {
+				mylog(log_warn,
+						"[%s]ignored new conv %x connect bc max_conv_num exceed\n",ip_port,
+						tmp_conv_id);
+				return 0;
+			}
+
+			/*
+			struct sockaddr_in remote_addr_in={0};
+
+			socklen_t slen = sizeof(sockaddr_in);
+			//memset(&remote_addr_in, 0, sizeof(remote_addr_in));
+			remote_addr_in.sin_family = AF_INET;
+			remote_addr_in.sin_port = htons(remote_port);
+			remote_addr_in.sin_addr.s_addr = remote_ip_uint32;
+
+
+
+			int new_udp_fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
+
+			if (new_udp_fd < 0) {
+				mylog(log_warn, "[%s]create udp_fd error\n",ip_port);
+				return -1;
+			}
+			setnonblocking(new_udp_fd);
+			set_buf_size(new_udp_fd,socket_buf_size);
+
+			mylog(log_debug, "[%s]created new udp_fd %d\n",ip_port, new_udp_fd);
+			int ret = connect(new_udp_fd, (struct sockaddr *) &remote_addr_in,
+					slen);
+			if (ret != 0) {
+				mylog(log_warn, "udp fd connect fail\n");
+				close(new_udp_fd);
+				return -1;
+			}*/
+
+			int new_udp_fd=remote_addr.new_connected_udp_fd();
+			if (new_udp_fd < 0) {
+				mylog(log_warn, "[%s]new_connected_udp_fd() failed\n",ip_port);
+				return -1;
+			}
+
+			struct epoll_event ev;
+
+			fd64_t new_udp_fd64 =  fd_manager.create(new_udp_fd);
+			fd_manager.get_info(new_udp_fd64).p_conn_info=&conn_info;
+
+			mylog(log_trace, "[%s]u64: %lld\n",ip_port, new_udp_fd64);
+			ev.events = EPOLLIN;
+
+			ev.data.u64 = new_udp_fd64;
+
+			int ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, new_udp_fd, &ev);
+
+			if (ret != 0) {
+				mylog(log_warn, "[%s]add udp_fd error\n",ip_port);
+				close(new_udp_fd);
+				return -1;
+			}
+
+			conn_info.blob->conv_manager.s.insert_conv(tmp_conv_id, new_udp_fd64);
+
+
+
+			//assert(conn_manager.udp_fd_mp.find(new_udp_fd)==conn_manager.udp_fd_mp.end());
+
+			//conn_manager.udp_fd_mp[new_udp_fd] = &conn_info;
+
+			//pack_u64(conn_info.raw_info.recv_info.src_ip,conn_info.raw_info.recv_info.src_port);
+
+			mylog(log_info, "[%s]new conv conv_id=%x, assigned fd=%d\n",ip_port,
+					tmp_conv_id, new_udp_fd);
+
+
+
+		}
+
+		fd64_t fd64 = conn_info.blob->conv_manager.s.find_data_by_conv(tmp_conv_id);
+
+		conn_info.blob->conv_manager.s.update_active_time(tmp_conv_id);
+
+		int fd = fd_manager.to_fd(fd64);
+
+		mylog(log_trace, "[%s]received a data from fake tcp,len:%d\n",ip_port, data_len);
+		int ret = send(fd, data + sizeof(u32_t),
+				data_len - ( sizeof(u32_t)), 0);
+
+		mylog(log_trace, "[%s]%d byte sent  ,fd :%d\n ",ip_port, ret, fd);
+		if (ret < 0) {
+			mylog(log_warn, "send returned %d\n", ret);
+			//perror("what happened????");
+		}
+		return 0;
+	}
+	return 0;
+}
+
+int server_on_raw_recv_pre_ready(conn_info_t &conn_info,char * ip_port,u32_t tmp_oppsite_const_id)// do prepare work before state change to server ready for a specifc connection
+//connection recovery is also handle here
+{
+	//u32_t ip;uint16_t port;
+	//ip=conn_info.raw_info.recv_info.src_ip;
+	//port=conn_info.raw_info.recv_info.src_port;
+	//char ip_port[40];
+	//sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
+
+	mylog(log_info,"[%s]received handshake oppsite_id:%x  my_id:%x\n",ip_port,conn_info.oppsite_id,conn_info.my_id);
+
+	mylog(log_info,"[%s]oppsite const_id:%x \n",ip_port,tmp_oppsite_const_id);
+	if(conn_manager.const_id_mp.find(tmp_oppsite_const_id)==conn_manager.const_id_mp.end())
+	{
+		//conn_manager.const_id_mp=
+
+		if(conn_manager.ready_num>=max_ready_conn_num)
+		{
+			mylog(log_info,"[%s]max_ready_conn_num,cant turn to ready\n",ip_port);
+			conn_info.state.server_current_state =server_idle;
+			return 0;
+		}
+
+		conn_info.prepare();
+		conn_info.state.server_current_state = server_ready;
+		conn_info.oppsite_const_id=tmp_oppsite_const_id;
+		conn_manager.ready_num++;
+		conn_manager.const_id_mp[tmp_oppsite_const_id]=&conn_info;
+
+
+		//conn_info.last_state_time=get_current_time(); //dont change this!!!!!!!!!!!!!!!!!!!!!!!!!
