mirror of
https://github.com/wangyu-/udp2raw.git
synced 2025-10-15 18:35:35 +08:00
Compare commits
10 Commits
revert-455
...
unified
| Author | SHA1 | Date | |
|---|---|---|---|
|
4208db6e27 | ||
|
|
513343e262 | ||
|
4623f878e0 | ||
|
|
e42f0e5732 | ||
|
f49e6adedf | ||
|
|
d1a9bcc4fb | ||
|
|
bc8bd8c2f8 | ||
|
ca16c3a5e6 | ||
|
|
7abe19c7d9 | ||
|
|
ec416515f3 |
13
Dockerfile
13
Dockerfile
@@ -1,13 +0,0 @@
|
||||
FROM alpine:3.6 as builder
|
||||
|
||||
WORKDIR /
|
||||
|
||||
RUN apk add --no-cache git build-base linux-headers && \
|
||||
git clone https://github.com/wangyu-/udp2raw-tunnel.git && \
|
||||
cd udp2raw-tunnel && \
|
||||
make dynamic
|
||||
|
||||
FROM alpine:3.6
|
||||
RUN apk add --no-cache libstdc++ iptables
|
||||
COPY --from=builder /udp2raw-tunnel/udp2raw_dynamic /bin/
|
||||
ENTRYPOINT [ "/bin/udp2raw_dynamic" ]
|
||||
18
README.md
18
README.md
@@ -81,7 +81,7 @@ Assume your UDP is blocked or being QOS-ed or just poorly supported. Assume your
|
||||
Now,an encrypted raw tunnel has been established between client and server through TCP port 4096. Connecting to UDP port 3333 at the client side is equivalent to connecting to port 7777 at the server side. No UDP traffic will be exposed.
|
||||
|
||||
### Note
|
||||
To run on Android, check [Android_Guide](/doc/android_guide.md)
|
||||
To run on Android, check [Android_Guide](https://github.com/wangyu-/udp2raw/wiki/Android-Guide)
|
||||
|
||||
`-a` option automatically adds an iptables rule (or a few iptables rules) for you, udp2raw relies on this iptables rule to work stably. Be aware you dont forget `-a` (its a common mistake). If you dont want udp2raw to add iptables rule automatically, you can add it manually(take a look at `-g` option) and omit `-a`.
|
||||
|
||||
@@ -90,7 +90,7 @@ To run on Android, check [Android_Guide](/doc/android_guide.md)
|
||||
### Usage
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -98,14 +98,16 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> avaliable values:faketcp(default),udp,icmp
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> avaliable values:aes128cbc(default),xor,none
|
||||
--auth-mode <string> avaliable values:hmac_sha1,md5(default),crc32,simple,none
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -121,6 +123,7 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -133,11 +136,14 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### Iptables rules,`-a` and `-g`
|
||||
|
||||
@@ -435,7 +435,7 @@ int send_safer(conn_info_t &conn_info, char type, const char *data, int len) //
|
||||
if (cipher_mode == cipher_xor) {
|
||||
send_data_buf2[0] ^= gro_xor[0];
|
||||
send_data_buf2[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
aes_ecb_encrypt1(send_data_buf2);
|
||||
}
|
||||
}
|
||||
@@ -586,7 +586,7 @@ int recv_safer_multi(conn_info_t &conn_info, vector<char> &type_arr, vector<stri
|
||||
if (cipher_mode == cipher_xor) {
|
||||
recv_data[0] ^= gro_xor[0];
|
||||
recv_data[1] ^= gro_xor[1];
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cbc) {
|
||||
} else if (cipher_mode == cipher_aes128cbc || cipher_mode == cipher_aes128cfb) {
|
||||
aes_ecb_decrypt1(recv_data);
|
||||
}
|
||||
single_len = read_u16(recv_data);
|
||||
|
||||
@@ -103,7 +103,7 @@ https://github.com/wangyu-/udp2raw-tunnel/releases
|
||||
### 命令选项
|
||||
```
|
||||
udp2raw-tunnel
|
||||
git version:6e1df4b39f build date:Oct 24 2017 09:21:15
|
||||
git version:4623f878e0 build date:Nov 3 2024 23:15:46
|
||||
repository: https://github.com/wangyu-/udp2raw-tunnel
|
||||
|
||||
usage:
|
||||
@@ -111,14 +111,16 @@ usage:
|
||||
run as server : ./this_program -s -l server_listen_ip:server_port -r remote_address:remote_port [options]
|
||||
|
||||
common options,these options must be same on both side:
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp
|
||||
--raw-mode <string> available values:faketcp(default),udp,icmp and easy-faketcp
|
||||
-k,--key <string> password to gen symetric key,default:"secret key"
|
||||
--cipher-mode <string> available values:aes128cbc(default),xor,none
|
||||
--cipher-mode <string> available values:aes128cfb,aes128cbc(default),xor,none
|
||||
--auth-mode <string> available values:hmac_sha1,md5(default),crc32,simple,none
|
||||
-a,--auto-rule auto add (and delete) iptables rule
|
||||
-g,--gen-rule generate iptables rule then exit,so that you can copy and
|
||||
add it manually.overrides -a
|
||||
--disable-anti-replay disable anti-replay,not suggested
|
||||
--fix-gro try to fix huge packet caused by GRO. this option is at an early stage.