+
+		//conn_manager.current_ready_ip=ip;
+		//conn_manager.current_ready_port=port;
+
+		//my_id=conn_info.my_id;
+		//oppsite_id=conn_info.oppsite_id;
+		conn_info.last_hb_recv_time = get_current_time();
+
+		conn_info.last_hb_sent_time = conn_info.last_hb_recv_time;//=get_current_time()
+
+		if(hb_mode==0)
+			send_safer(conn_info,'h',hb_buf,0);/////////////send
+		else
+			send_safer(conn_info,'h',hb_buf,hb_len);
+
+		mylog(log_info, "[%s]changed state to server_ready\n",ip_port);
+		conn_info.blob->anti_replay.re_init();
+
+		//g_conn_info=conn_info;
+		int new_timer_fd;
+		set_timer_server(epollfd, new_timer_fd,conn_info.timer_fd64);
+
+		fd_manager.get_info(conn_info.timer_fd64).p_conn_info=&conn_info;
+		//assert(conn_manager.timer_fd_mp.find(new_timer_fd)==conn_manager.timer_fd_mp.end());
+		//conn_manager.timer_fd_mp[new_timer_fd] = &conn_info;//pack_u64(ip,port);
+
+
+		//timer_fd_mp[new_timer_fd]
+		/*
+		 if(oppsite_const_id!=0&&tmp_oppsite_const_id!=oppsite_const_id)  //TODO MOVE TO READY
+		 {
+		 mylog(log_info,"cleared all conv bc of const id doesnt match\n");
+		 conv_manager.clear();
+		 }*/
+		//oppsite_const_id=tmp_oppsite_const_id;
+	}
+	else
+	{
+
+		conn_info_t &ori_conn_info=*conn_manager.const_id_mp[tmp_oppsite_const_id];
+
+		if(ori_conn_info.state.server_current_state==server_ready)
+		{
+			if(conn_info.last_state_time<ori_conn_info.last_state_time)
+			{
+				 mylog(log_info,"[%s]conn_info.last_state_time<ori_conn_info.last_state_time. ignored new handshake\n",ip_port);
+				 conn_info.state.server_current_state=server_idle;
+				 conn_info.oppsite_const_id=0;
+				 return 0;
+			}
+			address_t addr1;addr1.from_ip_port_new(raw_ip_version,&ori_conn_info.raw_info.recv_info.new_src_ip,ori_conn_info.raw_info.recv_info.src_port);
+			if(!conn_manager.exist(addr1))//TODO remove this
+			{
+				mylog(log_fatal,"[%s]this shouldnt happen\n",ip_port);
+				myexit(-1);
+			}
+			address_t addr2;addr2.from_ip_port_new(raw_ip_version,&conn_info.raw_info.recv_info.new_src_ip,conn_info.raw_info.recv_info.src_port);
+			if(!conn_manager.exist(addr2))//TODO remove this
+			{
+				mylog(log_fatal,"[%s]this shouldnt happen2\n",ip_port);
+				myexit(-1);
+			}
+			conn_info_t *&p_ori=conn_manager.find_insert_p(addr1);
+			conn_info_t *&p=conn_manager.find_insert_p(addr2);
+			conn_info_t *tmp=p;
+			p=p_ori;
+			p_ori=tmp;
+
+
+			mylog(log_info,"[%s]grabbed a connection\n",ip_port);
+
+
+			//ori_conn_info.state.server_current_state=server_ready;
+			ori_conn_info.recover(conn_info);
+
+			//send_safer(ori_conn_info, 'h',hb_buf, hb_len);
+			//ori_conn_info.blob->anti_replay.re_init();
+			if(hb_mode==0)
+				send_safer(ori_conn_info,'h',hb_buf,0);/////////////send
+			else
+				send_safer(ori_conn_info,'h',hb_buf,hb_len);
+
+			ori_conn_info.last_hb_recv_time=get_current_time();
+
+
+
+			conn_info.state.server_current_state=server_idle;
+			conn_info.oppsite_const_id=0;
+
+		}
+		else
+		{
+			mylog(log_fatal,"[%s]this should never happen\n",ip_port);
+			myexit(-1);
+		}
+		return 0;
+	}
+	return 0;
+}
+int server_on_raw_recv_handshake1(conn_info_t &conn_info,char * ip_port,char * data, int data_len)//called when server received a handshake1 packet from client
+{
+	packet_info_t &send_info=conn_info.raw_info.send_info;
+	packet_info_t &recv_info=conn_info.raw_info.recv_info;
+	raw_info_t &raw_info=conn_info.raw_info;
+
+	//u32_t ip=conn_info.raw_info.recv_info.src_ip;
+	//uint16_t port=conn_info.raw_info.recv_info.src_port;
+
+	//char ip_port[40];
+	//sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
+
+	if(data_len<int( 3*sizeof(my_id_t)))
+	{
+		mylog(log_debug,"[%s] data_len=%d too short to be a handshake\n",ip_port,data_len);
+		return -1;
+	}
+	//id_t tmp_oppsite_id=  ntohl(* ((u32_t *)&data[0]));
+	my_id_t tmp_oppsite_id;
+	memcpy(&tmp_oppsite_id,(u32_t *)&data[0],sizeof(tmp_oppsite_id));