|
||||
make sure client and server are at same version.
|
||||
client options:
|
||||
--source-ip <ip> force source-ip for raw socket
|
||||
--source-port <port> force source-port for raw socket,tcp/udp only
|
||||
@@ -134,6 +136,7 @@ other options:
|
||||
--disable-color disable log color
|
||||
--disable-bpf disable the kernel space filter,most time its not necessary
|
||||
unless you suspect there is a bug
|
||||
--dev <string> bind raw socket to a device, not necessary but improves performance
|
||||
--sock-buf <number> buf size for socket,>=10 and <=10240,unit:kbyte,default:1024
|
||||
--force-sock-buf bypass system limitation while setting sock-buf
|
||||
--seq-mode <number> seq increase mode for faketcp:
|
||||
@@ -146,11 +149,14 @@ other options:
|
||||
--lower-level <string> send packets at OSI level 2, format:'if_name#dest_mac_adress'
|
||||
ie:'eth0#00:23:45:67:89:b9'.or try '--lower-level auto' to obtain
|
||||
the parameter automatically,specify it manually if 'auto' failed
|
||||
--wait-lock wait for xtables lock while invoking iptables, need iptables v1.4.20+
|
||||
--gen-add generate iptables rule and add it permanently,then exit.overrides -g
|
||||
--keep-rule monitor iptables and auto re-add if necessary.implys -a
|
||||
--hb-len <number> length of heart-beat packet, >=0 and <=1500
|
||||
--mtu-warn <number> mtu warning threshold, unit:byte, default:1375
|
||||
--clear clear any iptables rules added by this program.overrides everything
|
||||
--retry-on-error retry on error, allow to start udp2raw before network is initialized
|
||||
-h,--help print this help message
|
||||
|
||||
```
|
||||
|
||||
### iptables 规则,`-a`和`-g`
|
||||
@@ -269,3 +275,4 @@ raw_mode: faketcp cipher_mode: aes128cbc auth_mode: md5
|
||||
|
||||
https://github.com/wangyu-/udp2raw-tunnel/wiki
|
||||
|
||||
|
||||
|
||||
2
makefile
2
makefile
@@ -103,7 +103,7 @@ linux:git_version
|
||||
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 ${MP}
|
||||
|
||||
freebsd:git_version
|
||||
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -O2 ${MP}
|
||||
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -lrt -ggdb -static -libverbs -O2 ${MP}
|
||||
|
||||
mac:git_version
|
||||
${cc_local} -o ${NAME}_$@ -I. ${SOURCES} ${PCAP} ${FLAGS} -ggdb -O2 ${MP}
|
||||
|
||||
@@ -702,7 +702,7 @@ void init_filter(int port) {
|
||||
}
|
||||
}
|
||||
|
||||
int dummy;
|
||||
int dummy=0;
|
||||
|
||||
int ret = setsockopt(raw_recv_fd, SOL_SOCKET, SO_DETACH_FILTER, &dummy, sizeof(dummy)); // in case i forgot to remove
|
||||
if (ret != 0) {
|
||||
@@ -841,7 +841,7 @@ void init_filter(int port) {
|
||||
void remove_filter() {
|
||||
filter_port = 0;
|
||||
#ifdef UDP2RAW_LINUX
|
||||
int dummy;
|
||||
int dummy=0;
|
||||
int ret = setsockopt(raw_recv_fd, SOL_SOCKET, SO_DETACH_FILTER, &dummy, sizeof(dummy));
|
||||
if (ret != 0) {
|
||||
mylog(log_debug, "error remove fiter\n");
|
||||
|
||||
Reference in New Issue
Block a user