+	tmp_oppsite_id=ntohl(tmp_oppsite_id);
+
+	//id_t tmp_my_id=ntohl(* ((u32_t *)&data[sizeof(id_t)]));
+	my_id_t tmp_my_id;
+	memcpy(&tmp_my_id,&data[sizeof(my_id_t)],sizeof(tmp_my_id));
+	tmp_my_id=ntohl(tmp_my_id);
+
+	if(tmp_my_id==0)  //received  init handshake again
+	{
+		if(raw_mode==mode_faketcp)
+		{
+			send_info.seq=recv_info.ack_seq;
+			send_info.ack_seq=recv_info.seq+raw_info.recv_info.data_len;
+			send_info.ts_ack=recv_info.ts;
+		}
+		if(raw_mode==mode_icmp)
+		{
+			send_info.my_icmp_seq=recv_info.my_icmp_seq;
+		}
+		send_handshake(raw_info,conn_info.my_id,tmp_oppsite_id,const_id);  //////////////send
+
+		mylog(log_info,"[%s]changed state to server_handshake1,my_id is %x\n",ip_port,conn_info.my_id);
+	}
+	else if(tmp_my_id==conn_info.my_id)
+	{
+		conn_info.oppsite_id=tmp_oppsite_id;
+		//id_t tmp_oppsite_const_id=ntohl(* ((u32_t *)&data[sizeof(id_t)*2]));
+
+		my_id_t tmp_oppsite_const_id;
+		memcpy(&tmp_oppsite_const_id,&data[sizeof(my_id_t)*2],sizeof(tmp_oppsite_const_id));
+		tmp_oppsite_const_id=ntohl(tmp_oppsite_const_id);
+
+
+		if(raw_mode==mode_faketcp)
+		{
+			send_info.seq=recv_info.ack_seq;
+			send_info.ack_seq=recv_info.seq+raw_info.recv_info.data_len;
+			send_info.ts_ack=recv_info.ts;
+		}
+
+		if(raw_mode==mode_icmp)
+		{
+			send_info.my_icmp_seq=recv_info.my_icmp_seq;
+		}
+
+		server_on_raw_recv_pre_ready(conn_info,ip_port,tmp_oppsite_const_id);
+
+	}
+	else
+	{
+		mylog(log_debug,"[%s]invalid my_id %x,my_id is %x\n",ip_port,tmp_my_id,conn_info.my_id);
+	}
+	return 0;
+}
+int server_on_recv_safer_multi(conn_info_t &conn_info,char type,char *data,int data_len)
+{
+    return 0;
+}
+int server_on_raw_recv_multi() //called when server received an raw packet
+{
+	char dummy_buf[buf_len];
+	raw_info_t peek_raw_info;
+	peek_raw_info.peek=1;
+	packet_info_t &peek_info=peek_raw_info.recv_info;
+	mylog(log_trace,"got a packet\n");
+	if(pre_recv_raw_packet()<0) return -1;
+	if(peek_raw(peek_raw_info)<0)
+	{
+		discard_raw_packet();
+		//recv(raw_recv_fd, 0,0, 0  );//
+		//struct sockaddr saddr;
+		//socklen_t saddr_size=sizeof(saddr);
+		///recvfrom(raw_recv_fd, 0,0, 0 ,&saddr , &saddr_size);//
+		mylog(log_trace,"peek_raw failed\n");
+		return -1;
+	}else
+	{
+		mylog(log_trace,"peek_raw success\n");
+	}
+	//u32_t ip=peek_info.src_ip;uint16_t port=peek_info.src_port;
+
+
+	int data_len; char *data;
+
+	address_t addr;
+	addr.from_ip_port_new(raw_ip_version,&peek_info.new_src_ip,peek_info.src_port);
+
+	char ip_port[max_addr_len];
+	addr.to_str(ip_port);
+	//sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
+	mylog(log_trace,"[%s]peek_raw\n",ip_port);
+
+	if(raw_mode==mode_faketcp&&peek_info.syn==1)
+	{
+		if(!conn_manager.exist(addr)||conn_manager.find_insert(addr).state.server_current_state!=server_ready)
+		{//reply any syn ,before state become ready
+
+			raw_info_t tmp_raw_info;
+			if(recv_raw0(tmp_raw_info,data,data_len)<0)
+			{
+				return 0;
+			}
+			if(data_len>=max_data_len+1)
+			{
+				mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+				return -1;
+			}
+			if(use_tcp_dummy_socket!=0)
+				return 0;
+			raw_info_t &raw_info=tmp_raw_info;
+			packet_info_t &send_info=raw_info.send_info;
+			packet_info_t &recv_info=raw_info.recv_info;
+
+			send_info.new_src_ip=recv_info.new_dst_ip;
+			send_info.src_port=recv_info.dst_port;
+
+			send_info.dst_port = recv_info.src_port;
+			send_info.new_dst_ip = recv_info.new_src_ip;
+
+			if(lower_level)
+			{
+				handle_lower_level(raw_info);
+			}
+
+			if(data_len==0&&raw_info.recv_info.syn==1&&raw_info.recv_info.ack==0)
+			{
+				send_info.ack_seq = recv_info.seq + 1;
+
+				send_info.psh = 0;
+				send_info.syn = 1;
+				send_info.ack = 1;
+				send_info.ts_ack=recv_info.ts;
+
+				mylog(log_info,"[%s]received syn,sent syn ack back\n",ip_port);
+				send_raw0(raw_info, 0, 0);
+				return 0;
+			}
+		}
+		else
+		{
+			discard_raw_packet();
+			//recv(raw_recv_fd, 0,0,0);
+		}
+		return 0;
+	}
+	if(!conn_manager.exist(addr))
+	{
+		if(conn_manager.mp.size()>=max_handshake_conn_num)
+		{
+			mylog(log_info,"[%s]reached max_handshake_conn_num,ignored new handshake\n",ip_port);
+			discard_raw_packet();
+			//recv(raw_recv_fd, 0,0, 0  );//
+			return 0;
+		}
+
+		raw_info_t tmp_raw_info;
+
+
+		if(raw_mode==mode_icmp)
+		{
+			tmp_raw_info.send_info.dst_port=tmp_raw_info.send_info.src_port=addr.get_port();
+		}
+		if(recv_bare(tmp_raw_info,data,data_len)<0)
+		{
+			return 0;
+		}
+		if(data_len<int( 3*sizeof(my_id_t)))
+		{
+			mylog(log_debug,"[%s]too short to be a handshake\n",ip_port);
+			return -1;
+		}
+
+		//id_t zero=ntohl(* ((u32_t *)&data[sizeof(id_t)]));
+		my_id_t zero;
+		memcpy(&zero,&data[sizeof(my_id_t)],sizeof(zero));
+		zero=ntohl(zero);
+
+		if(zero!=0)
+		{
+			mylog(log_debug,"[%s]not a invalid initial handshake\n",ip_port);
+			return -1;
+		}
+
+		mylog(log_info,"[%s]got packet from a new ip\n",ip_port);
+
+		conn_info_t &conn_info=conn_manager.find_insert(addr);
+		conn_info.raw_info=tmp_raw_info;
+		raw_info_t &raw_info=conn_info.raw_info;
+
+		packet_info_t &send_info=conn_info.raw_info.send_info;
+		packet_info_t &recv_info=conn_info.raw_info.recv_info;
+
+		//conn_info.ip_port.ip=ip;
+		//conn_info.ip_port.port=port;
+
+
+
+		send_info.new_src_ip=recv_info.new_dst_ip;
+		send_info.src_port=recv_info.dst_port;
+
+		send_info.dst_port = recv_info.src_port;
+		send_info.new_dst_ip = recv_info.new_src_ip;
+
+		if(lower_level)
+		{
+			handle_lower_level(raw_info);
+		}
+
+		//id_t tmp_oppsite_id=  ntohl(* ((u32_t *)&data[0]));
+		//mylog(log_info,"[%s]handshake1 received %x\n",ip_port,tmp_oppsite_id);
+
+		conn_info.my_id=get_true_random_number_nz();
+
+
+		mylog(log_info,"[%s]created new conn,state: server_handshake1,my_id is %x\n",ip_port,conn_info.my_id);
+
+		conn_info.state.server_current_state = server_handshake1;
+		conn_info.last_state_time = get_current_time();
+
+		server_on_raw_recv_handshake1(conn_info,ip_port,data,data_len);
+		return 0;
+	}
+
+
+
+
+	conn_info_t & conn_info=conn_manager.find_insert(addr);//insert if not exist
+	packet_info_t &send_info=conn_info.raw_info.send_info;
+	packet_info_t &recv_info=conn_info.raw_info.recv_info;
+	raw_info_t &raw_info=conn_info.raw_info;
+
+	if(conn_info.state.server_current_state==server_handshake1)
+	{
+		if(recv_bare(raw_info,data,data_len)!=0)
+		{
+			return -1;
+		}
+		return server_on_raw_recv_handshake1(conn_info,ip_port,data,data_len);
+	}
+	if(conn_info.state.server_current_state==server_ready)
+	{
+        vector<char> type_vec;
+        vector<string> data_vec;
+        recv_safer_multi(conn_info,type_vec,data_vec);
+        if(data_vec.empty())
+        {
+            mylog(log_debug,"recv_safer failed!\n");
+            return -1;
+        }
+
+        for(int i=0;i<(int)type_vec.size();i++)
+        {
+            char type=type_vec[i];
+            char *data=(char *)data_vec[i].c_str(); //be careful, do not append data to it
+            int data_len=data_vec[i].length();
+            server_on_raw_recv_ready(conn_info,ip_port,type,data,data_len);
+        }
+        return 0;
+
+	}
+
+	if(conn_info.state.server_current_state==server_idle)
+	{
+		discard_raw_packet();
+		//recv(raw_recv_fd, 0,0, 0  );//
+		return 0;
+	}
+	mylog(log_fatal,"we should never run to here\n");
+	myexit(-1);
+	return -1;
+}
+
+int server_on_udp_recv(conn_info_t &conn_info,fd64_t fd64)
+{
+	char buf[buf_len];
+
+	if(conn_info.state.server_current_state!=server_ready)//TODO remove this for peformance
+	{
+		mylog(log_fatal,"p_conn_info->state.server_current_state!=server_ready!!!this shouldnt happen\n");
+		myexit(-1);
+	}
+
+	//conn_info_t &conn_info=*p_conn_info;
+
+	assert(conn_info.blob->conv_manager.s.is_data_used(fd64));
+
+	u32_t conv_id=conn_info.blob->conv_manager.s.find_conv_by_data(fd64);
+
+	int fd=fd_manager.to_fd(fd64);
+
+	int recv_len=recv(fd,buf,max_data_len+1,0);
+
+	mylog(log_trace,"received a packet from udp_fd,len:%d\n",recv_len);
+
+	if(recv_len==max_data_len+1)
+	{
+		mylog(log_warn,"huge packet, data_len > %d,dropped\n",max_data_len);
+		return -1;
+	}
+
+	if(recv_len<0)
+	{
+		mylog(log_debug,"udp fd,recv_len<0 continue,%s\n",strerror(errno));
+		return -1;
+	}
+
+	if(recv_len>=mtu_warn)
+	{
+		mylog(log_warn,"huge packet,data len=%d (>=%d).strongly suggested to set a smaller mtu at upper level,to get rid of this warn\n ",recv_len,mtu_warn);
+	}
+
+	//conn_info.conv_manager->update_active_time(conv_id);  server dosnt update from upd side,only update from raw side.  (client updates at both side)
+
+	if(conn_info.state.server_current_state==server_ready)
+	{
+		send_data_safer(conn_info,buf,recv_len,conv_id);
+		//send_data(g_packet_info_send,buf,recv_len,my_id,oppsite_id,conv_id);
+		mylog(log_trace,"send_data_safer ,sent !!\n");
+	}
+
+
+	return 0;
+}
+
+
+int server_event_loop()
+{
+	char buf[buf_len];
+
+	int i, j, k;int ret;
+
+	if(raw_ip_version==AF_INET)
+	{
+		if(local_addr.inner.ipv4.sin_addr.s_addr!=0)
+		{
+			bind_addr_used=1;
+			bind_addr.v4=local_addr.inner.ipv4.sin_addr.s_addr;
+		}
+	}
+	else
+	{
+		assert(raw_ip_version==AF_INET6);
+		char zero_arr[16]={0};
+		if(memcmp(&local_addr.inner.ipv6.sin6_addr,zero_arr,16)!=0)
+		{
+			bind_addr_used=1;
+			bind_addr.v6=local_addr.inner.ipv6.sin6_addr;
+		}
+	}
+	//bind_address_uint32=local_ip_uint32;//only server has bind adress,client sets it to zero
+
+	if(lower_level)
+	{
+		if(lower_level_manual)
+		{
+			init_ifindex(if_name,raw_send_fd,ifindex);
+			mylog(log_info,"we are running at lower-level (manual) mode\n");
+		}
+		else
+		{
+			mylog(log_info,"we are running at lower-level (auto) mode\n");
+		}
+
+	}
+
+	 if(raw_mode==mode_faketcp)
+	 {
+		 bind_fd=socket(local_addr.get_type(),SOCK_STREAM,0);
+	 }
+	 else  if(raw_mode==mode_udp||raw_mode==mode_icmp)//bind an adress to avoid collision,for icmp,there is no port,just bind a udp port
+	 {
+		 bind_fd=socket(local_addr.get_type(),SOCK_DGRAM,0);
+	 }
+
+	 //struct sockaddr_in temp_bind_addr={0};
+    // bzero(&temp_bind_addr, sizeof(temp_bind_addr));
+
+     //temp_bind_addr.sin_family = AF_INET;
+     //temp_bind_addr.sin_port = local_addr.get_port();
+     //temp_bind_addr.sin_addr.s_addr = local_addr.inner.ipv4.sin_addr.s_addr;
+
+     if (bind(bind_fd, (struct sockaddr*)&local_addr.inner, local_addr.get_len()) !=0)
+     {
+    	 mylog(log_fatal,"bind fail\n");
+    	 myexit(-1);
+     }
+
+	 if(raw_mode==mode_faketcp)
+	 {
+
+		 if(listen(bind_fd, SOMAXCONN) != 0 )
+		 {
+			 mylog(log_fatal,"listen fail\n");
+			 myexit(-1);
+		 }
+	 }
+
+
+
+	//init_raw_socket();
+	init_filter(local_addr.get_port());//bpf filter
+
+	epollfd = epoll_create1(0);
+	const int max_events = 4096;
+
+	struct epoll_event ev, events[max_events];
+	if (epollfd < 0) {
+		mylog(log_fatal,"epoll return %d\n", epollfd);
+		myexit(-1);
+	}
+
+	ev.events = EPOLLIN;
+	ev.data.u64 = raw_recv_fd;
+
+	ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, raw_recv_fd, &ev);
+	if (ret!= 0) {
+		mylog(log_fatal,"add raw_fd error\n");
+		myexit(-1);
+	}
+	int timer_fd;
+
+	set_timer(epollfd,timer_fd);
+
+	u64_t begin_time=0;
+	u64_t end_time=0;
+
+	mylog(log_info,"now listening at %s\n",local_addr.get_str());
+
+	int fifo_fd=-1;
+
+	if(fifo_file[0]!=0)
+	{
+		fifo_fd=create_fifo(fifo_file);
+		ev.events = EPOLLIN;
+		ev.data.u64 = fifo_fd;
+
+		ret = epoll_ctl(epollfd, EPOLL_CTL_ADD, fifo_fd, &ev);
+		if (ret!= 0) {
+			mylog(log_fatal,"add fifo_fd to epoll error %s\n",strerror(errno));
+			myexit(-1);
+		}
+		mylog(log_info,"fifo_file=%s\n",fifo_file);
+	}
+
+
+	while(1)////////////////////////
+	{
+
+		if(about_to_exit) myexit(0);
+
+		int nfds = epoll_wait(epollfd, events, max_events, 180 * 1000);
+		if (nfds < 0) {  //allow zero
+			if(errno==EINTR  )
+			{
+				mylog(log_info,"epoll interrupted by signal,continue\n");
+				//myexit(0);
+			}
+			else
+			{
+				mylog(log_fatal,"epoll_wait return %d,%s\n", nfds,strerror(errno));
+				myexit(-1);
+			}
+		}
+		int idx;
+		for (idx = 0; idx < nfds; ++idx)
+		{
+			//mylog(log_debug,"ndfs:  %d \n",nfds);
+			epoll_trigger_counter++;
+			//printf("%d %d %d %d\n",timer_fd,raw_recv_fd,raw_send_fd,n);
+			if ((events[idx].data.u64 ) == (u64_t)timer_fd)
+			{
+				if(debug_flag)begin_time=get_current_time();
+				conn_manager.clear_inactive();
+				u64_t dummy;
+				int unused=read(timer_fd, &dummy, 8);
+				//current_time_rough=get_current_time();
+				if(debug_flag)
+				{
+					end_time=get_current_time();
+					mylog(log_debug,"timer_fd,%llu,%llu,%llu\n",begin_time,end_time,end_time-begin_time);
+				}
+
+				mylog(log_trace,"epoll_trigger_counter:  %d \n",epoll_trigger_counter);
+				epoll_trigger_counter=0;
+
+			}
+			else if (events[idx].data.u64 == (u64_t)raw_recv_fd)
+			{
+				if(debug_flag)begin_time=get_current_time();
+				server_on_raw_recv_multi();
+				if(debug_flag)
+				{
+					end_time=get_current_time();
+					mylog(log_debug,"raw_recv_fd,%llu,%llu,%llu  \n",begin_time,end_time,end_time-begin_time);
+				}
+			}
+			else if (events[idx].data.u64 == (u64_t)fifo_fd)
+			{
+				int len=read (fifo_fd, buf, sizeof (buf));
+				if(len<0)
+				{
+					mylog(log_warn,"fifo read failed len=%d,errno=%s\n",len,strerror(errno));
+					continue;
+				}
+				//assert(len>=0);
+				buf[len]=0;
+				while(len>=1&&buf[len-1]=='\n')
+					buf[len-1]=0;
+				mylog(log_info,"got data from fifo,len=%d,s=[%s]\n",len,buf);
+				mylog(log_info,"unknown command\n");
+			}
+			else if (events[idx].data.u64>u32_t(-1) )
+			{
+
+				fd64_t fd64=events[idx].data.u64;
+				if(!fd_manager.exist(fd64))
+				{
+					mylog(log_trace ,"fd64 no longer exist\n");
+					return -1;
+				}
+				assert(fd_manager.exist_info(fd64));
+				conn_info_t* p_conn_info=fd_manager.get_info(fd64).p_conn_info;
+				conn_info_t &conn_info=*p_conn_info;
+				if(fd64==conn_info.timer_fd64)//////////timer_fd64
+				{
+
+					if(debug_flag)begin_time=get_current_time();
+					int fd=fd_manager.to_fd(fd64);
+					u64_t dummy;
+					int unused=read(fd, &dummy, 8);
+					assert(conn_info.state.server_current_state == server_ready); //TODO remove this for peformance
+					server_on_timer_multi(conn_info);
+					if(debug_flag)
+					{
+						end_time=get_current_time();
+						mylog(log_debug,"(events[idx].data.u64 >>32u) == 2u ,%llu,%llu,%llu  \n",begin_time,end_time,end_time-begin_time);
+					}
+				}
+				else//udp_fd64
+				{
+					if(debug_flag)begin_time=get_current_time();
+					server_on_udp_recv(conn_info,fd64);
+					if(debug_flag)
+					{
+						end_time=get_current_time();
+						mylog(log_debug,"(events[idx].data.u64 >>32u) == 1u,%lld,%lld,%lld  \n",begin_time,end_time,end_time-begin_time);
+					}
+				}
+			}
+			else
+			{
+				mylog(log_fatal,"unknown fd,this should never happen\n");
+				myexit(-1);
+			}
+
+		}
+	}
+	return 0;
+}
+
+#endif
Author	SHA1	Message	Date
root	e8daf7c263	more fix of memory access	2020-07-26 19:07:17 +00:00
root	5f907e32d7	fix bad memorry access	2020-07-26 18:15:27 +00:00
wangyu	0e37c1fea4	fix macro in `5a51248cb0`	2020-07-15 19:32:14 -04:00
wangyu	606bbec351	add missed file	2020-07-15 17:23:17 -04:00
Kevin Darbyshire-Bryant	3fc23f5cf6	Fix devices and available typos Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>	2020-07-15 17:06:36 -04:00
Kevin Darbyshire-Bryant	f3c8f70f47	fix missing braces warning Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>	2020-07-15 17:02:21 -04:00
wangyu	6c27502757	unified makefile	2020-07-15 16:46:45 -04:00
wangyu	5a51248cb0	unify udpraw linux and mp branch	2020-07-15 15:29:32 -04:00
wangyu	79bb28fd12	introduce huge_buf_len and huge_data_len	2020-07-15 03:59:58 -04:00
wangyu	b3e06de4cb	do not drop truncated packet if fix_gro enabled	2020-07-15 02:59:42 -04:00
wangyu	b03ae53df6	update	2020-07-15 01:58:26 -04:00
wangyu	15c15d5bcb	aes128cfb_0	2020-07-15 01:37:47 -04:00
wangyu	2f0328a41a	update	2020-07-14 14:48:29 -04:00
wangyu	779ebdd37a	change gro scheme	2020-07-14 14:30:26 -04:00
wangyu	5340f0726e	fix last commit	2020-07-14 12:30:57 -04:00
wangyu	e95ee70351	sync `ca4a5d3`	2020-07-14 11:46:02 -04:00
root	5cc304a261	partically revert last change	2019-07-16 06:18:44 +00:00
wangyu	7636225414	update cfb	2019-07-16 00:47:36 -04:00
wangyu	f68c6e211d	update help page	2019-07-15 13:12:17 -04:00
wangyu	8c81f7673b	update --fix-gro	2019-07-15 13:00:16 -04:00
root	c1dfd4e928	--fix-gro works	2019-07-15 15:33:16 +00:00
wangyu	7e55b1e132	--fix-gro update	2019-07-15 10:49:54 -04:00
wangyu	ee787e0d4a	added --fix-gro	2019-07-15 08:36:06 -04:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	7d481d26b9	get_current_time_us() never goes back now	2019-05-02 05:39:39 +00:00
wangyu-	168ae1e2ae	Merge pull request #231 from king6cong/master fix typo	2018-12-06 23:33:00 +08:00
king6cong	6230569bbb	fix typo	2018-12-06 16:13:47 +08:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	238e85a5e4	fixed get_sock_error() format on windows	2018-11-13 06:40:58 -06:00
wangyu-	0137dba1fd	fix bug in random port bind	2018-11-13 02:37:45 -06:00
wangyu-	b6f76827b0	Merge pull request #221 from felixonmars/patch-1 Fix a typo in README	2018-11-13 16:31:03 +08:00
Felix Yan	66eb002528	Fix a typo in README	2018-11-10 17:13:38 +08:00
wangyu-	b1f0498472	fix typo	2018-09-30 09:52:45 +08:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	e5584c73be	turn down log level	2018-09-06 10:35:23 -05:00
$U-DESKTOP-T772REH\wangyu$ U-DESKTOP-T772REH\wangyu	c855a14ae8	bug fix	2018-09-06 10:35:23 -05:00
wangyu-	d77271540f	trival	2018-08-31 12:51:27 -05:00
wangyu-	6b8852f269	add warning	2018-08-31 12:45:30 -05:00
root	f0e36d7d7c	fixed a core	2018-08-31 17:10:46 +00:00
wangyu-	6153aca5d8	fix last commit	2018-08-29 20:02:42 -05:00
wangyu-	92fcdbb31a	reduce diff	2018-08-29 20:00:37 -05:00
wangyu-	c72480110f	reduce diff	2018-08-29 17:09:48 -05:00
wangyu-	8331610e7a	reduce diff	2018-08-29 16:48:45 -05:00
wangyu-	4a1e01c5a5	remove register var	2018-08-29 14:32:45 -05:00
wangyu-	6ccf6ce3dc	delete unused codes, reduce diff with non-mp version	2018-08-29 14:26:34 -05:00
wangyu-	a3535364fa	fixed fifo at client side	2018-08-29 12:29:41 -05:00
wangyu-	4e9000c6b5	sync easyfaketcp,fixed a bug in try_to_list_and_bind2	2018-08-29 12:19:09 -05:00
wangyu-	a4aba62656	sync easy-tcp and other options from mp version	2018-08-29 05:25:44 -05:00
wangyu-	7de2f800f9	server works again	2018-08-29 05:01:30 -05:00
wangyu-	233fab4fac	change client to libev, server doesnt work yet	2018-08-29 04:01:37 -05:00
wangyu-	6718627e9d	added libev files	2018-08-29 02:03:10 -05:00
wangyu-	b9d4264225	split main.cpp into client.cpp and server.cpp	2018-08-29 01:45:57 -05:00
wangyu-	0095f1da5c	fixed print of ip address	2018-08-18 12:55:02 -05:00
wangyu-	44fef508a1	supress warning	2018-08-09 02:40:59 -05:00
wangyu-	d6c0df17f5	fixed bug of server_clear_function called at client side	2018-08-03 16:16:53 -05:00
wangyu-	8ade602be1	use unrestricted union instead of struct	2018-07-28 03:42:00 -05:00
wangyu-	0980d89072	sync more updates from mp	2018-07-27 02:26:24 -05:00
wangyu-	278ade5d36	sync a few mp version update	2018-07-26 12:41:55 -05:00
wangyu-	10869eb197	changed to custom header definitons	2018-07-26 11:25:36 -05:00
wangyu-	1bc20c1cdb	changed a log level	2018-07-25 05:22:07 -05:00
wangyu-	4bb7367cfa	fix from_ip_port_new()	2018-07-25 05:16:15 -05:00
wangyu-	c0c9cc0411	Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel	2018-07-25 02:23:27 -05:00
wangyu-	b78dc6673f	fixed flowid and traffic class in ipv6 header	2018-07-25 02:23:04 -05:00
wangyu-	f52385ccd5	fix ipv6 header struct	2018-07-25 02:06:20 -05:00
wangyu-	7ad9a6987c	trival	2018-07-25 01:52:18 -05:00
wangyu-	184b198470	icmpv6 works	2018-07-24 08:33:42 -05:00
wangyu-	2dc0670266	added function from_addres_t()	2018-07-24 05:55:59 -05:00
wangyu-	6ccd056d41	ipv6 faketcp and udp works	2018-07-24 05:36:56 -05:00
wangyu-	73daa12db1	implement raw ipv6 recv, refactor peek_raw	2018-07-23 13:52:36 -05:00
wangyu-	80d21e56c7	added send_raw_packet() and recv_raw_packet()	2018-07-23 09:50:21 -05:00
wangyu-	b0d96a3c47	Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel	2018-07-22 08:59:26 -05:00
wangyu-	0682757631	changed src_ip and dst_ip in conn_info to new data structure	2018-07-22 08:59:09 -05:00
wangyu-	52d540df90	use csum_with_header in recv_raw_udp	2018-07-22 03:23:53 -05:00
wangyu-	256d1eee69	change IPPROTO_TCP to IPPROTO_RAW for raw socket,deleted IP_HDRINCL code	2018-07-21 14:26:07 -05:00
wangyu-	9e9ad56890	avoid MSG_PEEK	2018-07-21 14:23:13 -05:00
wangyu-	1e98ae10c2	trival	2018-07-21 07:45:10 -05:00
wangyu-	fabe2b3558	changed hmac_sha1 keylen to 20, implemented cfb for aesacc	2018-07-21 03:19:59 -05:00
wangyu-	565034dbae	add aes128cfb, delete unused files	2018-07-21 02:06:15 -05:00
wangyu-	a7849b3634	revert lru of conn_manager	2018-07-20 12:44:41 -05:00
wangyu-	3a372b9eee	fix a dead loop, moved some code blocks	2018-07-20 11:54:57 -05:00
wangyu-	2e8294ab88	simplify csum, added tcp option parser	2018-07-20 09:29:10 -05:00
wangyu-	30eb96608d	ipv6 for non-raw end works	2018-07-20 04:35:25 -05:00
wangyu-	822a807e58	moved some code blocks	2018-07-20 03:46:14 -05:00
wangyu-	f90d1abe05	change ip_port to address_t in conn_manager	2018-07-20 03:44:53 -05:00
wangyu-	2f59ce490e	Update README.md	2018-07-20 14:45:53 +08:00
wangyu-	4cb60d5997	Update README.zh-cn.md	2018-07-20 14:43:28 +08:00
wangyu-	1155f0547f	Update README.zh-cn.md	2018-07-20 14:42:03 +08:00
wangyu-	cac9c56afb	Update README.md	2018-07-20 14:35:22 +08:00
wangyu-	f050946ac5	conv_manager_t<address_t> works	2018-07-19 05:32:25 -05:00
wangyu-	2f0c02def2	fix port number bug	2018-07-19 04:16:57 -05:00
wangyu-	c71d256006	added lru collector	2018-07-19 03:18:07 -05:00
wangyu-	946b615acf	conv_manager_t changed to template	2018-07-19 01:23:25 -05:00
wangyu-	fef76af3a5	add option --dev to bind to a specific interface	2018-07-18 02:02:30 -05:00
wangyu-	736c3f46b6	address_t now works	2018-07-17 11:33:02 -05:00
wangyu-	bec9c95999	ipv6 prepare	2018-07-17 02:31:14 -05:00
wangyu-	16de522196	trival	2018-06-24 08:29:12 -05:00
wangyu-	232ec4f339	trival	2018-06-24 08:22:26 -05:00
wangyu-	d3cbbe8085	implement hkdf	2018-06-24 07:58:19 -05:00
wangyu-	e51c236c20	update TODOs	2018-06-23 20:29:27 -05:00
wangyu-	876649fd74	Merge branch 'master' of https://github.com/wangyu-/udp2raw-tunnel	2018-06-23 20:00:20 -05:00
wangyu-	8a6f89be88	add missing files	2018-06-23 20:00:03 -05:00
wangyu-	45fca0bbfe	Update README.zh-cn.md	2018-06-24 06:37:02 +08:00
wangyu-	cd92410cfe	supress compile warning	2018-06-23 17:21:39 -05:00
wangyu-	04eec19ab2	derive 32bytes key for future use	2018-06-23 16:56:20 -05:00
wangyu-	423157dbba	derive different key for different directions	2018-06-23 16:19:15 -05:00
wangyu-	94e12e6cf5	change print_binary_chars to log_debug	2018-06-22 22:28:19 -05:00
wangyu-	61512a15ec	changed kdf	2018-06-22 22:20:48 -05:00
wangyu-	65943053ff	update readme and --help	2018-06-22 13:36:09 -05:00
wangyu-	52a911b109	add hmac-sha1	2018-06-22 13:22:26 -05:00
wangyu-	3ab2543715	Update README.zh-cn.md	2018-06-21 01:51:53 +08:00
wangyu-	b9d0375a72	Update README.zh-cn.md	2018-06-21 01:50:29 +08:00
wangyu-	0fc24b6233	Update README.md	2018-06-21 01:48:32 +08:00
root	4463e21d9e	fixed a log	2018-06-20 15:13:03 +00:00